# Win32/Mebroot Trojan detected via ESET, cannot remove! HELP!



## Robocho (Jul 21, 2010)

Hey all,

I have the exact same symptoms as this post http://forums.techguy.org/virus-oth...101-nod32-detected-mebroot-trojan-memory.html

The volume thing, clicking, and IExplore. ESET picked up the rootkit trojan but couldn't remove it.

Before I follow all the steps there, I'll post my first 3 logs in case there are any discrepencies. Can someone guide me as to what I should do to remove this pesky trojan? Thanks.

Below will be my HJT log, DDS, and GMER, and HA logs. (Note: GMER gave me a BSOD and the system shut down to prevent damage. Had to run it in safe mode).

HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:58:59 PM, on 21/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\OEM13Mon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\Documents and Settings\Bilal Khan\Application Data\Dropbox\bin\Dropbox.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Bilal Khan\My Documents\Downloads\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB001" /M "Stylus C86"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [NodEnabler] ObsoleteNodEnabler\NodEnabler.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-854245398-688789844-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Bilal Khan\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230796993109
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 18526 bytes

DDS:

DDS (Ver_10-03-17.01) - NTFSx86 
Run by Bilal Khan at 9:09:06.67 on 21/07/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.1729 [GMT -4:00]

AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
svchost.exe 4
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
svchost.exe 4
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\OEM13Mon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\Documents and Settings\Bilal Khan\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Desktop\dds (1).scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = www.google.ca
uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSof1.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSof1.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSof1.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Google Update] "c:\documents and settings\bilal khan\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [EPSON Stylus C86 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2R1.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB001" /M "Stylus C86"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>] 
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [NodEnabler] ObsoleteNodEnabler\NodEnabler.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\bilalk~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\bilal khan\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230796993109
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: acaptuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bilalk~1\applic~1\mozilla\firefox\profiles\x3f1sgpb.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15187&l=dis
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

==================== Find3M ====================

2009-04-04 03:07:32	76	--sh--r-	c:\windows\CT4CET.bin

============= FINISH: 9:11:19.35 ===============

GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-21 13:38:06
Windows 5.1.2600 Service Pack 3
Running: fwvzet78.exe; Driver: C:\DOCUME~1\BILALK~1\LOCALS~1\Temp\pxtdqpoc.sys

---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xF74ED0D0]
SSDT sptd.sys ZwEnumerateKey [0xF74F2FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF74F3340]
SSDT sptd.sys ZwOpenKey [0xF74ED0B0]
SSDT sptd.sys ZwQueryKey [0xF74F3418]
SSDT sptd.sys ZwQueryValueKey [0xF74F3298]
SSDT sptd.sys ZwSetValueKey [0xF74F34AA]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload BA52C8AC 5 Bytes JMP 8AEDB1C8 
? System32\Drivers\af3xuk7t.SYS The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[708] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0099000A 
.text C:\WINDOWS\system32\svchost.exe[708] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009A000A 
.text C:\WINDOWS\system32\svchost.exe[708] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0098000C 
.text C:\WINDOWS\system32\svchost.exe[708] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 009E000A 
.text C:\WINDOWS\Explorer.EXE[1128] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A 
.text C:\WINDOWS\Explorer.EXE[1128] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C5000A 
.text C:\WINDOWS\Explorer.EXE[1128] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AEDA1E8

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 8A381658
Device \Driver\usbuhci \Device\USBPDO-1 8A381658
Device \Driver\usbehci \Device\USBPDO-2 8A35A790
Device \Driver\usbuhci \Device\USBPDO-3 8A381658
Device \Driver\usbuhci \Device\USBPDO-4 8A381658
Device \Driver\usbehci \Device\USBPDO-5 8A35A790
Device \Driver\usbuhci \Device\USBPDO-6 8A381658
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AE6D1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AE6D1E8
Device \Driver\Cdrom \Device\CdRom0 8A34E790
Device \Driver\Ftdisk \Device\HarddiskVolume3 8AE6D1E8
Device \Driver\Cdrom \Device\CdRom1 8A34E790
Device \Driver\iastor \Device\Ide\iaStor0 8AEDC1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\PCI_NTPNP3170 \Device\00000066 sptd.sys
Device \Driver\PCI_NTPNP3170 \Device\00000066 sptd.sys
Device \Driver\usbuhci \Device\USBFDO-0 8A381658
Device \Driver\usbuhci \Device\USBFDO-1 8A381658
Device \Driver\usbehci \Device\USBFDO-2 8A35A790
Device \Driver\usbuhci \Device\USBFDO-3  8A381658
Device \Driver\usbuhci \Device\USBFDO-4 8A381658
Device \Driver\Ftdisk \Device\FtControl 8AE6D1E8
Device \Driver\usbuhci \Device\USBFDO-5 8A381658
Device \Driver\usbehci \Device\USBFDO-6 8A35A790
Device \Driver\af3xuk7t \Device\Scsi\af3xuk7t1 8A2EC790
Device \Driver\af3xuk7t \Device\Scsi\af3xuk7t1Port3Path0Target0Lun0 8A2EC790
Device \FileSystem\Fastfat \Fat 8A12F1E8
Device \FileSystem\Fastfat \Fat B97E4297

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8A14A1E8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xD1 0xEC 0xB2 0xB5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x77 0x83 0x14 0x54 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0xEB 0x98 0x9B 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)  
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0xD1 0xEC 0xB2 0xB5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x77 0x83 0x14 0x54 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0xEB 0x98 0x9B 0x00 ...

---- EOF - GMER 1.0.15 ----

HALOG:
C:\Documents and Settings\Bilal Khan\My Documents\Downloads\HAMeb_check.exe
21/07/2010 at 13:57:39.62

Account active No
Local Group Memberships

~~ Checking profile list ~~

S-1-5-21-854245398-688789844-725345543-1000
%SystemDrive%\Documents and Settings\BILAL\HelpAssistant

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR 
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AE70EC5]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\iaStor -> 0x8b01f1e8
Warning: possible MBR rootkit infection !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll	REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

~~ EOF ~~

Thanks in advance.


----------



## RPMcMurphy (Apr 27, 2010)

Hello Robocho and welcome to TSG. Please follow these guidelines while we work on your PC:


Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I've given you the "All clear." Absence of symptoms does not mean your machine is clean!
Please do not run any scans or install/uninstall any applications without being directed to do so.
Please follow my instructions carefully and in the order they are posted.
Any underlined text in my posts indicates a clickable link.
You should print any instructions I give you for ease of use and reference.
If you have any questions at all, please stop and ask before proceeding.








Please download MBRCheck.exe to your desktop.


Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window similar to this should open on your desktop:









if an unknown bootcode is found you will have further options available to you, at this time press *N* then press *Enter* twice.
If nothing unusual is found just press *Enter*
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your deskop. Please post the contents of that file.

*Please include the following in your next post:


MBRCheck log
The Attach.txt log from DDS
*


----------



## Robocho (Jul 21, 2010)

Also, my apologies for jumping the gun and following the other topic - I am 100% sure I had the same infection and had a presentation, needing the use of my laptop quite badly! Hopefully I did not mess anything up.


----------



## Robocho (Jul 21, 2010)

Hi Murphy,

I cannot download MBRCheck - the site is temporarily down according to the home page.

In the meantime, I ran through what you did for Noam but with modifications to some steps which I didn't need.

First, I ran Defogger. No problem.

Second, I ran Rootkit Unhooker - I attached the log file (note, I didn't check files as I was on a time constraint)

Third, Bootkit Remover:

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: b19ee33a0168d5f0bb9afbe12e2bc035
\\.\E: -> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Press any key to quit...

Fourth, I ran Combofix. As it was scanning, it said it found rootkit trojan and had to restart. Upon restart it scanned and the log is attached (too long)

Fifth, I restarted into Windows Recovery Console and rand the command FixMBR. Restarted and I got this from Bootkit Remover:

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: 6def5ffcbcdbdb4082f1015625e597bd
\\.\E: -> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Press any key to quit...

Seems ok. At this point, I ran both the online ESET Scanner and MBAM.

MBAM found 0 infection (quick scan)

ESET found 2 things:

C:\System Volume Information\_restore{0862536C-A03A-4C9B-8BA5-9CB3D4EE5BAB}\RP465\A0148868.dll	probably a variant of Win32/IRCBot trojan
C:\System Volume Information\_restore{0862536C-A03A-4C9B-8BA5-9CB3D4EE5BAB}\RP465\A0151981.sys	Win32/Olmarik.ZC trojan

At this point, I was going to run MBRCheck but I can't atm. In the time being, I will do a full system scan with my actual version of NOD32. Right now it SEEMS as my system is fine, but I haven't been fully aware of what is going on.

Is there anything else I should do and/or something that strikes you as odd from my logs? Do you also have an alternate source for MBRCheck.exe?

Thank you.


----------



## RPMcMurphy (Apr 27, 2010)

Hi,

First, and most important, for the sake of your computer stop running tools on your own immediately! I can appreciate your wish to get cleaned up ASAP, but you have a rootkit *and* MBR infection. If we don't do this right you could lose all your data. I'll be around most of the night - if everything goes well we might be able to wrap this up.

Here is a different link for MBRCheck, please try again using this:
http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe


----------



## Robocho (Jul 21, 2010)

Ran MBRCheck:


MBRCheck, version 1.1.1
(c) 2010, AD

\\.\C: --> \\.\PhysicalDrive0
\\.\E: --> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected


Done! Press ENTER to exit...


----------



## RPMcMurphy (Apr 27, 2010)

Looks like you're all set.








Uninstall ComboFix


 Press the *Windows key + R* on your keyboard or click *Start -> Run*. Copy and past the following text into the run box that opens and press *OK*:
*Combofix /Uninstall*










Everything else can be manually deleted.


----------



## Robocho (Jul 21, 2010)

Thanks Murphy - your posts were a lifesaver!


----------



## Robocho (Jul 21, 2010)

Hi Murphy,

So everything has been fine but the trojan has come back again. What do you need from me... apparently it wasn't fully cleaned. I won't do anything now until you tell me too.


----------



## Robocho (Jul 21, 2010)

Ok so quick summary before I post the logs. The trojan or whatever is in my system has gotten worse. The system will boot normally but after more startup items load, the computer essentially becomes unresponsive (i believe explorer.exe freezes and won't auto-end, making my computer essentially useless until I restart). I ended up going to recovery console to do a temp fix by FIXMBR but that didn't work. Apologize for doing it but I've got data related to work that needs to get out of this comp. Unfortunately this didn't work. I'm in safe mode with networking right now.

I also received a BSOD when running GMER rootkit It said STOP: c000021a (Fatal System Error). error code was 0xc0000005 (0x00000000 0x00000000)

Here are the logs.

*DDS:*

DDS (Ver_10-03-17.01) - NTFSx86 
Run by Bilal Khan at 23:08:25.10 on 27/07/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.1423 [GMT -4:00]

AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
svchost.exe 4
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe 4
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\OEM13Mon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\Documents and Settings\Bilal Khan\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Desktop\dds (1).scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = www.google.ca
uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSof1.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSof1.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSof1.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Google Update] "c:\documents and settings\bilal khan\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [EPSON Stylus C86 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2R1.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB001" /M "Stylus C86"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\bilalk~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\bilal khan\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230796993109
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: c:\windows\system32\acaptuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli psqlpwd
Hosts: 127.0.0.1	www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bilalk~1\applic~1\mozilla\firefox\profiles\x3f1sgpb.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15187&l=dis
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

==================== Find3M ====================

2009-04-04 03:07:32	76	--sh--r-	c:\windows\CT4CET.bin

============= FINISH: 23:09:49.78 ===============

*GMER*

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-27 23:56:30
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\BILALK~1\LOCALS~1\Temp\pxtdqpoc.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

Device \FileSystem\Fastfat \Fat B9351D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xD1 0xEC 0xB2 0xB5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x77 0x83 0x14 0x54 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0xEB 0x98 0x9B 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0xD1 0xEC 0xB2 0xB5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x77 0x83 0x14 0x54 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0xEB 0x98 0x9B 0x00 ...

---- EOF - GMER 1.0.15 ----

*HALog*

C:\Documents and Settings\Bilal Khan\My Documents\Downloads\HAMeb_check.exe
27/07/2010 at 23:56:57.93

Account active No
Local Group Memberships

~~ Checking profile list ~~

S-1-5-21-854245398-688789844-725345543-1000
%SystemDrive%\Documents and Settings\BILAL\HelpAssistant

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR 
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys 
kernel: MBR read successfully

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll	REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

~~ EOF ~~

*Remover (pre Recovery Console)*

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: f4dc5e7335d070be30a5f648be6852ce
\\.\E: -> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Press any key to quit...


----------



## Robocho (Jul 21, 2010)

Hi,

So under safe mode I ran msconfig and disabled a couple of things from starting up. I disabled MBAM, SuperAntiSpyware, some dell webcam utilities, windows live messenger, java auto-update, and some blackberry related startups. Now I can start up fine in normal mode (not sure if it is related or not).

Anywho, I ran rootkit unhooker and here is the scan; it's attached in a txt file labelled Report_New.txt


----------



## RPMcMurphy (Apr 27, 2010)

Good Morning,

I'll help you out again with this *only* if you are willing to follow instructions and not meddle with it on your own. You are putting the very data that is so critical to you that you couldn't wait for instructions at risk by following other users instructions and running advanced tools and procedures on your own. If it happens again, I'll have the thread closed immediatley. You have an infection that is targeting your Master Boot Record, so it would be a good idea to back up that critical data before we start.

If you are agreeable to these conditions, here are your first instructions (please download a new copy of these if you already have them - our tools update constantly):








Please download DDS by sUBs from one of the following links and save it to your desktop.



*DDS.scr*
*DDS.pif*

Disable any script blocking protection (How to Disable your Security Programs)
Double click *DDS* icon to run the tool (may take up to 3 minutes to run)
When done, DDS.txt will open.
After a few moments, attach.txt will open in a second window.
Save both reports to your desktop.
---------------------------------------------------

_*Post*_ the contents of the *DDS.txt* report in your next reply
*Attach* the _*Attach.txt*_ report to your post by scroling down to the *Attachments* area and then clicking *Browse*. Browse to where you saved the file, and click *Open* and then click *UPLOAD*.








Please download MBRCheck.exe to your desktop.


Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
if an unknown bootcode is found you will have further options available to you, at this time press *N* then press *Enter* twice.
If nothing unusual is found just press *Enter*
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your deskop. Please post the contents of that file.

*Please include the following in your next post:


DDS and Attach.txt logs
MBRCheck log
*


----------



## Robocho (Jul 21, 2010)

Hi Murphy,

Yes I agree. I've taken the critical data + info I need off this laptop and have a replacement comp to use for awhile. Please note that my MBR now says it detected Windows XP, but before I FIXMBR it said unknown MBR. I'll post the DDS and MBRCheck log now. The logs I posted last night (the DDS, remover, and hameb) were before I did FIXMBR. The logs I am posting right now are afterwards and taken right now.

*DDS*

DDS (Ver_10-03-17.01) - NTFSx86 
Run by Bilal Khan at 13:55:15.54 on 28/07/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.1681 [GMT -4:00]

AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\Bilal Khan\Desktop\dds (1).scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = www.google.ca
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230796993109
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: c:\windows\system32\acaptuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli psqlpwd
Hosts: 127.0.0.1	www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bilalk~1\applic~1\mozilla\firefox\profiles\x3f1sgpb.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15187&l=dis
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

==================== Find3M ====================

2009-04-04 03:07:32	76	--sh--r-	c:\windows\CT4CET.bin

============= FINISH: 13:56:13.43 ===============

*MBRCheck*

MBRCheck, version 1.1.1

(c) 2010, AD

\\.\C: --> \\.\PhysicalDrive0

\\.\E: --> \\.\PhysicalDrive0

Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Windows XP MBR code detected

Done! Press ENTER to exit...


----------



## RPMcMurphy (Apr 27, 2010)

I'm going to need anyother set of logs from a different tool. DDS isn't running correctly on your machine for some reason; please run this for me:








Download *OTL* to your desktop.


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Under the Custom Scan box paste this in:*
netsvcs
%systemroot%\system32\drivers\*.sys /90
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT*

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and paste them into your next post.

*Please include the following in your next post:


OTL.txt and Extras.txt logs
*


----------



## Robocho (Jul 21, 2010)

Here you go.

*OTL*

OTL logfile created on: 28/07/2010 5:21:03 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Bilal Khan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.89 Gb Total Space | 9.68 Gb Free Space | 11.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 61.08 Gb Total Space | 6.25 Gb Free Space | 10.23% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BILAL
Current User Name: Bilal Khan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bilal Khan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\MobileMeServices.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
PRC - C:\Program Files\Protector Suite QL\psqltray.exe (UPEK Inc.)
PRC - C:\Program Files\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Bilal Khan\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()
MOD - C:\Program Files\PharosSystems\Core\PRNTRACK.DLL (Pharos Systems International)
MOD - C:\WINDOWS\system32\MadCHook.dll (www.madshi.net)

========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (o2flash) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (Pharos Systems ComTaskMaster) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)
SRV - (dlcc_device) -- C:\WINDOWS\System32\dlcccoms.exe ()
SRV - (HF30Service) -- C:\Program Files\Everstrike Software\Hide Folder 3.1\HF30Service.exe ()

========== Driver Services (SafeList) ==========

DRV - (OMCI) -- C:\WINDOWS\System32\DRIVERS\OMCI.SYS File not found
DRV - (dsNcAdpt) -- C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys File not found
DRV - (catchme) -- C:\DOCUME~1\BILALK~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (epfwtdi) -- C:\WINDOWS\system32\drivers\epfwtdi.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (epfw) -- C:\WINDOWS\system32\drivers\epfw.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (Epfwndis) -- C:\WINDOWS\system32\drivers\epfwndis.sys (ESET)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (truecrypt) -- C:\WINDOWS\system32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (FLE5WNNT) -- C:\WINDOWS\system32\drivers\fle5wnnt.sys (Data Encryption Systems Limited)
DRV - (FLSVCOM) -- C:\WINDOWS\system32\drivers\flsvcom.sys (Data Encryption Systems Limited)
DRV - (FLSPAR) -- C:\WINDOWS\system32\drivers\flspar.sys (Data Encryption Systems Limited)
DRV - (FLSIFACE) -- C:\WINDOWS\system32\drivers\flsiface.sys (Data Encryption Systems Limited)
DRV - (FLSSER) -- C:\WINDOWS\system32\drivers\flsser.sys (Data Encryption Systems Limited)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.)
DRV - (adfs) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (OEM13Vid) -- C:\WINDOWS\system32\drivers\OEM13Vid.sys (Creative Technology Ltd.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (O2MDRDR) -- C:\WINDOWS\system32\drivers\o2media.sys (O2Micro )
DRV - (O2SDRDR) -- C:\WINDOWS\system32\drivers\o2sd.sys (O2Micro )
DRV - (tapvpn) -- C:\WINDOWS\system32\drivers\tapvpn.sys (The OpenVPN Project)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corp.)
DRV - (iastor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (OEM13Afx) -- C:\WINDOWS\system32\drivers\OEM13Afx.sys (Creative Technology Ltd.)
DRV - (OEM13Vfx) -- C:\WINDOWS\system32\drivers\OEM13Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (Nokia USB Phone Parent) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
DRV - (Nokia USB Port) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia)
DRV - (Nokia USB Modem) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
DRV - (Nokia USB Generic) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (HF30Sys) -- C:\Program Files\Everstrike Software\Hide Folder 3.1\HF30XP.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ask.com?o=15187&l=dis"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.10
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {991A772A-BA13-4c1d-A9EF-F897F31DEC7D}:3.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.5.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..keyword.URL: "http://ca.search.yahoo.com/search?ei=utf-8&fr=megaup&p="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/28 00:37:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/28 00:37:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/07/21 02:35:41 | 000,000,000 | ---D | M]

[2009/09/11 21:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Extensions
[2009/09/11 21:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Extensions\[email protected]
[2010/07/25 14:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Firefox\Profiles\x3f1sgpb.default\extensions
[2010/01/24 20:27:55 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Firefox\Profiles\x3f1sgpb.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/10/20 15:58:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Firefox\Profiles\x3f1sgpb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/10 01:33:25 | 000,000,000 | ---D | M] (Softonic-Eng7 Toolbar) -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Firefox\Profiles\x3f1sgpb.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2009/01/02 02:39:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Firefox\Profiles\x3f1sgpb.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2010/01/24 20:26:57 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Firefox\Profiles\x3f1sgpb.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/01/24 20:27:04 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Firefox\Profiles\x3f1sgpb.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/24 20:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Firefox\Profiles\x3f1sgpb.default\extensions\[email protected]
[2010/05/26 15:18:50 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Firefox\Profiles\x3f1sgpb.default\searchplugins\askcom.xml
[2010/07/25 14:37:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2008/06/30 23:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2009/08/24 15:10:36 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/08/24 15:10:36 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/08/24 15:10:36 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/08/24 15:10:36 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/07/22 23:48:15 | 000,413,985 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 14321 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.com/srl_bin/sysreqlab_ind.cab (System Requirements Lab Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230796993109 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\acaptuser32.dll) - C:\WINDOWS\system32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/01 02:25:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 90 Days ==========

[2010/07/28 17:19:54 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bilal Khan\Desktop\OTL.exe
[2010/07/27 13:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDubMod
[2010/07/23 02:30:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/21 23:13:51 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/07/21 19:36:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/21 19:36:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/21 19:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/21 15:29:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/21 15:21:42 | 000,499,712 | ---- | C] (eSage Lab) -- C:\Documents and Settings\Bilal Khan\Desktop\remover.exe
[2010/07/21 09:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Desktop\HELP
[2010/07/21 02:16:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/21 02:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/21 02:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\UlisesSoft
[2010/07/21 02:00:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/20 21:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/20 21:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/20 16:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/20 16:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/20 16:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Application Data\37A82797032C8C19904CEB823E7D6F16
[2010/07/15 16:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Desktop\Job Search
[2010/07/14 00:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Temp
[2010/07/13 12:21:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/13 12:21:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Application Data\SUPERAntiSpyware.com
[2010/07/13 12:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/13 00:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Conduit
[2010/07/12 19:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/12 19:15:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/12 19:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\HPAppData
[2010/07/12 19:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AskToolbar
[2010/07/12 19:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Softonic-Eng7
[2010/07/12 00:37:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\My Documents\Launch
[2010/07/08 02:54:58 | 000,000,000 | ---D | C] -- C:\Spartacus Blood and Sand Season 1
[2010/07/06 14:20:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bilal Khan\My Documents\My Dropbox
[2010/07/06 14:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Application Data\Dropbox
[2010/07/06 00:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Desktop\BB
[2010/07/06 00:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2010/07/06 00:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Application Data\Roxio
[2010/07/04 12:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Application Data\Research In Motion
[2010/07/04 01:39:52 | 000,000,000 | ---D | C] -- C:\Spartacus.Blood.and.Sand.S01E01-02-03.HDTV.XviD DivXNL-Team (nl subs)
[2010/07/03 22:03:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/07/03 22:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2010/07/03 22:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2010/07/03 22:01:09 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio
[2010/07/03 22:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2010/07/03 21:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/07/03 21:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2010/07/03 21:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2010/07/03 21:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2010/07/03 15:52:50 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2010/07/02 11:18:08 | 000,000,000 | ---D | C] -- C:\BB
[2010/06/25 19:53:40 | 000,000,000 | ---D | C] -- C:\Program Files\Juniper Networks
[2010/06/25 19:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Application Data\Juniper Networks
[2010/06/25 19:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/06/24 09:27:22 | 000,055,256 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdi.sys
[2010/06/24 09:26:24 | 000,140,752 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2010/06/17 17:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/17 17:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/17 17:59:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/17 17:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/17 17:49:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/12 01:09:17 | 000,000,000 | ---D | C] -- C:\My Family
[2010/06/11 23:54:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Desktop\Content
[2010/06/11 20:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\_
[2010/06/11 20:00:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Application Data\GameTuts
[2010/06/11 19:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\GameTuts
[2010/06/10 01:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\My Documents\The KMPlayer
[2010/06/10 01:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Conduit
[2010/06/10 01:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/05/18 17:42:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\My Documents\vdub
[2010/05/10 16:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Desktop\ResumeCards
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Bilal Khan\My Documents\*.tmp files -> C:\Documents and Settings\Bilal Khan\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/28 17:21:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-688789844-725345543-1004UA.job
[2010/07/28 17:19:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bilal Khan\Desktop\OTL.exe
[2010/07/28 14:00:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010/07/28 11:15:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/28 11:15:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/28 11:14:43 | 017,563,648 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\ntuser.dat
[2010/07/28 11:14:38 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Bilal Khan\ntuser.ini
[2010/07/28 11:12:59 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\dds (1).scr
[2010/07/28 01:14:40 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/28 00:22:07 | 000,000,672 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/28 00:22:07 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/28 00:22:07 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/27 23:38:02 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/07/27 21:21:01 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-688789844-725345543-1004Core.job
[2010/07/27 16:36:16 | 002,153,042 | -H-- | M] () -- C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\IconCache.db
[2010/07/27 16:27:41 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2010/07/26 21:21:58 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\Google Chrome.lnk
[2010/07/26 21:21:58 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/22 23:48:15 | 000,413,985 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/21 17:13:16 | 000,059,664 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\mbam-clean.exe
[2010/07/21 15:51:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100722-234815.backup
[2010/07/21 15:36:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/07/21 15:07:18 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\defogger_reenable
[2010/07/21 14:13:34 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\Defogger.exe
[2010/07/21 14:13:20 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\RKUnhookerLE.EXE
[2010/07/21 14:13:18 | 000,478,504 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\bootkit_remover.rar
[2010/07/21 13:54:06 | 000,578,740 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/21 13:54:06 | 000,481,770 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/21 13:54:06 | 000,086,286 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/21 02:17:34 | 000,000,521 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\fixme.bat
[2010/07/21 02:03:08 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\NodLogin Force.lnk
[2010/07/21 02:03:08 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\NodLogin normal.lnk
[2010/07/18 23:07:02 | 000,013,054 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\numbers_fixed_v2.xlsx
[2010/07/18 23:06:55 | 000,013,055 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\numbers_fixed.xlsx
[2010/07/18 22:36:00 | 000,009,482 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\stupid.xlsx
[2010/07/14 13:04:22 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Application Data\winscp.rnd
[2010/07/13 12:21:28 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2010/07/12 15:04:13 | 000,430,780 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\PackingInstructions_US_UPS.pdf
[2010/07/12 14:17:34 | 000,462,716 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\PICT0006.jpg
[2010/07/07 12:19:30 | 000,014,042 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\ResumeCards Info_Bilal Khan.docx
[2010/07/06 17:33:30 | 000,110,080 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\LIVE 2009 Finance Summary_July2_v3.xls
[2010/07/06 14:20:26 | 000,000,993 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\Dropbox.lnk
[2010/07/05 22:47:07 | 000,033,691 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\LIVE 2009 Conference Feedback_v2.xlsx
[2010/07/05 18:03:44 | 000,031,440 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\LIVE 2009 Conference Feedback_v1.xlsx
[2010/07/05 18:03:30 | 000,031,439 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\Feedback_v1.xlsx
[2010/07/05 17:46:05 | 000,029,593 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\Feedback_consolidated.xlsx
[2010/07/05 17:45:54 | 000,029,593 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\Feedback.xlsx
[2010/07/05 17:38:06 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\pool.bin
[2010/07/04 13:29:53 | 000,213,485 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\LoaderBackup-(2010-07-04).ipd
[2010/07/04 12:29:42 | 002,195,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/04 01:07:38 | 000,088,176 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/03 21:56:23 | 000,009,810 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\whereismymoney.xlsx
[2010/07/03 21:34:34 | 000,098,816 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\LIVE 2009 Finance Summary_July2_v2.xls
[2010/07/03 12:57:19 | 000,006,508 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/02 00:58:57 | 000,098,816 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\LIVE 2009 Finance Summary_July2.xls
[2010/07/01 21:22:57 | 000,011,789 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\Selling a Samsung HT.docx
[2010/07/01 17:01:09 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\afeae.doc
[2010/06/25 21:36:15 | 000,001,770 | -H-- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\Default.rdp
[2010/06/24 09:27:22 | 000,055,256 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdi.sys
[2010/06/24 09:26:24 | 000,140,752 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2010/06/17 18:00:53 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/10 01:33:07 | 002,467,535 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\SoftonicToolbar.exe
[2010/06/09 10:25:25 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/07 12:58:02 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\ResumeCards_MgmtCoop.doc
[2010/06/07 12:52:15 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\AutoRecovery save of ResumeCards_PeggyMeeting.asd
[2010/06/07 11:36:45 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\~$sumeCards_PeggyMeeting.doc
[2010/06/07 00:21:50 | 000,015,708 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\SteadyPro.png
[2010/06/04 01:42:44 | 000,227,787 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\cbm.mp3
[2010/06/03 11:36:00 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\print.doc
[2010/06/02 17:47:01 | 000,058,936 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\120px-SitRepPro.png
[2010/06/02 17:45:44 | 000,000,049 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\blank.gif
[2010/05/27 13:03:00 | 000,315,541 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\JudgingMarkingTemplate_V12.xlsx
[2010/05/23 20:50:28 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\map.doc
[2010/05/20 18:52:27 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\My Computer.lnk
[2010/05/18 17:43:57 | 040,283,782 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\173256.avi
[2010/05/15 20:03:42 | 000,008,726 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\mw2.xlsx
[2010/05/11 22:19:35 | 000,060,928 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\AutoRecovery save of Bilal Khan - Resume_MRG.asd
[2010/05/11 21:59:35 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\AutoRecovery save of Bilal Khan - KPMG Resume.asd
[2010/05/11 21:59:35 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\AutoRecovery save of Bilal Khan - Resume.asd
[2010/05/09 22:33:04 | 000,012,908 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\Pitch Questions_v1.docx
[2010/05/09 22:01:00 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\LIVE 2009 Reimbursement Form.xls
[2010/05/09 16:38:05 | 000,032,506 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\live_conference_2009.jpg
[2010/05/08 14:57:51 | 000,015,221 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\Blurb_Draft_JS_BKEdit_PK1.docx
[2010/05/08 14:57:05 | 000,013,619 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\Blurb_Draft_JS_BKEdit_PK.docx
[2010/05/08 13:59:18 | 000,013,324 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\Blurb_Draft_JS_BKEdit.docx
[2010/05/03 14:30:39 | 000,011,015 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\Blurb_Draft.docx
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Bilal Khan\My Documents\*.tmp files -> C:\Documents and Settings\Bilal Khan\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/21 17:13:16 | 000,059,664 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\mbam-clean.exe
[2010/07/21 15:29:32 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/21 15:29:29 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/21 15:07:01 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\defogger_reenable
[2010/07/21 14:13:26 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\Defogger.exe
[2010/07/21 14:13:17 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\RKUnhookerLE.EXE
[2010/07/21 14:13:13 | 000,478,504 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\bootkit_remover.rar
[2010/07/21 09:08:52 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\dds (1).scr
[2010/07/21 02:17:34 | 000,000,521 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\fixme.bat
[2010/07/21 02:03:08 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\NodLogin Force.lnk
[2010/07/21 02:03:08 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\NodLogin normal.lnk
[2010/07/18 23:07:02 | 000,013,054 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\numbers_fixed_v2.xlsx
[2010/07/18 22:38:55 | 000,013,055 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\numbers_fixed.xlsx
[2010/07/18 22:36:00 | 000,009,482 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\stupid.xlsx
[2010/07/13 12:21:28 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2010/07/12 15:04:13 | 000,430,780 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\PackingInstructions_US_UPS.pdf
[2010/07/12 14:17:34 | 000,462,716 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\PICT0006.jpg
[2010/07/07 12:19:30 | 000,014,042 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\ResumeCards Info_Bilal Khan.docx
[2010/07/06 14:20:26 | 000,000,993 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\Dropbox.lnk
[2010/07/05 23:27:14 | 000,110,080 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\LIVE 2009 Finance Summary_July2_v3.xls
[2010/07/05 22:47:07 | 000,033,691 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\LIVE 2009 Conference Feedback_v2.xlsx
[2010/07/05 18:03:43 | 000,031,440 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\LIVE 2009 Conference Feedback_v1.xlsx
[2010/07/05 18:03:30 | 000,031,439 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\Feedback_v1.xlsx
[2010/07/05 17:46:05 | 000,029,593 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\Feedback_consolidated.xlsx
[2010/07/05 17:31:00 | 000,000,634 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Application Data\BBMS_EXCEPTION.txt
[2010/07/04 15:03:41 | 000,029,593 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\Feedback.xlsx
[2010/07/04 13:29:53 | 000,213,485 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\LoaderBackup-(2010-07-04).ipd
[2010/07/04 12:57:53 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/07/04 12:47:27 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\pool.bin
[2010/07/03 21:56:19 | 000,009,810 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\whereismymoney.xlsx
[2010/07/03 21:34:32 | 000,098,816 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\LIVE 2009 Finance Summary_July2_v2.xls
[2010/07/02 00:29:31 | 000,098,816 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\LIVE 2009 Finance Summary_July2.xls
[2010/07/01 21:22:57 | 000,011,789 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\Selling a Samsung HT.docx
[2010/07/01 17:01:09 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\afeae.doc
[2010/06/25 19:55:40 | 000,001,770 | -H-- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\Default.rdp
[2010/06/17 18:00:53 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/10 01:32:00 | 002,467,535 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\SoftonicToolbar.exe
[2010/06/07 13:00:21 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\AutoRecovery save of ResumeCards_PeggyMeeting.asd
[2010/06/07 12:58:02 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\ResumeCards_MgmtCoop.doc
[2010/06/07 11:36:45 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\~$sumeCards_PeggyMeeting.doc
[2010/06/07 11:36:06 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\ResumeCards_PeggyMeeting.doc
[2010/06/07 00:21:50 | 000,015,708 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\SteadyPro.png
[2010/06/04 01:42:44 | 000,227,787 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\cbm.mp3
[2010/06/03 11:36:00 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\print.doc
[2010/06/02 17:47:01 | 000,058,936 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\120px-SitRepPro.png
[2010/06/02 17:45:44 | 000,000,049 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\blank.gif
[2010/05/27 13:03:00 | 000,315,541 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\JudgingMarkingTemplate_V12.xlsx
[2010/05/23 20:50:27 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\map.doc
[2010/05/20 18:52:27 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\My Computer.lnk
[2010/05/18 17:42:57 | 040,283,782 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\173256.avi
[2010/05/15 00:04:06 | 000,008,726 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\mw2.xlsx
[2010/05/12 14:39:42 | 000,060,928 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\AutoRecovery save of Bilal Khan - Resume_MRG.asd
[2010/05/12 14:39:42 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\AutoRecovery save of Bilal Khan - KPMG Resume.asd
[2010/05/12 14:39:42 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\AutoRecovery save of Bilal Khan - Resume.asd
[2010/05/09 22:33:04 | 000,012,908 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\Pitch Questions_v1.docx
[2010/05/09 22:01:00 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\LIVE 2009 Reimbursement Form.xls
[2010/05/09 16:38:04 | 000,032,506 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\live_conference_2009.jpg
[2010/05/08 14:57:50 | 000,015,221 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\Blurb_Draft_JS_BKEdit_PK1.docx
[2010/05/08 14:57:05 | 000,013,619 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\Blurb_Draft_JS_BKEdit_PK.docx
[2010/05/08 13:59:17 | 000,013,324 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\Blurb_Draft_JS_BKEdit.docx
[2010/05/03 14:30:38 | 000,011,015 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\Blurb_Draft.docx
[2009/11/01 04:00:25 | 000,000,023 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/10/20 14:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/06/04 10:29:04 | 000,000,250 | ---- | C] () -- C:\WINDOWS\cchtxhlp.ini
[2009/04/20 23:17:59 | 000,138,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/03/31 16:00:53 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll
[2009/03/31 16:00:53 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll
[2009/03/31 16:00:53 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll
[2009/03/31 16:00:53 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll
[2009/03/31 16:00:53 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll
[2009/03/31 16:00:53 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll
[2009/03/31 16:00:53 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2009/03/31 16:00:53 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll
[2009/03/31 16:00:53 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll
[2009/03/31 16:00:53 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2009/03/31 16:00:53 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll
[2009/03/31 16:00:53 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2009/03/31 16:00:53 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2009/03/31 16:00:53 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2009/03/31 16:00:53 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2009/03/31 16:00:52 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2009/03/31 16:00:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2009/03/31 16:00:52 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2009/03/17 03:02:01 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/03/13 18:21:30 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\DKU5INST.DLL
[2009/03/13 18:21:26 | 000,003,919 | ---- | C] () -- C:\WINDOWS\System32\flsinst.ini
[2009/03/13 18:21:25 | 001,306,624 | ---- | C] () -- C:\WINDOWS\System32\FLSINST.DLL
[2009/01/01 03:04:29 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/01/01 03:04:29 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/01/01 02:54:34 | 001,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2009/01/01 02:54:34 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2009/01/01 02:54:34 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/01/22 02:24:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2005/04/01 11:44:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcccnv4.dll
[1995/08/07 18:53:00 | 000,463,904 | ---- | C] () -- C:\WINDOWS\System32\owl253f.dll

========== LOP Check ==========

[2009/09/27 20:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2010/07/21 02:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/06/25 19:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2009/11/08 12:56:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/03/21 19:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/07/03 22:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/01/17 12:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2009/12/07 04:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrueCrypt
[2009/01/01 14:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/09/27 20:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2010/06/17 18:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/01/01 14:44:21 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/10/08 15:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/07/20 16:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\37A82797032C8C19904CEB823E7D6F16
[2010/07/09 02:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\abgx360
[2009/12/18 22:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Any Video Converter
[2009/02/23 17:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/08/06 03:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\DC++
[2010/04/13 20:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\DocumentsToGoDesktop
[2010/07/27 23:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Dropbox
[2010/07/21 02:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\ESET
[2010/07/27 15:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\foobar2000
[2010/06/11 20:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\GameTuts
[2009/12/15 21:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\GetRightToGo
[2009/04/05 10:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\iambic
[2009/02/03 20:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\ImgBurn
[2009/08/31 11:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\InternetCalls
[2010/06/25 21:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Juniper Networks
[2009/10/05 02:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\LimeWire
[2009/03/12 14:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\MSNInstaller
[2009/04/04 07:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Octoshape
[2009/01/03 19:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Open Source Applications Foundation
[2009/12/04 18:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Opera
[2009/01/03 19:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Python-Eggs
[2010/01/13 02:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Red Kawa
[2010/07/05 17:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Research In Motion
[2010/05/11 20:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\SystemRequirementsLab
[2009/11/30 20:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\tmp
[2009/01/01 14:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\TuneUp Software
[2010/07/08 11:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\uTorrent
[2009/08/31 11:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Voipwise
[2009/01/01 00:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\VoxOx
[2009/11/30 20:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\VoxOx2
[2009/01/02 01:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Windows Desktop Search
[2009/01/01 04:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Windows Search
[2010/04/08 13:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Wireshark
[2010/07/28 14:00:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job

========== Purity Check ==========

========== Custom Scans ==========

< %systemroot%\system32\drivers\*.sys /90 >
[2010/06/24 09:26:24 | 000,140,752 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\eamon.sys
[2010/06/24 09:27:22 | 000,055,256 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfwtdi.sys

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/12/31 18:14:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/12/31 18:14:31 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/12/31 18:14:31 | 000,917,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >

*Extras:*

OTL Extras logfile created on: 28/07/2010 5:21:03 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Bilal Khan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.89 Gb Total Space | 9.68 Gb Free Space | 11.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 61.08 Gb Total Space | 6.25 Gb Free Space | 10.23% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BILAL
Current User Name: Bilal Khan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\PharosSystems\Core\CTskMstr.exe" = C:\Program Files\PharosSystems\Core\CTskMstr.exe:*:Enabledharos Com Task Master -- (Pharos Systems International)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\iCall\iCall.exe" = C:\Program Files\iCall\iCall.exe:*:Enabled:iCall -- ()
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Program Files\PharosSystems\Core\CTskMstr.exe" = C:\Program Files\PharosSystems\Core\CTskMstr.exe:*:Enabledharos Com Task Master -- (Pharos Systems International)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Bilal Khan\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Bilal Khan\Application Data\Dropbox\bin\Dropbox.exe:*:Enabledropbox -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01000A03-E058-11D3-9C13-0000E220DC33}" = MiraScan V4.03
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{10B9A312-F141-44B9-A2CE-C8379CBBFD14}" = BlackBerry Desktop Software 5.0.1
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{19FDE7C3-9837-4365-883C-01D51A9F262C}" = ESET Smart Security
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1C2FA9CD-8708-4D5F-B41F-4AA958BDE6CB}" = Virtual Professional Library - Folio Views
"{1CEE552A-5E9E-49C3-9DE6-0BD978E20663}_is1" = Agendus for Windows Outlook Edition
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21199F32-B676-4FE2-A443-EF7DB6B8FD4F}" = Opera 10.10
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 18
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2CD82D77-8D1E-44FC-9A90-BBA95AC8D6B7}" = Protector Suite QL 5.8
"{2DA48E1D-5DC0-11D7-8CE2-00002101439B}" = Hide Folder 3.1
"{2F01EBAF-CA43-417B-A494-76E753F8200D}" = TouchChip USB Driver 2.18
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{372B31CF-77FB-4E29-860C-A0EA2985AB7F}" = O2Micro Flash Memory Card Reader Driver (x86)
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6734459C-512F-4DAD-93ED-BC07A88F0A5B}" = inSSIDer
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67DFCE0D-BBA9-43AC-90B3-548390ECE522}" = F4200
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C39F2B2-C1D8-479D-B8A8-C5A9425C14C5}" = Diego
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7F815C5F-D2A4-4173-B7C0-55A9D6F87E38}" = MobileMe Control Panel
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" = 
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{968A9ED2-0BDE-11D7-89A6-000629130A49}" = CCH Library
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A05D47D8-701F-43F6-A09C-EDE6F4F2AEE6}" = Voiceglobe SIPphone
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2F3FB19-D848-479C-818E-130ABC9366DB}" = BlackBerry Device Software Updater
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DA8EBAA1-1B09-480F-B495-A2AB096F8907}" = ACL for Windows Version 7 Workbook
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"abgx360" = abgx360 v1.0.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Alarm_is1" = Alarm 2.0.4
"Any Video Converter_is1" = Any Video Converter 2.7.6
"Audacity_is1" = Audacity 1.2.4
"AviSynth" = AviSynth 2.5
"BlackBerry_{10B9A312-F141-44B9-A2CE-C8379CBBFD14}" = BlackBerry Desktop Software 5.0.1
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"Chandler" = Chandler 1.0.2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Creative OEM013" = Laptop Integrated Webcam Driver (1.01.01.0529) 
"DC++" = DC++ 0.750
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DKU5INST" = Nokia Connectivity Adapter DKU-5
"DTGDesktop" = Documents To Go Desktop for iPhone
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla" = FileZilla (remove only)
"FLSINST" = FLS-4 Driver Installation
"Flv Recorder_is1" = FlvRecorder
"foo_audioscrobbler" = Audioscrobbler for foobar2000 (remove only)
"foobar2000" = foobar2000 v0.9.6.1
"GOM Player" = GOM Player
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HotspotShield" = Hotspot Shield 1.37
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP iPAQ Setup Assistant" = HP iPAQ Setup Assistant v1.3.11.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HyperSnap 6" = HyperSnap 6
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"JDownloader" = JDownloader
"Jello.Dashboard" = Jello.Dashboard 5.00.1 (beta)
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Launch of the Screaming Narwhal" = Tales of Monkey Island - Launch of the Screaming Narwhal
"LimeWire" = LimeWire PRO 5.2.13
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MyLife Organized" = MyLife Organized 2.5.0 (Unregistered)
"MyLife Organized PocketPC Edition" = MyLife Organized PocketPC Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PartyPoker" = PartyPoker
"Pharos" = Pharos
"PlayFLV" = PlayFLV
"PokerTracker3" = PokerTracker 3 (remove only)
"RealPlayer 12.0" = RealPlayer
"Soulseek2" = SoulSeek 157 NS 13c
"Steam App 10" = Counter-Strike
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Total Video Converter 3.12_is1" = Total Video Converter 3.12 080330
"TrueCrypt" = TrueCrypt
"TVUPlayer" = TVUPlayer 2.4.9.1
"Videora iPod Converter" = Videora iPod Converter 5.03
"vixy converter BETA_is1" = vixy converter uninstall
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.1.7
"Wireshark" = Wireshark 1.2.6
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YouTube Downloader App" = YouTube Downloader App 2.03

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Octoshape Streaming Services" = Octoshape Streaming Services
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/07/2010 7:17:09 AM | Computer Name = BILAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2265

Error - 28/07/2010 11:08:17 AM | Computer Name = BILAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 28/07/2010 11:08:17 AM | Computer Name = BILAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13870531

Error - 28/07/2010 11:08:17 AM | Computer Name = BILAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13870531

Error - 28/07/2010 2:27:59 PM | Computer Name = BILAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 28/07/2010 2:27:59 PM | Computer Name = BILAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2110

Error - 28/07/2010 2:27:59 PM | Computer Name = BILAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2110

Error - 28/07/2010 2:28:01 PM | Computer Name = BILAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 28/07/2010 2:28:01 PM | Computer Name = BILAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4141

Error - 28/07/2010 2:28:01 PM | Computer Name = BILAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4141

[ OSession Events ]
Error - 02/10/2009 5:54:02 PM | Computer Name = BILAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 94564
seconds with 5160 seconds of active time. This session ended with a crash.

Error - 15/10/2009 3:44:20 PM | Computer Name = BILAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 100
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15/10/2009 3:44:33 PM | Computer Name = BILAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15/10/2009 3:44:41 PM | Computer Name = BILAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 17/10/2009 8:30:54 PM | Computer Name = BILAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 126151
seconds with 4080 seconds of active time. This session ended with a crash.

Error - 19/11/2009 1:41:54 AM | Computer Name = BILAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15/01/2010 1:02:58 PM | Computer Name = BILAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 94
seconds with 0 seconds of active time. This session ended with a crash.

Error - 23/01/2010 10:28:05 PM | Computer Name = BILAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 96430
seconds with 240 seconds of active time. This session ended with a crash.

Error - 08/04/2010 9:44:29 PM | Computer Name = BILAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 833
seconds with 60 seconds of active time. This session ended with a crash.

Error - 01/05/2010 12:47:39 AM | Computer Name = BILAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 195776
seconds with 2940 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 28/07/2010 11:17:48 AM | Computer Name = BILAL | Source = Service Control Manager | ID = 7022
Description = The ESET Service service hung on starting.

Error - 28/07/2010 11:17:48 AM | Computer Name = BILAL | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 28/07/2010 11:17:57 AM | Computer Name = BILAL | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {025FF2D8-3A56-46CE-8A2D-9DF3F3F10D1F}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 28/07/2010 3:02:41 PM | Computer Name = BILAL | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {025FF2D8-3A56-46CE-8A2D-9DF3F3F10D1F}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 28/07/2010 3:03:40 PM | Computer Name = BILAL | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.103 for the Network Card with network
address 001FE12B6B36 has been denied by the DHCP server 142.1.160.1 (The DHCP Server
sent a DHCPNACK message).

Error - 28/07/2010 5:18:18 PM | Computer Name = BILAL | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 142.1.162.134 on
the Network Card with network address 001FE12B6B36.

Error - 28/07/2010 5:18:23 PM | Computer Name = BILAL | Source = PSched | ID = 14103
Description = QoS [Adapter {930EF32E-ED78-47CD-A56A-EE37DFC5CD6D}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 28/07/2010 5:18:27 PM | Computer Name = BILAL | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {025FF2D8-3A56-46CE-8A2D-9DF3F3F10D1F}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 28/07/2010 5:21:31 PM | Computer Name = BILAL | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 28/07/2010 5:21:31 PM | Computer Name = BILAL | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

[ TuneUp Events ]
Error - 21/07/2010 7:28:10 PM | Computer Name = BILAL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: disk I/O error; when executing SQL: ATTACH DATABASE ':memory:'
AS MemDB; CREATE TABLE IF NOT EXISTS Config(Name TEXT UNIQUE PRIMARY KEY, Value
TEXT); INSERT OR IGNORE INTO Config Values('DBVersion', '1004'); CREATE TABLE IF
NOT EXISTS MemDB.MemApplications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT,
Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT
EXISTS Applications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE,
Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS MemDB.ActiveApps
(id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE, ProcID INTEGER, 
Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS ExeFiles (Exe TEXT UNIQUE PRIMARY
KEY, ProductID TEXT, AnalyzeTime DATE); CREATE TABLE IF NOT EXISTS Products (Date
DATE, ProductID TEXT, StartCounter INTEGER, RunningTime INTEGER, GUIActivateCount
INTEGER, GUIIdleFocusTime INTEGER, GUIVisibleTime INTEGER, GUIAvgScreenCoverage
INTEGER); CREATE UNIQUE INDEX IF N

Error - 27/07/2010 4:48:01 PM | Computer Name = BILAL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: disk I/O error; when executing SQL: ATTACH DATABASE ':memory:'
AS MemDB; CREATE TABLE IF NOT EXISTS Config(Name TEXT UNIQUE PRIMARY KEY, Value
TEXT); INSERT OR IGNORE INTO Config Values('DBVersion', '1004'); CREATE TABLE IF
NOT EXISTS MemDB.MemApplications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT,
Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT
EXISTS Applications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE,
Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS MemDB.ActiveApps
(id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE, ProcID INTEGER, 
Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS ExeFiles (Exe TEXT UNIQUE PRIMARY
KEY, ProductID TEXT, AnalyzeTime DATE); CREATE TABLE IF NOT EXISTS Products (Date
DATE, ProductID TEXT, StartCounter INTEGER, RunningTime INTEGER, GUIActivateCount
INTEGER, GUIIdleFocusTime INTEGER, GUIVisibleTime INTEGER, GUIAvgScreenCoverage
INTEGER); CREATE UNIQUE INDEX IF N

Error - 27/07/2010 11:17:52 PM | Computer Name = BILAL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: disk I/O error; when executing SQL: ATTACH DATABASE ':memory:'
AS MemDB; CREATE TABLE IF NOT EXISTS Config(Name TEXT UNIQUE PRIMARY KEY, Value
TEXT); INSERT OR IGNORE INTO Config Values('DBVersion', '1004'); CREATE TABLE IF
NOT EXISTS MemDB.MemApplications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT,
Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT
EXISTS Applications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE,
Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS MemDB.ActiveApps
(id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE, ProcID INTEGER, 
Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS ExeFiles (Exe TEXT UNIQUE PRIMARY
KEY, ProductID TEXT, AnalyzeTime DATE); CREATE TABLE IF NOT EXISTS Products (Date
DATE, ProductID TEXT, StartCounter INTEGER, RunningTime INTEGER, GUIActivateCount
INTEGER, GUIIdleFocusTime INTEGER, GUIVisibleTime INTEGER, GUIAvgScreenCoverage
INTEGER); CREATE UNIQUE INDEX IF N

Error - 27/07/2010 11:28:39 PM | Computer Name = BILAL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: disk I/O error; when executing SQL: ATTACH DATABASE ':memory:'
AS MemDB; CREATE TABLE IF NOT EXISTS Config(Name TEXT UNIQUE PRIMARY KEY, Value
TEXT); INSERT OR IGNORE INTO Config Values('DBVersion', '1004'); CREATE TABLE IF
NOT EXISTS MemDB.MemApplications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT,
Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT
EXISTS Applications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE,
Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS MemDB.ActiveApps
(id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE, ProcID INTEGER, 
Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS ExeFiles (Exe TEXT UNIQUE PRIMARY
KEY, ProductID TEXT, AnalyzeTime DATE); CREATE TABLE IF NOT EXISTS Products (Date
DATE, ProductID TEXT, StartCounter INTEGER, RunningTime INTEGER, GUIActivateCount
INTEGER, GUIIdleFocusTime INTEGER, GUIVisibleTime INTEGER, GUIAvgScreenCoverage
INTEGER); CREATE UNIQUE INDEX IF N

Error - 27/07/2010 11:32:47 PM | Computer Name = BILAL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: disk I/O error; when executing SQL: ATTACH DATABASE ':memory:'
AS MemDB; CREATE TABLE IF NOT EXISTS Config(Name TEXT UNIQUE PRIMARY KEY, Value
TEXT); INSERT OR IGNORE INTO Config Values('DBVersion', '1004'); CREATE TABLE IF
NOT EXISTS MemDB.MemApplications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT,
Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT
EXISTS Applications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE,
Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS MemDB.ActiveApps
(id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE, ProcID INTEGER, 
Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS ExeFiles (Exe TEXT UNIQUE PRIMARY
KEY, ProductID TEXT, AnalyzeTime DATE); CREATE TABLE IF NOT EXISTS Products (Date
DATE, ProductID TEXT, StartCounter INTEGER, RunningTime INTEGER, GUIActivateCount
INTEGER, GUIIdleFocusTime INTEGER, GUIVisibleTime INTEGER, GUIAvgScreenCoverage
INTEGER); CREATE UNIQUE INDEX IF N

Error - 27/07/2010 11:36:56 PM | Computer Name = BILAL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: disk I/O error; when executing SQL: ATTACH DATABASE ':memory:'
AS MemDB; CREATE TABLE IF NOT EXISTS Config(Name TEXT UNIQUE PRIMARY KEY, Value
TEXT); INSERT OR IGNORE INTO Config Values('DBVersion', '1004'); CREATE TABLE IF
NOT EXISTS MemDB.MemApplications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT,
Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1));  CREATE TABLE IF NOT
EXISTS Applications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE,
Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS MemDB.ActiveApps
(id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE, ProcID INTEGER, 
Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS ExeFiles (Exe TEXT UNIQUE PRIMARY
KEY, ProductID TEXT, AnalyzeTime DATE); CREATE TABLE IF NOT EXISTS Products (Date
DATE, ProductID TEXT, StartCounter INTEGER, RunningTime INTEGER, GUIActivateCount
INTEGER, GUIIdleFocusTime INTEGER, GUIVisibleTime INTEGER, GUIAvgScreenCoverage
INTEGER); CREATE UNIQUE INDEX IF N

Error - 28/07/2010 12:00:01 AM | Computer Name = BILAL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: disk I/O error; when executing SQL: ATTACH DATABASE ':memory:'
AS MemDB; CREATE TABLE IF NOT EXISTS Config(Name TEXT UNIQUE PRIMARY KEY, Value
TEXT); INSERT OR IGNORE INTO Config Values('DBVersion', '1004'); CREATE TABLE IF
NOT EXISTS MemDB.MemApplications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT,
Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT
EXISTS Applications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE,
Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS MemDB.ActiveApps
(id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE, ProcID INTEGER, 
Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS ExeFiles (Exe TEXT UNIQUE PRIMARY
KEY, ProductID TEXT, AnalyzeTime DATE); CREATE TABLE IF NOT EXISTS Products (Date
DATE, ProductID TEXT, StartCounter INTEGER, RunningTime INTEGER, GUIActivateCount
INTEGER, GUIIdleFocusTime INTEGER, GUIVisibleTime INTEGER, GUIAvgScreenCoverage
INTEGER); CREATE UNIQUE INDEX IF N

Error - 28/07/2010 12:06:48 AM | Computer Name = BILAL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: disk I/O error; when executing SQL: ATTACH DATABASE ':memory:'
AS MemDB; CREATE TABLE IF NOT EXISTS Config(Name TEXT UNIQUE PRIMARY KEY, Value
TEXT); INSERT OR IGNORE INTO Config Values('DBVersion', '1004'); CREATE TABLE IF
NOT EXISTS MemDB.MemApplications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT,
Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT
EXISTS Applications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE,
Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS MemDB.ActiveApps
(id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE, ProcID INTEGER, 
Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS ExeFiles (Exe TEXT UNIQUE PRIMARY
KEY, ProductID TEXT, AnalyzeTime DATE); CREATE TABLE IF NOT EXISTS Products (Date
DATE, ProductID TEXT, StartCounter INTEGER, RunningTime INTEGER, GUIActivateCount
INTEGER, GUIIdleFocusTime INTEGER, GUIVisibleTime INTEGER, GUIAvgScreenCoverage
INTEGER); CREATE UNIQUE INDEX IF N

Error - 28/07/2010 12:23:51 AM | Computer Name = BILAL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: disk I/O error; when executing SQL: ATTACH DATABASE ':memory:'
AS MemDB; CREATE TABLE IF NOT EXISTS Config(Name TEXT UNIQUE PRIMARY KEY, Value
TEXT); INSERT OR IGNORE INTO Config Values('DBVersion', '1004'); CREATE TABLE IF
NOT EXISTS MemDB.MemApplications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT,
Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT
EXISTS Applications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE,
Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS MemDB.ActiveApps
(id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE, ProcID INTEGER, 
Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS ExeFiles (Exe TEXT UNIQUE PRIMARY
KEY, ProductID TEXT, AnalyzeTime DATE); CREATE TABLE IF NOT EXISTS Products (Date
DATE, ProductID TEXT, StartCounter INTEGER, RunningTime INTEGER, GUIActivateCount
INTEGER, GUIIdleFocusTime INTEGER, GUIVisibleTime INTEGER, GUIAvgScreenCoverage
INTEGER); CREATE UNIQUE INDEX IF N

Error - 28/07/2010 11:16:19 AM | Computer Name = BILAL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: disk I/O error; when executing SQL: ATTACH DATABASE ':memory:'
AS MemDB; CREATE TABLE IF NOT EXISTS Config(Name TEXT UNIQUE PRIMARY KEY, Value
TEXT); INSERT OR IGNORE INTO Config Values('DBVersion', '1004'); CREATE TABLE IF
NOT EXISTS MemDB.MemApplications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT,
Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT
EXISTS Applications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE,
Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS MemDB.ActiveApps
(id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE, ProcID INTEGER, 
Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS ExeFiles (Exe TEXT UNIQUE PRIMARY
KEY, ProductID TEXT, AnalyzeTime DATE); CREATE TABLE IF NOT EXISTS Products (Date
DATE, ProductID TEXT, StartCounter INTEGER, RunningTime INTEGER, GUIActivateCount
INTEGER, GUIIdleFocusTime INTEGER, GUIVisibleTime INTEGER, GUIAvgScreenCoverage
INTEGER); CREATE UNIQUE INDEX IF N

< End of report >


----------



## Robocho (Jul 21, 2010)

Here you go.

*OTL*

OTL logfile created on: 28/07/2010 5:21:03 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Bilal Khan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.89 Gb Total Space | 9.68 Gb Free Space | 11.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 61.08 Gb Total Space | 6.25 Gb Free Space | 10.23% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BILAL
Current User Name: Bilal Khan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bilal Khan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\MobileMeServices.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
PRC - C:\Program Files\Protector Suite QL\psqltray.exe (UPEK Inc.)
PRC - C:\Program Files\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Bilal Khan\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()
MOD - C:\Program Files\PharosSystems\Core\PRNTRACK.DLL (Pharos Systems International)
MOD - C:\WINDOWS\system32\MadCHook.dll (www.madshi.net)

========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (o2flash) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (Pharos Systems ComTaskMaster) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)
SRV - (dlcc_device) -- C:\WINDOWS\System32\dlcccoms.exe ()
SRV - (HF30Service) -- C:\Program Files\Everstrike Software\Hide Folder 3.1\HF30Service.exe ()

========== Driver Services (SafeList) ==========

DRV - (OMCI) -- C:\WINDOWS\System32\DRIVERS\OMCI.SYS File not found
DRV - (dsNcAdpt) -- C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys File not found
DRV - (catchme) -- C:\DOCUME~1\BILALK~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (epfwtdi) -- C:\WINDOWS\system32\drivers\epfwtdi.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (epfw) -- C:\WINDOWS\system32\drivers\epfw.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (Epfwndis) -- C:\WINDOWS\system32\drivers\epfwndis.sys (ESET)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (truecrypt) -- C:\WINDOWS\system32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (FLE5WNNT) -- C:\WINDOWS\system32\drivers\fle5wnnt.sys (Data Encryption Systems Limited)
DRV - (FLSVCOM) -- C:\WINDOWS\system32\drivers\flsvcom.sys (Data Encryption Systems Limited)
DRV - (FLSPAR) -- C:\WINDOWS\system32\drivers\flspar.sys (Data Encryption Systems Limited)
DRV - (FLSIFACE) -- C:\WINDOWS\system32\drivers\flsiface.sys (Data Encryption Systems Limited)
DRV - (FLSSER) -- C:\WINDOWS\system32\drivers\flsser.sys (Data Encryption Systems Limited)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.)
DRV - (adfs) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (OEM13Vid) -- C:\WINDOWS\system32\drivers\OEM13Vid.sys (Creative Technology Ltd.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (O2MDRDR) -- C:\WINDOWS\system32\drivers\o2media.sys (O2Micro )
DRV - (O2SDRDR) -- C:\WINDOWS\system32\drivers\o2sd.sys (O2Micro )
DRV - (tapvpn) -- C:\WINDOWS\system32\drivers\tapvpn.sys (The OpenVPN Project)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corp.)
DRV - (iastor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (OEM13Afx) -- C:\WINDOWS\system32\drivers\OEM13Afx.sys (Creative Technology Ltd.)
DRV - (OEM13Vfx) -- C:\WINDOWS\system32\drivers\OEM13Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (Nokia USB Phone Parent) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
DRV - (Nokia USB Port) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia)
DRV - (Nokia USB Modem) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
DRV - (Nokia USB Generic) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (HF30Sys) -- C:\Program Files\Everstrike Software\Hide Folder 3.1\HF30XP.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ask.com?o=15187&l=dis"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.10
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {991A772A-BA13-4c1d-A9EF-F897F31DEC7D}:3.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.5.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..keyword.URL: "http://ca.search.yahoo.com/search?ei=utf-8&fr=megaup&p="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/28 00:37:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/28 00:37:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/07/21 02:35:41 | 000,000,000 | ---D | M]

[2009/09/11 21:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Extensions
[2009/09/11 21:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Extensions\[email protected]
[2010/07/25 14:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Firefox\Profiles\x3f1sgpb.default\extensions
[2010/01/24 20:27:55 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Firefox\Profiles\x3f1sgpb.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/10/20 15:58:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Firefox\Profiles\x3f1sgpb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/10 01:33:25 | 000,000,000 | ---D | M] (Softonic-Eng7 Toolbar) -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Firefox\Profiles\x3f1sgpb.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2009/01/02 02:39:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Firefox\Profiles\x3f1sgpb.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2010/01/24 20:26:57 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Firefox\Profiles\x3f1sgpb.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/01/24 20:27:04 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Firefox\Profiles\x3f1sgpb.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/24 20:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Firefox\Profiles\x3f1sgpb.default\extensions\[email protected]
[2010/05/26 15:18:50 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Firefox\Profiles\x3f1sgpb.default\searchplugins\askcom.xml
[2010/07/25 14:37:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2008/06/30 23:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2009/08/24 15:10:36 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/08/24 15:10:36 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/08/24 15:10:36 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/08/24 15:10:36 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/07/22 23:48:15 | 000,413,985 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 14321 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.com/srl_bin/sysreqlab_ind.cab (System Requirements Lab Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230796993109 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\acaptuser32.dll) - C:\WINDOWS\system32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/01 02:25:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 90 Days ==========

[2010/07/28 17:19:54 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bilal Khan\Desktop\OTL.exe
[2010/07/27 13:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDubMod
[2010/07/23 02:30:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/21 23:13:51 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/07/21 19:36:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/21 19:36:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/21 19:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/21 15:29:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/21 15:21:42 | 000,499,712 | ---- | C] (eSage Lab) -- C:\Documents and Settings\Bilal Khan\Desktop\remover.exe
[2010/07/21 09:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Desktop\HELP
[2010/07/21 02:16:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/21 02:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/21 02:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\UlisesSoft
[2010/07/21 02:00:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/20 21:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/20 21:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/20 16:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/20 16:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/20 16:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Application Data\37A82797032C8C19904CEB823E7D6F16
[2010/07/15 16:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Desktop\Job Search
[2010/07/14 00:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Temp
[2010/07/13 12:21:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/13 12:21:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Application Data\SUPERAntiSpyware.com
[2010/07/13 12:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/13 00:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Conduit
[2010/07/12 19:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/12 19:15:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/12 19:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\HPAppData
[2010/07/12 19:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AskToolbar
[2010/07/12 19:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Softonic-Eng7
[2010/07/12 00:37:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\My Documents\Launch
[2010/07/08 02:54:58 | 000,000,000 | ---D | C] -- C:\Spartacus Blood and Sand Season 1
[2010/07/06 14:20:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bilal Khan\My Documents\My Dropbox
[2010/07/06 14:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Application Data\Dropbox
[2010/07/06 00:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Desktop\BB
[2010/07/06 00:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2010/07/06 00:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Application Data\Roxio
[2010/07/04 12:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Application Data\Research In Motion
[2010/07/04 01:39:52 | 000,000,000 | ---D | C] -- C:\Spartacus.Blood.and.Sand.S01E01-02-03.HDTV.XviD DivXNL-Team (nl subs)
[2010/07/03 22:03:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/07/03 22:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2010/07/03 22:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2010/07/03 22:01:09 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio
[2010/07/03 22:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2010/07/03 21:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/07/03 21:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2010/07/03 21:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2010/07/03 21:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2010/07/03 15:52:50 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2010/07/02 11:18:08 | 000,000,000 | ---D | C] -- C:\BB
[2010/06/25 19:53:40 | 000,000,000 | ---D | C] -- C:\Program Files\Juniper Networks
[2010/06/25 19:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Application Data\Juniper Networks
[2010/06/25 19:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/06/24 09:27:22 | 000,055,256 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdi.sys
[2010/06/24 09:26:24 | 000,140,752 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2010/06/17 17:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/17 17:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/17 17:59:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/17 17:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/17 17:49:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/12 01:09:17 | 000,000,000 | ---D | C] -- C:\My Family
[2010/06/11 23:54:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Desktop\Content
[2010/06/11 20:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\_
[2010/06/11 20:00:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Application Data\GameTuts
[2010/06/11 19:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\GameTuts
[2010/06/10 01:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\My Documents\The KMPlayer
[2010/06/10 01:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Conduit
[2010/06/10 01:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/05/18 17:42:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\My Documents\vdub
[2010/05/10 16:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Desktop\ResumeCards
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Bilal Khan\My Documents\*.tmp files -> C:\Documents and Settings\Bilal Khan\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/28 17:21:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-688789844-725345543-1004UA.job
[2010/07/28 17:19:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bilal Khan\Desktop\OTL.exe
[2010/07/28 14:00:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010/07/28 11:15:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/28 11:15:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/28 11:14:43 | 017,563,648 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\ntuser.dat
[2010/07/28 11:14:38 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Bilal Khan\ntuser.ini
[2010/07/28 11:12:59 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\dds (1).scr
[2010/07/28 01:14:40 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/28 00:22:07 | 000,000,672 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/28 00:22:07 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/28 00:22:07 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/27 23:38:02 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/07/27 21:21:01 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-688789844-725345543-1004Core.job
[2010/07/27 16:36:16 | 002,153,042 | -H-- | M] () -- C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\IconCache.db
[2010/07/27 16:27:41 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2010/07/26 21:21:58 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\Google Chrome.lnk
[2010/07/26 21:21:58 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/22 23:48:15 | 000,413,985 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/21 17:13:16 | 000,059,664 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\mbam-clean.exe
[2010/07/21 15:51:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100722-234815.backup
[2010/07/21 15:36:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/07/21 15:07:18 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\defogger_reenable
[2010/07/21 14:13:34 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\Defogger.exe
[2010/07/21 14:13:20 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\RKUnhookerLE.EXE
[2010/07/21 14:13:18 | 000,478,504 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\bootkit_remover.rar
[2010/07/21 13:54:06 | 000,578,740 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/21 13:54:06 | 000,481,770 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/21 13:54:06 | 000,086,286 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/21 02:17:34 | 000,000,521 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\fixme.bat
[2010/07/21 02:03:08 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\NodLogin Force.lnk
[2010/07/21 02:03:08 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\NodLogin normal.lnk
[2010/07/18 23:07:02 | 000,013,054 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\numbers_fixed_v2.xlsx
[2010/07/18 23:06:55 | 000,013,055 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\numbers_fixed.xlsx
[2010/07/18 22:36:00 | 000,009,482 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\stupid.xlsx
[2010/07/14 13:04:22 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Application Data\winscp.rnd
[2010/07/13 12:21:28 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2010/07/12 15:04:13 | 000,430,780 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\PackingInstructions_US_UPS.pdf
[2010/07/12 14:17:34 | 000,462,716 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\PICT0006.jpg
[2010/07/07 12:19:30 | 000,014,042 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\ResumeCards Info_Bilal Khan.docx
[2010/07/06 17:33:30 | 000,110,080 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\LIVE 2009 Finance Summary_July2_v3.xls
[2010/07/06 14:20:26 | 000,000,993 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\Dropbox.lnk
[2010/07/05 22:47:07 | 000,033,691 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\LIVE 2009 Conference Feedback_v2.xlsx
[2010/07/05 18:03:44 | 000,031,440 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\LIVE 2009 Conference Feedback_v1.xlsx
[2010/07/05 18:03:30 | 000,031,439 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\Feedback_v1.xlsx
[2010/07/05 17:46:05 | 000,029,593 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\Feedback_consolidated.xlsx
[2010/07/05 17:45:54 | 000,029,593 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\Feedback.xlsx
[2010/07/05 17:38:06 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\pool.bin
[2010/07/04 13:29:53 | 000,213,485 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\LoaderBackup-(2010-07-04).ipd
[2010/07/04 12:29:42 | 002,195,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/04 01:07:38 | 000,088,176 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/03 21:56:23 | 000,009,810 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\whereismymoney.xlsx
[2010/07/03 21:34:34 | 000,098,816 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\LIVE 2009 Finance Summary_July2_v2.xls
[2010/07/03 12:57:19 | 000,006,508 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/02 00:58:57 | 000,098,816 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\LIVE 2009 Finance Summary_July2.xls
[2010/07/01 21:22:57 | 000,011,789 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\Selling a Samsung HT.docx
[2010/07/01 17:01:09 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\afeae.doc
[2010/06/25 21:36:15 | 000,001,770 | -H-- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\Default.rdp
[2010/06/24 09:27:22 | 000,055,256 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdi.sys
[2010/06/24 09:26:24 | 000,140,752 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2010/06/17 18:00:53 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/10 01:33:07 | 002,467,535 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\SoftonicToolbar.exe
[2010/06/09 10:25:25 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/07 12:58:02 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\ResumeCards_MgmtCoop.doc
[2010/06/07 12:52:15 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\AutoRecovery save of ResumeCards_PeggyMeeting.asd
[2010/06/07 11:36:45 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\~$sumeCards_PeggyMeeting.doc
[2010/06/07 00:21:50 | 000,015,708 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\SteadyPro.png
[2010/06/04 01:42:44 | 000,227,787 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\cbm.mp3
[2010/06/03 11:36:00 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\print.doc
[2010/06/02 17:47:01 | 000,058,936 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\120px-SitRepPro.png
[2010/06/02 17:45:44 | 000,000,049 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\blank.gif
[2010/05/27 13:03:00 | 000,315,541 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\JudgingMarkingTemplate_V12.xlsx
[2010/05/23 20:50:28 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\map.doc
[2010/05/20 18:52:27 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\My Computer.lnk
[2010/05/18 17:43:57 | 040,283,782 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\173256.avi
[2010/05/15 20:03:42 | 000,008,726 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\mw2.xlsx
[2010/05/11 22:19:35 | 000,060,928 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\AutoRecovery save of Bilal Khan - Resume_MRG.asd
[2010/05/11 21:59:35 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\AutoRecovery save of Bilal Khan - KPMG Resume.asd
[2010/05/11 21:59:35 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\AutoRecovery save of Bilal Khan - Resume.asd
[2010/05/09 22:33:04 | 000,012,908 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\Pitch Questions_v1.docx
[2010/05/09 22:01:00 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\LIVE 2009 Reimbursement Form.xls
[2010/05/09 16:38:05 | 000,032,506 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\live_conference_2009.jpg
[2010/05/08 14:57:51 | 000,015,221 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\Blurb_Draft_JS_BKEdit_PK1.docx
[2010/05/08 14:57:05 | 000,013,619 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\Blurb_Draft_JS_BKEdit_PK.docx
[2010/05/08 13:59:18 | 000,013,324 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\Blurb_Draft_JS_BKEdit.docx
[2010/05/03 14:30:39 | 000,011,015 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\Blurb_Draft.docx
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Bilal Khan\My Documents\*.tmp files -> C:\Documents and Settings\Bilal Khan\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/21 17:13:16 | 000,059,664 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\mbam-clean.exe
[2010/07/21 15:29:32 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/21 15:29:29 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/21 15:07:01 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\defogger_reenable
[2010/07/21 14:13:26 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\Defogger.exe
[2010/07/21 14:13:17 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\RKUnhookerLE.EXE
[2010/07/21 14:13:13 | 000,478,504 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\bootkit_remover.rar
[2010/07/21 09:08:52 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\dds (1).scr
[2010/07/21 02:17:34 | 000,000,521 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\fixme.bat
[2010/07/21 02:03:08 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\NodLogin Force.lnk
[2010/07/21 02:03:08 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\NodLogin normal.lnk
[2010/07/18 23:07:02 | 000,013,054 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\numbers_fixed_v2.xlsx
[2010/07/18 22:38:55 | 000,013,055 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\numbers_fixed.xlsx
[2010/07/18 22:36:00 | 000,009,482 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\stupid.xlsx
[2010/07/13 12:21:28 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2010/07/12 15:04:13 | 000,430,780 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\PackingInstructions_US_UPS.pdf
[2010/07/12 14:17:34 | 000,462,716 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\PICT0006.jpg
[2010/07/07 12:19:30 | 000,014,042 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\ResumeCards Info_Bilal Khan.docx
[2010/07/06 14:20:26 | 000,000,993 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\Dropbox.lnk
[2010/07/05 23:27:14 | 000,110,080 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\LIVE 2009 Finance Summary_July2_v3.xls
[2010/07/05 22:47:07 | 000,033,691 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\LIVE 2009 Conference Feedback_v2.xlsx
[2010/07/05 18:03:43 | 000,031,440 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\LIVE 2009 Conference Feedback_v1.xlsx
[2010/07/05 18:03:30 | 000,031,439 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\Feedback_v1.xlsx
[2010/07/05 17:46:05 | 000,029,593 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\Feedback_consolidated.xlsx
[2010/07/05 17:31:00 | 000,000,634 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Application Data\BBMS_EXCEPTION.txt
[2010/07/04 15:03:41 | 000,029,593 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\Feedback.xlsx
[2010/07/04 13:29:53 | 000,213,485 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\LoaderBackup-(2010-07-04).ipd
[2010/07/04 12:57:53 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/07/04 12:47:27 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\pool.bin
[2010/07/03 21:56:19 | 000,009,810 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\whereismymoney.xlsx
[2010/07/03 21:34:32 | 000,098,816 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\LIVE 2009 Finance Summary_July2_v2.xls
[2010/07/02 00:29:31 | 000,098,816 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\LIVE 2009 Finance Summary_July2.xls
[2010/07/01 21:22:57 | 000,011,789 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\Selling a Samsung HT.docx
[2010/07/01 17:01:09 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\afeae.doc
[2010/06/25 19:55:40 | 000,001,770 | -H-- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\Default.rdp
[2010/06/17 18:00:53 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/10 01:32:00 | 002,467,535 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\SoftonicToolbar.exe
[2010/06/07 13:00:21 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\AutoRecovery save of ResumeCards_PeggyMeeting.asd
[2010/06/07 12:58:02 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\ResumeCards_MgmtCoop.doc
[2010/06/07 11:36:45 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\~$sumeCards_PeggyMeeting.doc
[2010/06/07 11:36:06 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\ResumeCards_PeggyMeeting.doc
[2010/06/07 00:21:50 | 000,015,708 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\SteadyPro.png
[2010/06/04 01:42:44 | 000,227,787 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\cbm.mp3
[2010/06/03 11:36:00 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\print.doc
[2010/06/02 17:47:01 | 000,058,936 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\120px-SitRepPro.png
[2010/06/02 17:45:44 | 000,000,049 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\blank.gif
[2010/05/27 13:03:00 | 000,315,541 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\JudgingMarkingTemplate_V12.xlsx
[2010/05/23 20:50:27 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\map.doc
[2010/05/20 18:52:27 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\My Computer.lnk
[2010/05/18 17:42:57 | 040,283,782 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\173256.avi
[2010/05/15 00:04:06 | 000,008,726 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\mw2.xlsx
[2010/05/12 14:39:42 | 000,060,928 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\AutoRecovery save of Bilal Khan - Resume_MRG.asd
[2010/05/12 14:39:42 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\AutoRecovery save of Bilal Khan - KPMG Resume.asd
[2010/05/12 14:39:42 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\AutoRecovery save of Bilal Khan - Resume.asd
[2010/05/09 22:33:04 | 000,012,908 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\Pitch Questions_v1.docx
[2010/05/09 22:01:00 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\LIVE 2009 Reimbursement Form.xls
[2010/05/09 16:38:04 | 000,032,506 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\live_conference_2009.jpg
[2010/05/08 14:57:50 | 000,015,221 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\Blurb_Draft_JS_BKEdit_PK1.docx
[2010/05/08 14:57:05 | 000,013,619 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\Blurb_Draft_JS_BKEdit_PK.docx
[2010/05/08 13:59:17 | 000,013,324 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\Blurb_Draft_JS_BKEdit.docx
[2010/05/03 14:30:38 | 000,011,015 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\Blurb_Draft.docx
[2009/11/01 04:00:25 | 000,000,023 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/10/20 14:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/06/04 10:29:04 | 000,000,250 | ---- | C] () -- C:\WINDOWS\cchtxhlp.ini
[2009/04/20 23:17:59 | 000,138,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/03/31 16:00:53 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll
[2009/03/31 16:00:53 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll
[2009/03/31 16:00:53 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll
[2009/03/31 16:00:53 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll
[2009/03/31 16:00:53 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll
[2009/03/31 16:00:53 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll
[2009/03/31 16:00:53 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2009/03/31 16:00:53 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll
[2009/03/31 16:00:53 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll
[2009/03/31 16:00:53 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2009/03/31 16:00:53 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll
[2009/03/31 16:00:53 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2009/03/31 16:00:53 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2009/03/31 16:00:53 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2009/03/31 16:00:53 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2009/03/31 16:00:52 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2009/03/31 16:00:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2009/03/31 16:00:52 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2009/03/17 03:02:01 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/03/13 18:21:30 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\DKU5INST.DLL
[2009/03/13 18:21:26 | 000,003,919 | ---- | C] () -- C:\WINDOWS\System32\flsinst.ini
[2009/03/13 18:21:25 | 001,306,624 | ---- | C] () -- C:\WINDOWS\System32\FLSINST.DLL
[2009/01/01 03:04:29 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/01/01 03:04:29 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/01/01 02:54:34 | 001,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2009/01/01 02:54:34 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2009/01/01 02:54:34 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/01/22 02:24:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2005/04/01 11:44:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcccnv4.dll
[1995/08/07 18:53:00 | 000,463,904 | ---- | C] () -- C:\WINDOWS\System32\owl253f.dll

========== LOP Check ==========

[2009/09/27 20:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2010/07/21 02:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/06/25 19:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2009/11/08 12:56:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/03/21 19:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/07/03 22:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/01/17 12:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2009/12/07 04:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrueCrypt
[2009/01/01 14:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/09/27 20:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2010/06/17 18:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/01/01 14:44:21 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/10/08 15:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/07/20 16:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\37A82797032C8C19904CEB823E7D6F16
[2010/07/09 02:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\abgx360
[2009/12/18 22:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Any Video Converter
[2009/02/23 17:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/08/06 03:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\DC++
[2010/04/13 20:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\DocumentsToGoDesktop
[2010/07/27 23:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Dropbox
[2010/07/21 02:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\ESET
[2010/07/27 15:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\foobar2000
[2010/06/11 20:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\GameTuts
[2009/12/15 21:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\GetRightToGo
[2009/04/05 10:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\iambic
[2009/02/03 20:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\ImgBurn
[2009/08/31 11:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\InternetCalls
[2010/06/25 21:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Juniper Networks
[2009/10/05 02:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\LimeWire
[2009/03/12 14:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\MSNInstaller
[2009/04/04 07:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Octoshape
[2009/01/03 19:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Open Source Applications Foundation
[2009/12/04 18:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Opera
[2009/01/03 19:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Python-Eggs
[2010/01/13 02:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Red Kawa
[2010/07/05 17:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Research In Motion
[2010/05/11 20:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\SystemRequirementsLab
[2009/11/30 20:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\tmp
[2009/01/01 14:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\TuneUp Software
[2010/07/08 11:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\uTorrent
[2009/08/31 11:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Voipwise
[2009/01/01 00:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\VoxOx
[2009/11/30 20:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\VoxOx2
[2009/01/02 01:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Windows Desktop Search
[2009/01/01 04:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Windows Search
[2010/04/08 13:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Wireshark
[2010/07/28 14:00:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job

========== Purity Check ==========

========== Custom Scans ==========

< %systemroot%\system32\drivers\*.sys /90 >
[2010/06/24 09:26:24 | 000,140,752 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\eamon.sys
[2010/06/24 09:27:22 | 000,055,256 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfwtdi.sys

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/12/31 18:14:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/12/31 18:14:31 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/12/31 18:14:31 | 000,917,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >

*Extras:*

OTL Extras logfile created on: 28/07/2010 5:21:03 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Bilal Khan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.89 Gb Total Space | 9.68 Gb Free Space | 11.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 61.08 Gb Total Space | 6.25 Gb Free Space | 10.23% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BILAL
Current User Name: Bilal Khan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\PharosSystems\Core\CTskMstr.exe" = C:\Program Files\PharosSystems\Core\CTskMstr.exe:*:Enabledharos Com Task Master -- (Pharos Systems International)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\iCall\iCall.exe" = C:\Program Files\iCall\iCall.exe:*:Enabled:iCall -- ()
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Program Files\PharosSystems\Core\CTskMstr.exe" = C:\Program Files\PharosSystems\Core\CTskMstr.exe:*:Enabledharos Com Task Master -- (Pharos Systems International)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Bilal Khan\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Bilal Khan\Application Data\Dropbox\bin\Dropbox.exe:*:Enabledropbox -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01000A03-E058-11D3-9C13-0000E220DC33}" = MiraScan V4.03
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{10B9A312-F141-44B9-A2CE-C8379CBBFD14}" = BlackBerry Desktop Software 5.0.1
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{19FDE7C3-9837-4365-883C-01D51A9F262C}" = ESET Smart Security
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1C2FA9CD-8708-4D5F-B41F-4AA958BDE6CB}" = Virtual Professional Library - Folio Views
"{1CEE552A-5E9E-49C3-9DE6-0BD978E20663}_is1" = Agendus for Windows Outlook Edition
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21199F32-B676-4FE2-A443-EF7DB6B8FD4F}" = Opera 10.10
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 18
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2CD82D77-8D1E-44FC-9A90-BBA95AC8D6B7}" = Protector Suite QL 5.8
"{2DA48E1D-5DC0-11D7-8CE2-00002101439B}" = Hide Folder 3.1
"{2F01EBAF-CA43-417B-A494-76E753F8200D}" = TouchChip USB Driver 2.18
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{372B31CF-77FB-4E29-860C-A0EA2985AB7F}" = O2Micro Flash Memory Card Reader Driver (x86)
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6734459C-512F-4DAD-93ED-BC07A88F0A5B}" = inSSIDer
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67DFCE0D-BBA9-43AC-90B3-548390ECE522}" = F4200
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C39F2B2-C1D8-479D-B8A8-C5A9425C14C5}" = Diego
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7F815C5F-D2A4-4173-B7C0-55A9D6F87E38}" = MobileMe Control Panel
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" = 
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{968A9ED2-0BDE-11D7-89A6-000629130A49}" = CCH Library
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A05D47D8-701F-43F6-A09C-EDE6F4F2AEE6}" = Voiceglobe SIPphone
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2F3FB19-D848-479C-818E-130ABC9366DB}" = BlackBerry Device Software Updater
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DA8EBAA1-1B09-480F-B495-A2AB096F8907}" = ACL for Windows Version 7 Workbook
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"abgx360" = abgx360 v1.0.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Alarm_is1" = Alarm 2.0.4
"Any Video Converter_is1" = Any Video Converter 2.7.6
"Audacity_is1" = Audacity 1.2.4
"AviSynth" = AviSynth 2.5
"BlackBerry_{10B9A312-F141-44B9-A2CE-C8379CBBFD14}" = BlackBerry Desktop Software 5.0.1
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"Chandler" = Chandler 1.0.2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Creative OEM013" = Laptop Integrated Webcam Driver (1.01.01.0529) 
"DC++" = DC++ 0.750
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DKU5INST" = Nokia Connectivity Adapter DKU-5
"DTGDesktop" = Documents To Go Desktop for iPhone
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla" = FileZilla (remove only)
"FLSINST" = FLS-4 Driver Installation
"Flv Recorder_is1" = FlvRecorder
"foo_audioscrobbler" = Audioscrobbler for foobar2000 (remove only)
"foobar2000" = foobar2000 v0.9.6.1
"GOM Player" = GOM Player
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HotspotShield" = Hotspot Shield 1.37
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP iPAQ Setup Assistant" = HP iPAQ Setup Assistant v1.3.11.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HyperSnap 6" = HyperSnap 6
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"JDownloader" = JDownloader
"Jello.Dashboard" = Jello.Dashboard 5.00.1 (beta)
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Launch of the Screaming Narwhal" = Tales of Monkey Island - Launch of the Screaming Narwhal
"LimeWire" = LimeWire PRO 5.2.13
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MyLife Organized" = MyLife Organized 2.5.0 (Unregistered)
"MyLife Organized PocketPC Edition" = MyLife Organized PocketPC Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PartyPoker" = PartyPoker
"Pharos" = Pharos
"PlayFLV" = PlayFLV
"PokerTracker3" = PokerTracker 3 (remove only)
"RealPlayer 12.0" = RealPlayer
"Soulseek2" = SoulSeek 157 NS 13c
"Steam App 10" = Counter-Strike
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Total Video Converter 3.12_is1" = Total Video Converter 3.12 080330
"TrueCrypt" = TrueCrypt
"TVUPlayer" = TVUPlayer 2.4.9.1
"Videora iPod Converter" = Videora iPod Converter 5.03
"vixy converter BETA_is1" = vixy converter uninstall
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.1.7
"Wireshark" = Wireshark 1.2.6
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YouTube Downloader App" = YouTube Downloader App 2.03

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Octoshape Streaming Services" = Octoshape Streaming Services
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/07/2010 7:17:09 AM | Computer Name = BILAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2265

Error - 28/07/2010 11:08:17 AM | Computer Name = BILAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 28/07/2010 11:08:17 AM | Computer Name = BILAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13870531

Error - 28/07/2010 11:08:17 AM | Computer Name = BILAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13870531

Error - 28/07/2010 2:27:59 PM | Computer Name = BILAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 28/07/2010 2:27:59 PM | Computer Name = BILAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2110

Error - 28/07/2010 2:27:59 PM | Computer Name = BILAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2110

Error - 28/07/2010 2:28:01 PM | Computer Name = BILAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 28/07/2010 2:28:01 PM | Computer Name = BILAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4141

Error - 28/07/2010 2:28:01 PM | Computer Name = BILAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4141

[ OSession Events ]
Error - 02/10/2009 5:54:02 PM | Computer Name = BILAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 94564
seconds with 5160 seconds of active time. This session ended with a crash.

Error - 15/10/2009 3:44:20 PM | Computer Name = BILAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 100
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15/10/2009 3:44:33 PM | Computer Name = BILAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15/10/2009 3:44:41 PM | Computer Name = BILAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 17/10/2009 8:30:54 PM | Computer Name = BILAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 126151
seconds with 4080 seconds of active time. This session ended with a crash.

Error - 19/11/2009 1:41:54 AM | Computer Name = BILAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15/01/2010 1:02:58 PM | Computer Name = BILAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 94
seconds with 0 seconds of active time. This session ended with a crash.

Error - 23/01/2010 10:28:05 PM | Computer Name = BILAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 96430
seconds with 240 seconds of active time. This session ended with a crash.

Error - 08/04/2010 9:44:29 PM | Computer Name = BILAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 833
seconds with 60 seconds of active time. This session ended with a crash.

Error - 01/05/2010 12:47:39 AM | Computer Name = BILAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 195776
seconds with 2940 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 28/07/2010 11:17:48 AM | Computer Name = BILAL | Source = Service Control Manager | ID = 7022
Description = The ESET Service service hung on starting.

Error - 28/07/2010 11:17:48 AM | Computer Name = BILAL | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 28/07/2010 11:17:57 AM | Computer Name = BILAL | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {025FF2D8-3A56-46CE-8A2D-9DF3F3F10D1F}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 28/07/2010 3:02:41 PM | Computer Name = BILAL | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {025FF2D8-3A56-46CE-8A2D-9DF3F3F10D1F}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 28/07/2010 3:03:40 PM | Computer Name = BILAL | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.103 for the Network Card with network
address 001FE12B6B36 has been denied by the DHCP server 142.1.160.1 (The DHCP Server
sent a DHCPNACK message).

Error - 28/07/2010 5:18:18 PM | Computer Name = BILAL | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 142.1.162.134 on
the Network Card with network address 001FE12B6B36.

Error - 28/07/2010 5:18:23 PM | Computer Name = BILAL | Source = PSched | ID = 14103
Description = QoS [Adapter {930EF32E-ED78-47CD-A56A-EE37DFC5CD6D}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 28/07/2010 5:18:27 PM | Computer Name = BILAL | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {025FF2D8-3A56-46CE-8A2D-9DF3F3F10D1F}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 28/07/2010 5:21:31 PM | Computer Name = BILAL | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 28/07/2010 5:21:31 PM | Computer Name = BILAL | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

[ TuneUp Events ]
Error - 21/07/2010 7:28:10 PM | Computer Name = BILAL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: disk I/O error; when executing SQL: ATTACH DATABASE ':memory:'
AS MemDB; CREATE TABLE IF NOT EXISTS Config(Name TEXT UNIQUE PRIMARY KEY, Value
TEXT); INSERT OR IGNORE INTO Config Values('DBVersion', '1004'); CREATE TABLE IF
NOT EXISTS MemDB.MemApplications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT,
Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT
EXISTS Applications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE,
Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS MemDB.ActiveApps
(id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE, ProcID INTEGER, 
Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS ExeFiles (Exe TEXT UNIQUE PRIMARY
KEY, ProductID TEXT, AnalyzeTime DATE); CREATE TABLE IF NOT EXISTS Products (Date
DATE, ProductID TEXT, StartCounter INTEGER, RunningTime INTEGER, GUIActivateCount
INTEGER, GUIIdleFocusTime INTEGER, GUIVisibleTime INTEGER, GUIAvgScreenCoverage
INTEGER); CREATE UNIQUE INDEX IF N

Error - 27/07/2010 4:48:01 PM | Computer Name = BILAL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: disk I/O error; when executing SQL: ATTACH DATABASE ':memory:'
AS MemDB; CREATE TABLE IF NOT EXISTS Config(Name TEXT UNIQUE PRIMARY KEY, Value
TEXT); INSERT OR IGNORE INTO Config Values('DBVersion', '1004'); CREATE TABLE IF
NOT EXISTS MemDB.MemApplications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT,
Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT
EXISTS Applications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE,
Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS MemDB.ActiveApps
(id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE, ProcID INTEGER, 
Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS ExeFiles (Exe TEXT UNIQUE PRIMARY
KEY, ProductID TEXT, AnalyzeTime DATE); CREATE TABLE IF NOT EXISTS Products (Date
DATE, ProductID TEXT, StartCounter INTEGER, RunningTime INTEGER, GUIActivateCount
INTEGER, GUIIdleFocusTime INTEGER, GUIVisibleTime INTEGER, GUIAvgScreenCoverage
INTEGER); CREATE UNIQUE INDEX IF N

Error - 27/07/2010 11:17:52 PM | Computer Name = BILAL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: disk I/O error; when executing SQL: ATTACH DATABASE ':memory:'
AS MemDB; CREATE TABLE IF NOT EXISTS Config(Name TEXT UNIQUE PRIMARY KEY, Value
TEXT); INSERT OR IGNORE INTO Config Values('DBVersion', '1004'); CREATE TABLE IF
NOT EXISTS MemDB.MemApplications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT,
Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT
EXISTS Applications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE,
Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS MemDB.ActiveApps
(id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE, ProcID INTEGER, 
Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS ExeFiles (Exe TEXT UNIQUE PRIMARY
KEY, ProductID TEXT, AnalyzeTime DATE); CREATE TABLE IF NOT EXISTS Products (Date
DATE, ProductID TEXT, StartCounter INTEGER, RunningTime INTEGER, GUIActivateCount
INTEGER, GUIIdleFocusTime INTEGER, GUIVisibleTime INTEGER, GUIAvgScreenCoverage
INTEGER); CREATE UNIQUE INDEX IF N

Error - 27/07/2010 11:28:39 PM | Computer Name = BILAL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: disk I/O error; when executing SQL: ATTACH DATABASE ':memory:'
AS MemDB; CREATE TABLE IF NOT EXISTS Config(Name TEXT UNIQUE PRIMARY KEY, Value
TEXT); INSERT OR IGNORE INTO Config Values('DBVersion', '1004'); CREATE TABLE IF
NOT EXISTS MemDB.MemApplications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT,
Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT
EXISTS Applications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE,
Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS MemDB.ActiveApps
(id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE, ProcID INTEGER, 
Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS ExeFiles (Exe TEXT UNIQUE PRIMARY
KEY, ProductID TEXT, AnalyzeTime DATE); CREATE TABLE IF NOT EXISTS Products (Date
DATE, ProductID TEXT, StartCounter INTEGER, RunningTime INTEGER, GUIActivateCount
INTEGER, GUIIdleFocusTime INTEGER, GUIVisibleTime INTEGER, GUIAvgScreenCoverage
INTEGER); CREATE UNIQUE INDEX IF N

Error - 27/07/2010 11:32:47 PM | Computer Name = BILAL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: disk I/O error; when executing SQL: ATTACH DATABASE ':memory:'
AS MemDB; CREATE TABLE IF NOT EXISTS Config(Name TEXT UNIQUE PRIMARY KEY, Value
TEXT); INSERT OR IGNORE INTO Config Values('DBVersion', '1004'); CREATE TABLE IF
NOT EXISTS MemDB.MemApplications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT,
Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT
EXISTS Applications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE,
Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS MemDB.ActiveApps
(id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE, ProcID INTEGER, 
Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS ExeFiles (Exe TEXT UNIQUE PRIMARY
KEY, ProductID TEXT, AnalyzeTime DATE); CREATE TABLE IF NOT EXISTS Products (Date
DATE, ProductID TEXT, StartCounter INTEGER, RunningTime INTEGER, GUIActivateCount
INTEGER, GUIIdleFocusTime INTEGER, GUIVisibleTime INTEGER, GUIAvgScreenCoverage
INTEGER); CREATE UNIQUE INDEX IF N

Error - 27/07/2010 11:36:56 PM | Computer Name = BILAL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: disk I/O error; when executing SQL: ATTACH DATABASE ':memory:'
AS MemDB; CREATE TABLE IF NOT EXISTS Config(Name TEXT UNIQUE PRIMARY KEY, Value
TEXT); INSERT OR IGNORE INTO Config Values('DBVersion', '1004'); CREATE TABLE IF
NOT EXISTS MemDB.MemApplications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT,
Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT
EXISTS Applications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE,
Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS MemDB.ActiveApps
(id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE, ProcID INTEGER, 
Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS ExeFiles (Exe TEXT UNIQUE PRIMARY
KEY, ProductID TEXT, AnalyzeTime DATE); CREATE TABLE IF NOT EXISTS Products (Date
DATE, ProductID TEXT, StartCounter INTEGER, RunningTime INTEGER, GUIActivateCount
INTEGER, GUIIdleFocusTime INTEGER, GUIVisibleTime INTEGER, GUIAvgScreenCoverage
INTEGER); CREATE UNIQUE INDEX IF N

Error - 28/07/2010 12:00:01 AM | Computer Name = BILAL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: disk I/O error; when executing SQL: ATTACH DATABASE ':memory:'
AS MemDB; CREATE TABLE IF NOT EXISTS Config(Name TEXT UNIQUE PRIMARY KEY, Value
TEXT); INSERT OR IGNORE INTO Config Values('DBVersion', '1004'); CREATE TABLE IF
NOT EXISTS MemDB.MemApplications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT,
Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT
EXISTS Applications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE,
Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS MemDB.ActiveApps
(id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE, ProcID INTEGER, 
Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS ExeFiles (Exe TEXT UNIQUE PRIMARY
KEY, ProductID TEXT, AnalyzeTime DATE); CREATE TABLE IF NOT EXISTS Products (Date
DATE, ProductID TEXT, StartCounter INTEGER, RunningTime INTEGER, GUIActivateCount
INTEGER, GUIIdleFocusTime INTEGER, GUIVisibleTime INTEGER, GUIAvgScreenCoverage
INTEGER); CREATE UNIQUE INDEX IF N

Error - 28/07/2010 12:06:48 AM | Computer Name = BILAL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: disk I/O error; when executing SQL: ATTACH DATABASE ':memory:'
AS MemDB; CREATE TABLE IF NOT EXISTS Config(Name TEXT UNIQUE PRIMARY KEY, Value
TEXT); INSERT OR IGNORE INTO Config Values('DBVersion', '1004'); CREATE TABLE IF
NOT EXISTS MemDB.MemApplications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT,
Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT
EXISTS Applications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE,
Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS MemDB.ActiveApps
(id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE, ProcID INTEGER, 
Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS ExeFiles (Exe TEXT UNIQUE PRIMARY
KEY, ProductID TEXT, AnalyzeTime DATE); CREATE TABLE IF NOT EXISTS Products (Date
DATE, ProductID TEXT, StartCounter INTEGER, RunningTime INTEGER, GUIActivateCount
INTEGER, GUIIdleFocusTime INTEGER, GUIVisibleTime INTEGER, GUIAvgScreenCoverage
INTEGER); CREATE UNIQUE INDEX IF N

Error - 28/07/2010 12:23:51 AM | Computer Name = BILAL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: disk I/O error; when executing SQL: ATTACH DATABASE ':memory:'
AS MemDB; CREATE TABLE IF NOT EXISTS Config(Name TEXT UNIQUE PRIMARY KEY, Value
TEXT); INSERT OR IGNORE INTO Config Values('DBVersion', '1004'); CREATE TABLE IF
NOT EXISTS MemDB.MemApplications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT,
Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT
EXISTS Applications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE,
Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS MemDB.ActiveApps
(id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE, ProcID INTEGER, 
Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS ExeFiles (Exe TEXT UNIQUE PRIMARY
KEY, ProductID TEXT, AnalyzeTime DATE); CREATE TABLE IF NOT EXISTS Products (Date
DATE, ProductID TEXT, StartCounter INTEGER, RunningTime INTEGER, GUIActivateCount
INTEGER, GUIIdleFocusTime INTEGER, GUIVisibleTime INTEGER, GUIAvgScreenCoverage
INTEGER); CREATE UNIQUE INDEX IF N

Error - 28/07/2010 11:16:19 AM | Computer Name = BILAL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: disk I/O error; when executing SQL: ATTACH DATABASE ':memory:'
AS MemDB; CREATE TABLE IF NOT EXISTS Config(Name TEXT UNIQUE PRIMARY KEY, Value
TEXT); INSERT OR IGNORE INTO Config Values('DBVersion', '1004'); CREATE TABLE IF
NOT EXISTS MemDB.MemApplications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT,
Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT
EXISTS Applications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE,
Ended DATE, State INTEGER, Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS MemDB.ActiveApps
(id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started DATE, ProcID INTEGER, 
Resumed INTEGER(1)); CREATE TABLE IF NOT EXISTS ExeFiles (Exe TEXT UNIQUE PRIMARY
KEY, ProductID TEXT, AnalyzeTime DATE); CREATE TABLE IF NOT EXISTS Products (Date
DATE, ProductID TEXT, StartCounter INTEGER, RunningTime INTEGER, GUIActivateCount
INTEGER, GUIIdleFocusTime INTEGER, GUIVisibleTime INTEGER, GUIAvgScreenCoverage
INTEGER); CREATE UNIQUE INDEX IF N

< End of report >


----------



## RPMcMurphy (Apr 27, 2010)

Robocho,

madCodeHook appears to be installed on your PC. Do you use this software, if so what for?








Run *OTL.exe*


Copy/paste the following text written *inside of the code box* into the *Custom Scans/Fixes* box located at the bottom of OTL


```
:OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Bilal Khan\My Documents\*.tmp files -> C:\Documents and Settings\Bilal Khan\My Documents\*.tmp -> ]

:Commands
[ClearAllRestorePoints]
[EmptyFlash]
[EmptyTemp]
[Purity]
```

Then click the *Run Fix* button at the top
Let the program run unhindered, it will reboot when it is done and produce a log








You have this program installed, *Malwarebytes' Anti-Malware* (MBAM). Please update it and run a scan.

Open* MBAM*


Click the *Update* tab
Click *Check for Updates*
If an update is found, it will download and install the latest version.
The program will close to update and reopen.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
_If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly._

*Please include the following in your next post:


OTL Fix log
MBAM log
*


----------



## Robocho (Jul 21, 2010)

I have no recollection of installing madCodeHook Murphy. Is it used for any of the programs I have installed?

Also, I ran MBAM overnight and did a complete system scan. I've attached that logfile. Would you like me to still run MBAM again and do a full system scan? I'm heading back home so I won't be able to do that until 2 hours from now. FYI, i opened MBAM and the database updated from 4361 to 4364 version.

*OTL*

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\WINDOWS\002645_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET25.tmp deleted successfully.
C:\WINDOWS\SET26.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\Bilal Khan\My Documents\~WRL0748.tmp deleted successfully.
========== COMMANDS ==========
Restore points cleared and new OTL Restore Point set!

[EMPTYFLASH]

User: All Users

User: BILAL

User: Bilal Khan
->Flash cache emptied: 2028831 bytes

User: Default User

User: Guest

User: LocalService
->Flash cache emptied: 1486 bytes

User: NetworkService
->Flash cache emptied: 1202 bytes

User: postgres
->Flash cache emptied: 901 bytes

Total Flash Files Cleaned = 2.00 mb

[EMPTYTEMP]

User: All Users

User: BILAL

User: Bilal Khan
->Temp folder emptied: 4908988 bytes
->Temporary Internet Files folder emptied: 71173332 bytes
->Java cache emptied: 3427178 bytes
->FireFox cache emptied: 42406121 bytes
->Google Chrome cache emptied: 204062960 bytes
->Opera cache emptied: 21073225 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Guest
->Temp folder emptied: 588426 bytes
->Temporary Internet Files folder emptied: 1715053 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4216568 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 13 bytes
->Flash cache emptied: 0 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 157915 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 443668 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 159944 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 338.00 mb

OTL by OldTimer - Version 3.2.9.1 log created on 07282010_210218

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

*MBAM*

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4361

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

28/07/2010 11:10:10 AM
mbam-log-2010-07-28 (11-10-10).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 425099
Time elapsed: 3 hour(s), 10 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
E:\Software\Total Video Converter 3.12\CrackCopyMeToInstallDirAndRun.exe (Trojan.WGAPatch) -> Quarantined and deleted successfully.
E:\Software\Style XP\StyleXP v3.19\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.


----------



## RPMcMurphy (Apr 27, 2010)

Robocho,








Your logs indicate that you are using cracks and/or keygens. *We don't support software piracy on this forum* so, while Ill deal with your current problem, any further help will be based on you not being seen to involve yourself with such practices in the future. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk. When you install the cracked software, you are running executable files from dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer. There is little doubt that handling these types of files is what respawned the MBR infection and it's only a matter of time until you pick up something that can't be recovered from.








Run *OTL.exe*


Copy/paste the following text written *inside of the code box* into the *Custom Scans/Fixes* box located at the bottom of OTL


```
:OTL
MOD - C:\WINDOWS\system32\MadCHook.dll (www.madshi.net)
```

Then click the *Run Fix* button at the top
Let the program run unhindered, it will reboot when it is done and produce a log








Using Internet Explorer or Firefox, visit *Kaspersky Online Scanner*

*1.* Click *Accept*, when prompted to download and install the program files and database of malware definitions.

*2.* To *optimize scanning time* and produce a more sensible report for review:


Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. Click *HERE* to see how to disable the most common antivirus programs.

*3.* Click *Run* at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.


Once the update is complete, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

[*]Spyware, adware, dialers, and other riskware
[*]Archives
[*]E-mail databases

Click on *My Computer* under the green *Scan* bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do *NOT* be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click *View report...* at the bottom.
 Click the *Save report...* button.
 Change the *Files of type* dropdown box to *Text file (.txt)* and name the file *KasReport.txt* to save the file to your desktop so that you may post it in your next reply

*Please include the following in your next post:


OTL Fix log
Kaspersky log
*


----------



## Robocho (Jul 21, 2010)

I'll run those scans in a second.

On the same note, my E drive is essentially a backup storage drive from my old computer. Those cracks and aforementioned software was from at least 1 or 2 years ago. Haven't involved myself in any of that business in a very long time.


----------



## Robocho (Jul 21, 2010)

2% in 15 minutes. This is going to take a long time. I'm going to head to bed and hopefully the scan will be done by the time I wake up.


----------



## RPMcMurphy (Apr 27, 2010)

Fair enough, thanks. KAV can take a very long time, but it's very thorough.


----------



## Robocho (Jul 21, 2010)

Hi Murphy,

*Kaspersky*

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, July 29, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, July 28, 2010 17:52:59
Records in database: 4195346
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
E:\
G:\

Scan statistics:
Objects scanned: 265464
Threats found: 3
Infected objects found: 2
Suspicious objects found: 1
Scan duration: 07:23:37

File name / Threat / Threats count
C:\BilalBackup\Oldcomp\My Documents\Outlook stuff\Outlook.pst	Suspicious: Trojan-Spy.HTML.Fraud.gen	1
C:\BilalBackup\Oldcomp\PreSpill\Bilal\bkbackup\Downloads\daemon setup.exe	Infected: not-a-virus:WebToolbar.Win32.WhenU.a	1
C:\Program Files\Wolfenstein - Enemy Territory\pb\pbags.dll	Infected: Backdoor.Win32.Psychward.dz	1

Selected area has been scanned.

*OTL* (note, comp didn't restart. I copied + pasted the code exactly)
========== OTL ==========

OTL by OldTimer - Version 3.2.9.1 log created on 07292010_103807


----------



## RPMcMurphy (Apr 27, 2010)

Robocho,








One of the infections identified by Kaspersky is in your Outlook email. Unfortunately Kaspersky is unable to identify which particular email is infected, so delete any emails from anyone you don't know or any that have attachments, such as jokes, videos etc. (don't open them to check). The infected message is in this folder:

```
C:\BilalBackup\Oldcomp\My Documents\Outlook stuff\Outlook.pst
```








Go to *My Computer-> Tools-> Folder Options-> View tab:*


Under the Hidden files and folders heading:
*Select* *- Show hidden files and folders.*
*Uncheck**- Hide protected operating system files * (recommended) option.
Also, make sure there is no checkmark beside * Hide file extensions for known file types. *
 Click OK. (Remember to Hide files and folders once done)

Please go to one of the below sites to scan a file:
virscan.org
Virus Total

Click on Browse, and upload the following file for analysis:
*C:\Program Files\Wolfenstein - Enemy Territory\pb\pbags.dll*

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.








Double click on OTL to open it


When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window. OTL.Txt. This is saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of that file.

*Please include the following in your next post:


OTL log
File analysis results
*


----------



## Robocho (Jul 21, 2010)

Hi Murphy

*File Scan*

VirSCAN.org Scanned Report :
Scanned time : 2010/07/29 22:58:59 (CDT)
Scanner results: 8% Scanner(s) (3/36) found malware!
File Name : pbags.dll
File Size : 57121 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : b38b5b326bf66a23ee7fcca7c0a2ae73
SHA1 : 25b2233ddf252c5d3f834d732bda7bc6eb5a6a82
Online report : http://virscan.org/report/8461433ad94fb46d975596bd7e584152.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.13 20100730031421 2010-07-30 40.09 -
AhnLab V3 2010.07.14.00 2010.07.14 2010-07-14 40.09 -
AntiVir 8.2.4.32 7.10.10.18 2010-07-29 0.27 -
Antiy 2.0.18 20100730.4882903 2010-07-30 0.02 -
Arcavir 2009 201006281601 2010-06-28 0.00 -
Authentium 5.1.1 201007300232 2010-07-30 1.30 -
AVAST! 4.7.4 100729-1 2010-07-29 0.01 -
AVG 8.5.793 271.1.1/3037 2010-07-30 0.34 -
BitDefender 7.90123.6194268 7.33083 2010-07-30 4.23 -
ClamAV 0.96.1 11462 2010-07-30 0.02 -
Comodo 4.0 5584 2010-07-29 40.09 -
CP Secure 1.3.0.5 2010.07.30 2010-07-30 0.07 -
Dr.Web 5.0.2.3300 2010.07.30 2010-07-30 8.88 -
F-Prot 4.4.4.56 20100729 2010-07-29 1.31 -
F-Secure 7.02.73807 2010.07.29.09 2010-07-29 0.17 Backdoor.Win32.Psychward.dz [AVP]
Fortinet 4.1.143 12.193 2010-07-29 40.09 -
GData 21.591/21.221 20100729 2010-07-29 40.09 -
ViRobot 20100729 2010.07.29 2010-07-29 40.09 -
Ikarus T3.1.01.84 2010.07.30.76368 2010-07-30 7.28 -
JiangMin 13.0.900 2010.07.29 2010-07-29 40.09 -
Kaspersky 5.5.10 2010.07.30 2010-07-30 0.08 Backdoor.Win32.Psychward.dz
KingSoft 2009.2.5.15 2010.7.30.7 2010-07-30 40.09 -
McAfee 5400.1158 6058 2010-07-29 17.33 -
Microsoft 1.6004 2010.07.30 2010-07-30 40.09 -
Norman 6.05.11 6.05.00 2010-07-29 6.01 -
Panda 9.05.01 2010.07.25 2010-07-25 40.09 -
Trend Micro 9.120-1004 7.346.04 2010-07-29 0.04 -
Quick Heal 11.00 2010.07.27 2010-07-27 40.09 -
Rising 20.0 22.58.03.04 2010-07-29 40.09 -
Sophos 3.10.0 4.56 2010-07-30 3.58 -
Sunbelt 3.9.2432.2 6660 2010-07-29 40.09 -
Symantec 1.3.0.24 20100729.002 2010-07-29 0.12 -
nProtect 20100728.02 8808013 2010-07-28 40.11 -
The Hacker 6.5.2.1 v00328 2010-07-29 1.24 -
VBA32 3.12.12.7 20100728.1344 2010-07-28 3.35 Backdoor.Win32.Psychward.dz
VirusBuster 4.5.11.10 10.127.32/2003602 2010-07-29 2.98 -

*OTL*
OTL logfile created on: 30/07/2010 12:00:02 AM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Bilal Khan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.89 Gb Total Space | 9.69 Gb Free Space | 11.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 61.08 Gb Total Space | 6.25 Gb Free Space | 10.23% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BILAL
Current User Name: Bilal Khan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bilal Khan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\MobileMeServices.exe (Apple Inc.)
PRC - C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
PRC - C:\Program Files\Protector Suite QL\psqltray.exe (UPEK Inc.)
PRC - C:\Program Files\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\sndvol32.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Bilal Khan\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()
MOD - C:\Program Files\PharosSystems\Core\PRNTRACK.DLL (Pharos Systems International)
MOD - C:\WINDOWS\system32\MadCHook.dll (www.madshi.net)

========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (o2flash) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (Pharos Systems ComTaskMaster) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)
SRV - (dlcc_device) -- C:\WINDOWS\System32\dlcccoms.exe ()
SRV - (HF30Service) -- C:\Program Files\Everstrike Software\Hide Folder 3.1\HF30Service.exe ()

========== Driver Services (SafeList) ==========

DRV - (OMCI) -- C:\WINDOWS\System32\DRIVERS\OMCI.SYS File not found
DRV - (dsNcAdpt) -- C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys File not found
DRV - (catchme) -- C:\DOCUME~1\BILALK~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (epfwtdi) -- C:\WINDOWS\system32\drivers\epfwtdi.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (epfw) -- C:\WINDOWS\system32\drivers\epfw.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (Epfwndis) -- C:\WINDOWS\system32\drivers\epfwndis.sys (ESET)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (truecrypt) -- C:\WINDOWS\system32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (FLE5WNNT) -- C:\WINDOWS\system32\drivers\fle5wnnt.sys (Data Encryption Systems Limited)
DRV - (FLSVCOM) -- C:\WINDOWS\system32\drivers\flsvcom.sys (Data Encryption Systems Limited)
DRV - (FLSPAR) -- C:\WINDOWS\system32\drivers\flspar.sys (Data Encryption Systems Limited)
DRV - (FLSIFACE) -- C:\WINDOWS\system32\drivers\flsiface.sys (Data Encryption Systems Limited)
DRV - (FLSSER) -- C:\WINDOWS\system32\drivers\flsser.sys (Data Encryption Systems Limited)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.)
DRV - (adfs) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (OEM13Vid) -- C:\WINDOWS\system32\drivers\OEM13Vid.sys (Creative Technology Ltd.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (O2MDRDR) -- C:\WINDOWS\system32\drivers\o2media.sys (O2Micro )
DRV - (O2SDRDR) -- C:\WINDOWS\system32\drivers\o2sd.sys (O2Micro )
DRV - (tapvpn) -- C:\WINDOWS\system32\drivers\tapvpn.sys (The OpenVPN Project)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corp.)
DRV - (iastor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (OEM13Afx) -- C:\WINDOWS\system32\drivers\OEM13Afx.sys (Creative Technology Ltd.)
DRV - (OEM13Vfx) -- C:\WINDOWS\system32\drivers\OEM13Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (Nokia USB Phone Parent) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
DRV - (Nokia USB Port) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia)
DRV - (Nokia USB Modem) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
DRV - (Nokia USB Generic) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (HF30Sys) -- C:\Program Files\Everstrike Software\Hide Folder 3.1\HF30XP.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ask.com?o=15187&l=dis"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.10
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {991A772A-BA13-4c1d-A9EF-F897F31DEC7D}:3.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.5.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..keyword.URL: "http://ca.search.yahoo.com/search?ei=utf-8&fr=megaup&p="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/28 00:37:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/28 00:37:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/07/21 02:35:41 | 000,000,000 | ---D | M]

[2009/09/11 21:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Extensions
[2009/09/11 21:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Extensions\[email protected]
[2010/07/25 14:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Firefox\Profiles\x3f1sgpb.default\extensions
[2010/01/24 20:27:55 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Firefox\Profiles\x3f1sgpb.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/10/20 15:58:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Firefox\Profiles\x3f1sgpb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/10 01:33:25 | 000,000,000 | ---D | M] (Softonic-Eng7 Toolbar) -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Firefox\Profiles\x3f1sgpb.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2009/01/02 02:39:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Firefox\Profiles\x3f1sgpb.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2010/01/24 20:26:57 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Firefox\Profiles\x3f1sgpb.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/01/24 20:27:04 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Firefox\Profiles\x3f1sgpb.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/24 20:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Firefox\Profiles\x3f1sgpb.default\extensions\[email protected]
[2010/05/26 15:18:50 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Application Data\Mozilla\Firefox\Profiles\x3f1sgpb.default\searchplugins\askcom.xml
[2010/07/25 14:37:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2008/06/30 23:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2009/08/24 15:10:36 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/08/24 15:10:36 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/08/24 15:10:36 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/08/24 15:10:36 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/07/22 23:48:15 | 000,413,985 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 14321 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.com/srl_bin/sysreqlab_ind.cab (System Requirements Lab Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230796993109 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\acaptuser32.dll) - C:\WINDOWS\system32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/01 02:25:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/28 21:02:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/28 17:19:54 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bilal Khan\Desktop\OTL.exe
[2010/07/27 13:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDubMod
[2010/07/23 02:30:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/21 23:13:51 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/07/21 19:36:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/21 19:36:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/21 19:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/21 15:29:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/21 15:21:42 | 000,499,712 | ---- | C] (eSage Lab) -- C:\Documents and Settings\Bilal Khan\Desktop\remover.exe
[2010/07/21 09:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Desktop\HELP
[2010/07/21 02:16:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/21 02:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/21 02:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\UlisesSoft
[2010/07/21 02:00:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/20 21:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/20 21:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/20 16:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/20 16:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/20 16:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Application Data\37A82797032C8C19904CEB823E7D6F16
[2010/07/15 16:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Desktop\Job Search
[2010/07/14 00:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Temp
[2010/07/13 12:21:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/13 12:21:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Application Data\SUPERAntiSpyware.com
[2010/07/13 12:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/13 00:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Conduit
[2010/07/12 19:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/12 19:15:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/12 19:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\HPAppData
[2010/07/12 19:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AskToolbar
[2010/07/12 19:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Softonic-Eng7
[2010/07/12 00:37:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\My Documents\Launch
[2010/07/08 02:54:58 | 000,000,000 | ---D | C] -- C:\Spartacus Blood and Sand Season 1
[2010/07/06 14:20:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bilal Khan\My Documents\My Dropbox
[2010/07/06 14:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Application Data\Dropbox
[2010/07/06 00:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Desktop\BB
[2010/07/06 00:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2010/07/06 00:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Application Data\Roxio
[2010/07/04 12:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Application Data\Research In Motion
[2010/07/04 01:39:52 | 000,000,000 | ---D | C] -- C:\Spartacus.Blood.and.Sand.S01E01-02-03.HDTV.XviD DivXNL-Team (nl subs)
[2010/07/03 22:03:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/07/03 22:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2010/07/03 22:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2010/07/03 22:01:09 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio
[2010/07/03 22:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2010/07/03 21:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/07/03 21:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2010/07/03 21:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2010/07/03 21:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2010/07/03 15:52:50 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2010/07/02 11:18:08 | 000,000,000 | ---D | C] -- C:\BB
[2010/06/25 19:53:40 | 000,000,000 | ---D | C] -- C:\Program Files\Juniper Networks
[2010/06/25 19:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Application Data\Juniper Networks
[2010/06/25 19:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/06/24 09:27:22 | 000,055,256 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdi.sys
[2010/06/24 09:26:24 | 000,140,752 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2010/06/17 17:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/17 17:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/17 17:59:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/17 17:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/17 17:49:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/12 01:09:17 | 000,000,000 | ---D | C] -- C:\My Family
[2010/06/11 23:54:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Desktop\Content
[2010/06/11 20:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\_
[2010/06/11 20:00:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Application Data\GameTuts
[2010/06/11 19:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\GameTuts
[2010/06/10 01:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\My Documents\The KMPlayer
[2010/06/10 01:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\Conduit
[2010/06/10 01:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/05/18 17:42:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\My Documents\vdub
[2010/05/10 16:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bilal Khan\Desktop\ResumeCards

========== Files - Modified Within 90 Days ==========

[2010/07/30 00:00:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010/07/29 23:21:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-688789844-725345543-1004UA.job
[2010/07/29 21:21:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-688789844-725345543-1004Core.job
[2010/07/28 21:04:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/28 21:04:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/28 21:03:29 | 017,563,648 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\ntuser.dat
[2010/07/28 21:03:29 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Bilal Khan\ntuser.ini
[2010/07/28 17:19:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bilal Khan\Desktop\OTL.exe
[2010/07/28 11:12:59 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\dds (1).scr
[2010/07/28 01:14:40 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/28 00:22:07 | 000,000,672 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/28 00:22:07 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/28 00:22:07 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/27 23:38:02 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/07/27 16:36:16 | 002,153,042 | -H-- | M] () -- C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\IconCache.db
[2010/07/27 16:27:41 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2010/07/26 21:21:58 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\Google Chrome.lnk
[2010/07/26 21:21:58 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/22 23:48:15 | 000,413,985 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/21 17:13:16 | 000,059,664 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\mbam-clean.exe
[2010/07/21 15:51:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100722-234815.backup
[2010/07/21 15:36:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/07/21 15:07:18 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\defogger_reenable
[2010/07/21 14:13:34 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\Defogger.exe
[2010/07/21 14:13:20 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\RKUnhookerLE.EXE
[2010/07/21 14:13:18 | 000,478,504 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\bootkit_remover.rar
[2010/07/21 13:54:06 | 000,578,740 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/21 13:54:06 | 000,481,770 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/21 13:54:06 | 000,086,286 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/21 02:17:34 | 000,000,521 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\fixme.bat
[2010/07/21 02:03:08 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\NodLogin Force.lnk
[2010/07/21 02:03:08 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\NodLogin normal.lnk
[2010/07/18 23:07:02 | 000,013,054 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\numbers_fixed_v2.xlsx
[2010/07/18 23:06:55 | 000,013,055 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\numbers_fixed.xlsx
[2010/07/18 22:36:00 | 000,009,482 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\stupid.xlsx
[2010/07/14 13:04:22 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Application Data\winscp.rnd
[2010/07/13 12:21:28 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2010/07/12 15:04:13 | 000,430,780 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\PackingInstructions_US_UPS.pdf
[2010/07/12 14:17:34 | 000,462,716 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\PICT0006.jpg
[2010/07/07 12:19:30 | 000,014,042 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\ResumeCards Info_Bilal Khan.docx
[2010/07/06 17:33:30 | 000,110,080 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\LIVE 2009 Finance Summary_July2_v3.xls
[2010/07/06 14:20:26 | 000,000,993 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\Dropbox.lnk
[2010/07/05 22:47:07 | 000,033,691 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\LIVE 2009 Conference Feedback_v2.xlsx
[2010/07/05 18:03:44 | 000,031,440 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\LIVE 2009 Conference Feedback_v1.xlsx
[2010/07/05 18:03:30 | 000,031,439 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\Feedback_v1.xlsx
[2010/07/05 17:46:05 | 000,029,593 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\Feedback_consolidated.xlsx
[2010/07/05 17:45:54 | 000,029,593 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\Feedback.xlsx
[2010/07/05 17:38:06 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\pool.bin
[2010/07/04 13:29:53 | 000,213,485 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\LoaderBackup-(2010-07-04).ipd
[2010/07/04 12:29:42 | 002,195,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/04 01:07:38 | 000,088,176 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/03 21:56:23 | 000,009,810 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\whereismymoney.xlsx
[2010/07/03 21:34:34 | 000,098,816 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\LIVE 2009 Finance Summary_July2_v2.xls
[2010/07/03 12:57:19 | 000,006,508 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/02 00:58:57 | 000,098,816 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\LIVE 2009 Finance Summary_July2.xls
[2010/07/01 21:22:57 | 000,011,789 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\Selling a Samsung HT.docx
[2010/07/01 17:01:09 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\afeae.doc
[2010/06/25 21:36:15 | 000,001,770 | -H-- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\Default.rdp
[2010/06/24 09:27:22 | 000,055,256 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdi.sys
[2010/06/24 09:26:24 | 000,140,752 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2010/06/17 18:00:53 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/10 01:33:07 | 002,467,535 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\SoftonicToolbar.exe
[2010/06/09 10:25:25 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/07 12:58:02 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\ResumeCards_MgmtCoop.doc
[2010/06/07 12:52:15 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\AutoRecovery save of ResumeCards_PeggyMeeting.asd
[2010/06/07 11:36:45 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\~$sumeCards_PeggyMeeting.doc
[2010/06/07 00:21:50 | 000,015,708 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\SteadyPro.png
[2010/06/04 01:42:44 | 000,227,787 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\cbm.mp3
[2010/06/03 11:36:00 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\print.doc
[2010/06/02 17:47:01 | 000,058,936 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\120px-SitRepPro.png
[2010/06/02 17:45:44 | 000,000,049 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\blank.gif
[2010/05/27 13:03:00 | 000,315,541 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\JudgingMarkingTemplate_V12.xlsx
[2010/05/23 20:50:28 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\map.doc
[2010/05/20 18:52:27 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\My Computer.lnk
[2010/05/18 17:43:57 | 040,283,782 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\173256.avi
[2010/05/15 20:03:42 | 000,008,726 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\mw2.xlsx
[2010/05/11 22:19:35 | 000,060,928 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\AutoRecovery save of Bilal Khan - Resume_MRG.asd
[2010/05/11 21:59:35 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\AutoRecovery save of Bilal Khan - KPMG Resume.asd
[2010/05/11 21:59:35 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\AutoRecovery save of Bilal Khan - Resume.asd
[2010/05/09 22:33:04 | 000,012,908 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\Pitch Questions_v1.docx
[2010/05/09 22:01:00 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\My Documents\LIVE 2009 Reimbursement Form.xls
[2010/05/09 16:38:05 | 000,032,506 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\live_conference_2009.jpg
[2010/05/08 14:57:51 | 000,015,221 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\Blurb_Draft_JS_BKEdit_PK1.docx
[2010/05/08 14:57:05 | 000,013,619 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\Blurb_Draft_JS_BKEdit_PK.docx
[2010/05/08 13:59:18 | 000,013,324 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\Blurb_Draft_JS_BKEdit.docx
[2010/05/03 14:30:39 | 000,011,015 | ---- | M] () -- C:\Documents and Settings\Bilal Khan\Desktop\Blurb_Draft.docx

========== Files Created - No Company Name ==========

[2010/07/21 17:13:16 | 000,059,664 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\mbam-clean.exe
[2010/07/21 15:29:32 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/21 15:29:29 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/21 15:07:01 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\defogger_reenable
[2010/07/21 14:13:26 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\Defogger.exe
[2010/07/21 14:13:17 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\RKUnhookerLE.EXE
[2010/07/21 14:13:13 | 000,478,504 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\bootkit_remover.rar
[2010/07/21 09:08:52 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\dds (1).scr
[2010/07/21 02:17:34 | 000,000,521 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\fixme.bat
[2010/07/21 02:03:08 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\NodLogin Force.lnk
[2010/07/21 02:03:08 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\NodLogin normal.lnk
[2010/07/18 23:07:02 | 000,013,054 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\numbers_fixed_v2.xlsx
[2010/07/18 22:38:55 | 000,013,055 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\numbers_fixed.xlsx
[2010/07/18 22:36:00 | 000,009,482 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\stupid.xlsx
[2010/07/13 12:21:28 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2010/07/12 15:04:13 | 000,430,780 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\PackingInstructions_US_UPS.pdf
[2010/07/12 14:17:34 | 000,462,716 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\PICT0006.jpg
[2010/07/07 12:19:30 | 000,014,042 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\ResumeCards Info_Bilal Khan.docx
[2010/07/06 14:20:26 | 000,000,993 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\Dropbox.lnk
[2010/07/05 23:27:14 | 000,110,080 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\LIVE 2009 Finance Summary_July2_v3.xls
[2010/07/05 22:47:07 | 000,033,691 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\LIVE 2009 Conference Feedback_v2.xlsx
[2010/07/05 18:03:43 | 000,031,440 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\LIVE 2009 Conference Feedback_v1.xlsx
[2010/07/05 18:03:30 | 000,031,439 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\Feedback_v1.xlsx
[2010/07/05 17:46:05 | 000,029,593 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\Feedback_consolidated.xlsx
[2010/07/05 17:31:00 | 000,000,634 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Application Data\BBMS_EXCEPTION.txt
[2010/07/04 15:03:41 | 000,029,593 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\Feedback.xlsx
[2010/07/04 13:29:53 | 000,213,485 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\LoaderBackup-(2010-07-04).ipd
[2010/07/04 12:57:53 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/07/04 12:47:27 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\pool.bin
[2010/07/03 21:56:19 | 000,009,810 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\whereismymoney.xlsx
[2010/07/03 21:34:32 | 000,098,816 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\LIVE 2009 Finance Summary_July2_v2.xls
[2010/07/02 00:29:31 | 000,098,816 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\LIVE 2009 Finance Summary_July2.xls
[2010/07/01 21:22:57 | 000,011,789 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\Selling a Samsung HT.docx
[2010/07/01 17:01:09 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\afeae.doc
[2010/06/25 19:55:40 | 000,001,770 | -H-- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\Default.rdp
[2010/06/17 18:00:53 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/10 01:32:00 | 002,467,535 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\SoftonicToolbar.exe
[2010/06/07 13:00:21 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\AutoRecovery save of ResumeCards_PeggyMeeting.asd
[2010/06/07 12:58:02 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\ResumeCards_MgmtCoop.doc
[2010/06/07 11:36:45 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\~$sumeCards_PeggyMeeting.doc
[2010/06/07 11:36:06 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\ResumeCards_PeggyMeeting.doc
[2010/06/07 00:21:50 | 000,015,708 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\SteadyPro.png
[2010/06/04 01:42:44 | 000,227,787 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\cbm.mp3
[2010/06/03 11:36:00 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\print.doc
[2010/06/02 17:47:01 | 000,058,936 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\120px-SitRepPro.png
[2010/06/02 17:45:44 | 000,000,049 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\blank.gif
[2010/05/27 13:03:00 | 000,315,541 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\JudgingMarkingTemplate_V12.xlsx
[2010/05/23 20:50:27 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\map.doc
[2010/05/20 18:52:27 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\My Computer.lnk
[2010/05/18 17:42:57 | 040,283,782 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\173256.avi
[2010/05/15 00:04:06 | 000,008,726 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\mw2.xlsx
[2010/05/12 14:39:42 | 000,060,928 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\AutoRecovery save of Bilal Khan - Resume_MRG.asd
[2010/05/12 14:39:42 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\AutoRecovery save of Bilal Khan - KPMG Resume.asd
[2010/05/12 14:39:42 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\AutoRecovery save of Bilal Khan - Resume.asd
[2010/05/09 22:33:04 | 000,012,908 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\Pitch Questions_v1.docx
[2010/05/09 22:01:00 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\My Documents\LIVE 2009 Reimbursement Form.xls
[2010/05/09 16:38:04 | 000,032,506 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\live_conference_2009.jpg
[2010/05/08 14:57:50 | 000,015,221 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\Blurb_Draft_JS_BKEdit_PK1.docx
[2010/05/08 14:57:05 | 000,013,619 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\Blurb_Draft_JS_BKEdit_PK.docx
[2010/05/08 13:59:17 | 000,013,324 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\Blurb_Draft_JS_BKEdit.docx
[2010/05/03 14:30:38 | 000,011,015 | ---- | C] () -- C:\Documents and Settings\Bilal Khan\Desktop\Blurb_Draft.docx
[2009/11/01 04:00:25 | 000,000,023 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/10/20 14:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/06/04 10:29:04 | 000,000,250 | ---- | C] () -- C:\WINDOWS\cchtxhlp.ini
[2009/04/20 23:17:59 | 000,138,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/03/31 16:00:53 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll
[2009/03/31 16:00:53 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll
[2009/03/31 16:00:53 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll
[2009/03/31 16:00:53 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll
[2009/03/31 16:00:53 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll
[2009/03/31 16:00:53 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll
[2009/03/31 16:00:53 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2009/03/31 16:00:53 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll
[2009/03/31 16:00:53 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll
[2009/03/31 16:00:53 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2009/03/31 16:00:53 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll
[2009/03/31 16:00:53 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2009/03/31 16:00:53 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2009/03/31 16:00:53 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2009/03/31 16:00:53 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2009/03/31 16:00:52 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2009/03/31 16:00:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2009/03/31 16:00:52 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2009/03/17 03:02:01 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/03/13 18:21:30 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\DKU5INST.DLL
[2009/03/13 18:21:26 | 000,003,919 | ---- | C] () -- C:\WINDOWS\System32\flsinst.ini
[2009/03/13 18:21:25 | 001,306,624 | ---- | C] () -- C:\WINDOWS\System32\FLSINST.DLL
[2009/01/01 03:04:29 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/01/01 03:04:29 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/01/01 02:54:34 | 001,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2009/01/01 02:54:34 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2009/01/01 02:54:34 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/01/22 02:24:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2005/04/01 11:44:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcccnv4.dll
[1995/08/07 18:53:00 | 000,463,904 | ---- | C] () -- C:\WINDOWS\System32\owl253f.dll

========== LOP Check ==========

[2009/09/27 20:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2010/07/21 02:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/06/25 19:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2009/11/08 12:56:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/03/21 19:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/07/03 22:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/01/17 12:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2009/12/07 04:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrueCrypt
[2009/01/01 14:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/09/27 20:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2010/06/17 18:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/01/01 14:44:21 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/10/08 15:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/07/20 16:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\37A82797032C8C19904CEB823E7D6F16
[2010/07/09 02:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\abgx360
[2009/12/18 22:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Any Video Converter
[2009/02/23 17:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/08/06 03:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\DC++
[2010/04/13 20:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\DocumentsToGoDesktop
[2010/07/27 23:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Dropbox
[2010/07/21 02:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\ESET
[2010/07/27 15:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\foobar2000
[2010/06/11 20:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\GameTuts
[2009/12/15 21:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\GetRightToGo
[2009/04/05 10:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\iambic
[2009/02/03 20:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\ImgBurn
[2009/08/31 11:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\InternetCalls
[2010/06/25 21:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Juniper Networks
[2009/10/05 02:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\LimeWire
[2009/03/12 14:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\MSNInstaller
[2009/04/04 07:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Octoshape
[2009/01/03 19:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Open Source Applications Foundation
[2009/12/04 18:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Opera
[2009/01/03 19:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Python-Eggs
[2010/01/13 02:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Red Kawa
[2010/07/05 17:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Research In Motion
[2010/05/11 20:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\SystemRequirementsLab
[2009/11/30 20:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\tmp
[2009/01/01 14:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\TuneUp Software
[2010/07/08 11:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\uTorrent
[2009/08/31 11:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Voipwise
[2009/01/01 00:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\VoxOx
[2009/11/30 20:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\VoxOx2
[2009/01/02 01:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Windows Desktop Search
[2009/01/01 04:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Windows Search
[2010/04/08 13:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bilal Khan\Application Data\Wireshark
[2010/07/30 00:00:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job

========== Purity Check ==========

< End of report >


----------



## RPMcMurphy (Apr 27, 2010)

That looks pretty good. How is it running now?


----------



## Robocho (Jul 21, 2010)

It's been running fine since I ran the FIXMBR and your suggestions. I'll be going camping this weekend so we'll know when I get back how things are. Right now things seem OK, but it was the same as before. 

I'll give you an update on Monday. Thanks for everything so far Murphy.


----------



## RPMcMurphy (Apr 27, 2010)

OK, let's go ahead and clean up a bit though:








Uninstall ComboFix


 Press the *Windows key + R* on your keyboard or click *Start -> Run*. Copy and past the following text into the run box that opens and press *OK*:
*Combofix /Uninstall*

















Clean up with *OTL:*


Double-click *OTL.exe* to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the *CLEANUP* button
Say *Yes* to the prompt and then allow the program to reboot your computer.
Manually delete any remaining logs or tools.


----------

