How to remove StopZilla properly?

Jimmy Bottlehead · 2009-09-27 15:35:29

Hey all. Girlfriends laptop has StopZilla on it, and she can't remove it. Google told me its a pain in the hoop to remove, so I'm here to ask how to do so step by step, if anyone can help? Just what programs to download, and what to do? I worry about messing up with the registry bit. Thanks so much, JB

#2 27-09-2009 05:06PM

ActorSeeksJob

Closed Accounts Posts: 1,970 ✭✭✭

Join Date: February 2007

Posts: 1946

hi

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%systemroot%\System32\antiwpa.dll
%systemroot%\SYSTEM32\wpa.dll
%systemroot%\setup\scripts\biestart.exe
%systemroot%\system32\drivers\royal.sys
%systemroot%\system32\oobe\AntiWPA_Crypt.dll
%TEMP%\antiwpa_crypt.dll
%TEMP%\antiwpa.dll /s
%PROGRAMFILES%\antiwpa.dll /s
%systemroot%\system32\crypt.dll
%TEMP%\crypt.dll
%SYSTEMDRIVE%\*.
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
%systemroot%\system32\drivers\*.dat
%PROGRAMFILES%\*.*
%PROGRAMFILES%\*.exe
%DESKTOP%\*.exe
%USERNAME%\*.exe
%USERPROFILE%\*.exe
%ALLUSERSPROFILE%\*.exe
%SYSTEMDRIVE%\*.exe
%SYSTEMROOT%\*.exe
%systemroot%\system32\drivers\*.exe
%systemroot%\system\*.exe
%systemroot%\AppPatch\*.exe
%systemroot%\Cache\*.exe
%systemroot%\Downloaded Program Files\*.exe
%systemroot%\Fonts\*.exe
%systemroot%\Help\*.exe
%APPDATA%\*.exe
%APPDATA%\Google\*.exe
%systemroot%\system32\inf\*.exe
%APPDATA%\Opera\Opera\profile\widgets\*.exe
%PROGRAMFILES%\Opera\program\plugins\*.exe
%APPDATA%\Opera\Opera\profile\toolbar\*.exe
%systemroot%\Web\*.exe
%systemroot%\Wbem\*.exe
%systemroot%\twain_32\*.exe
%systemroot%\WinSxS\*.exe
%systemroot%\Sun\*.exe
%systemroot%\srchasst\*.exe
%systemroot%\Shellnew\*.exe
%systemroot%\Security\*.exe
%systemroot%\Resources\*.exe
%systemroot%\Repair\*.exe
%systemroot%\Registration\*.exe
%systemroot%\RegisteredPackages\*.exe
%systemroot%\pss\*.exe
%systemroot%\Provisioning\*.exe
%systemroot%\PIF\*.exe
%systemroot%\PeerNet\*.exe
%systemroot%\PcTel\*.exe
%systemroot%\Offline Web Pages\*.exe
%systemroot%\network diagnostic\*.exe
%systemroot%\mui\*.exe
%systemroot%\msapps\*.exe
%systemroot%\msagent\*.exe
%systemroot%\minidump\*.exe
%systemroot%\media\*.exe
%systemroot%\Help\*.exe
%systemroot%\ie7\*.exe
%systemroot%\ie7updates\*.exe
%systemroot%\ime\*.exe
%systemroot%\installer\*.exe
%systemroot%\internet logs\*.exe
%systemroot%\Cursors\*.exe
%systemroot%\Config\*.exe
%systemroot%\internet logs\*.exe
%systemroot%\Assembly\*.exe
%systemroot%\internet logs\*.exe
%systemroot%\AppPatch\*.exe
%systemroot%\l2schemas\*.exe
%systemroot%\Debug\*.exe
%systemroot%\ehome\*.exe
%systemroot%\Connection Wizard\*.exe
%systemroot%\system32\1025\*.exe
%systemroot%\system32\1028\*.exe
%systemroot%\system32\1031\*.exe
%systemroot%\system32\1033\*.exe
%systemroot%\system32\1037\*.exe
%systemroot%\system32\1041\*.exe
%systemroot%\system32\1042\*.exe
%systemroot%\system32\1054\*.exe
%systemroot%\system32\2052\*.exe
%systemroot%\system32\3076\*.exe
%systemroot%\system32\appmgmt\*.exe
%systemroot%\system32\bits\*.exe
%systemroot%\system32\catroot\*.exe
%systemroot%\system32\catroot2\*.exe
%systemroot%\system32\com\*.exe
%systemroot%\system32\config\*.exe
%systemroot%\system32\dhcp\*.exe
%systemroot%\system32\DirectX\*.exe
%systemroot%\system32\drvstore\*.exe
%systemroot%\system32\en\*.exe
%systemroot%\system32\en-us\*.exe
%systemroot%\system32\export\*.exe
%systemroot%\system32\GroupPolicy\*.exe
%systemroot%\system32\ias\*.exe
%systemroot%\system32\icsxml\*.exe
%systemroot%\system32\ime\*.exe
%systemroot%\system32\inetsrv\*.exe
%systemroot%\system32\LogFiles\*.exe
%systemroot%\system32\Macromed\*.exe
%systemroot%\system32\Microsoft\*.exe
%systemroot%\system32\Msdtc\*.exe
%systemroot%\system32\Mui\*.exe
%systemroot%\system32\npp\*.exe
%systemroot%\system32\NtMsData\*.exe
%systemroot%\system32\oobe\*.exe
%systemroot%\system32\PreInstall\*.exe
%systemroot%\system32\ras\*.exe
%systemroot%\system32\ReInstallBackups\*.exe
%systemroot%\system32\Restore\*.exe
%systemroot%\system32\Scripting\*.exe
%systemroot%\system32\Setup\*.exe
%systemroot%\system32\ShellExt\*.exe
%systemroot%\system32\SoftwareDistribution\*.exe
%systemroot%\system32\URTTEmp\*.exe
%systemroot%\system32\USMT\*.exe
%systemroot%\system32\Wbem\*.exe
%systemroot%\system32\Wins\*.exe
%systemroot%\system32\Xircom\*.exe
%systemroot%\system32\XPSViewer\*.exe
%COMMONPROGRAMFILES%\*.exe
%APPDATA%\*.*
%TEMP%\*.*
set /c
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

0

#3 27-09-2009 09:49PM

Jimmy Bottlehead

Registered Users, Registered Users 2 Posts: 9,931 ✭✭✭

Join Date: December 2005

Posts: 9598

OTL logfile created on: 27/09/2009 22:32:50 - Run 1
OTL by OldTimer - Version 3.0.15.0 Folder = C:\Documents and Settings\Sam\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1011.88 Mb Total Physical Memory | 383.76 Mb Available Physical Memory | 37.93% Memory free
2.37 Gb Paging File | 1.98 Gb Available in Paging File | 83.34% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.17 Gb Total Space | 132.02 Gb Free Space | 91.58% Space Free | Partition Type: NTFS
Drive

| 955.23 Mb Total Space | 940.52 Mb Free Space | 98.46% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KIERAN
Current User Name: Sam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe (OptionNV)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINDOWS\System32\igfxext.exe (Intel Corporation)
PRC - C:\Documents and Settings\Sam\Local Settings\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\SETUP.EXE (Microsoft Corporation)
PRC - C:\Documents and Settings\Sam\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GtDetectSc [Auto | Running]) -- C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe (OptionNV)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IviRegMgr [Auto | Running]) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (szserver [Auto | Running]) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (AR5416 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\athw.sys (Atheros Communications, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DKbFltr [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\DKbFltr.sys (Dritek System Inc.)
DRV - (GT72NDISIPXP [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\Gt51Ip.sys (Option N.V.)
DRV - (GT72UBUS [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gt72ubus.sys (Option N.V.)
DRV - (GTPTSER [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gtptser.sys (Option N.V.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows (R) Server 2003 DDK provider)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys (Intel Corporation)
DRV - (int15.sys [On_Demand | Running]) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (RTLE8023xp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (SNP2UVC [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\snp2uvc.sys ()
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0309&m=aoa150
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0309&m=aoa150
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: avg@igeared:2.507.024.001
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/26 18:16:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/26 18:09:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/08/25 15:37:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/17 07:55:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/17 07:55:50 | 00,000,000 | ---D | M]

[2009/03/30 18:44:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\mozilla\Extensions
[2009/03/30 18:44:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/11 16:33:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\mozilla\Firefox\Profiles\swnsnibm.default\extensions
[2009/07/02 18:42:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\mozilla\Firefox\Profiles\swnsnibm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/03 17:11:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/17 07:55:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/17 07:55:42 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/17 07:55:42 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/24 20:34:32 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2009/02/24 20:34:14 | 01,337,648 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/02/24 20:34:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/09/17 07:55:46 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/24 20:34:32 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/08/01 08:48:59 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/08/01 08:48:59 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/26 18:15:58 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/08/01 08:48:59 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/08/01 08:48:59 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/01 08:48:59 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/08/01 08:48:59 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/01 08:48:59 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/01 08:48:59 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ZILLAbar Browser Helper Object) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll (iS3, Inc)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll (iS3, Inc)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 126 domain(s) and sub-domain(s) not assigned to a zone.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/15 18:37:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2009/09/27 22:28:25 | 00,516,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe
[2008/08/15 21:37:42 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/08/15 18:37:42 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/08/15 11:30:44 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2008/07/31 03:37:26 | 00,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/05/16 09:12:30 | 00,000,036 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2008/04/15 04:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/02/15 06:21:56 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2007/10/01 07:59:46 | 01,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2007/05/09 08:16:40 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2007/04/02 05:40:54 | 00,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2005/11/23 00:55:32 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2005/03/28 23:45:26 | 00,000,159 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2002/11/22 10:57:26 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2002/11/22 10:57:26 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2002/11/22 10:57:26 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2002/11/22 10:57:26 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2002/11/22 10:57:26 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2002/11/22 10:57:24 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/09/27 22:43:35 | 00,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{479C7E99-7F92-404A-A968-D4AB250DDB21}.job
[2009/09/27 22:23:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/27 22:23:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/27 22:23:27 | 10,611,05664 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/27 22:19:22 | 00,516,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe
[2009/09/27 13:04:02 | 41,842,542 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/27 01:54:49 | 03,735,610 | -H-- | M] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\IconCache.db
[2009/09/26 12:03:43 | 00,113,133 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/22 22:34:14 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/10 16:47:03 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== LOP Check ==========

[2009/06/26 18:14:20 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/12/19 08:38:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2009/08/02 20:14:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/03/30 18:42:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Partner
[2009/05/15 13:21:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/09/27 22:27:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/06/05 15:43:59 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Sam\Application Data
[2009/05/05 21:13:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\AVGTOOLBAR
[2009/05/27 16:55:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Template
[2008/04/15 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/27 22:23:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/09/27 22:43:35 | 00,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{479C7E99-7F92-404A-A968-D4AB250DDB21}.job

========== Purity Check ==========

========== Custom Scans ==========

< %systemroot%\System32\antiwpa.dll >

< %systemroot%\SYSTEM32\wpa.dll >

< %systemroot%\setup\scripts\biestart.exe >

< %systemroot%\system32\drivers\royal.sys >

< %systemroot%\system32\oobe\AntiWPA_Crypt.dll >

< %TEMP%\antiwpa_crypt.dll >

< %TEMP%\antiwpa.dll /s >

< %PROGRAMFILES%\antiwpa.dll /s >

< %systemroot%\system32\crypt.dll >

< %TEMP%\crypt.dll >

< %SYSTEMDRIVE%\*. >
[2009/09/27 22:28:25 | 00,000,000 | ---D | M] -- C:
[2009/09/15 17:10:11 | 00,000,000 | -H-D | M] -- C:\$AVG8.VAULT$
[2009/06/06 12:33:37 | 00,000,000 | ---D | M] -- C:\09ee6281fd797505c36b
[2009/03/31 09:07:03 | 00,000,000 | ---D | M] -- C:\Acer
[2008/12/19 08:38:36 | 00,000,000 | ---D | M] -- C:\Book
[2009/07/31 08:04:08 | 00,000,000 | -HSD | M] -- C:\Config.Msi
[2009/05/06 23:38:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings
[2009/08/23 23:37:12 | 00,000,000 | ---D | M] -- C:\FSDownloader
[2009/06/06 12:33:12 | 00,000,000 | ---D | M] -- C:\I386
[2008/12/19 08:39:39 | 00,000,000 | ---D | M] -- C:\Intel
[2008/12/19 08:39:39 | 00,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/23 11:44:08 | 00,000,000 | R--D | M] -- C:\Program Files
[2009/07/05 23:24:30 | 00,000,000 | ---D | M] -- C:\RECYCLER
[2008/12/19 08:41:36 | 00,000,000 | ---D | M] -- C:\Sysinfo
[2009/03/31 08:46:22 | 00,000,000 | -HSD | M] -- C:\System Volume Information
[2008/12/19 08:41:36 | 00,000,000 | ---D | M] -- C:\temp
[2008/12/19 08:41:38 | 00,000,000 | ---D | M] -- C:\VALUEADD
[2009/09/10 18:02:22 | 00,000,000 | ---D | M] -- C:\WINDOWS

< %SYSTEMDRIVE%\*.* >
[2008/08/15 18:37:44 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/03/31 08:46:13 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2008/08/15 18:37:44 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/09/27 22:23:27 | 10,611,05664 | -HS- | M] () -- C:\hiberfil.sys
[2008/08/15 18:37:44 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/08/15 18:37:44 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/15 04:00:00 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/15 04:00:00 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/09/27 22:23:26 | 15,854,46912 | -HS- | M] () -- C:\pagefile.sys
[2008/08/15 21:42:52 | 00,000,080 | ---- | M] () -- C:\Preload.aaa
[2008/08/15 18:57:08 | 00,000,542 | ---- | M] () -- C:\RHDSetup.log
[1999/11/11 08:17:54 | 00,000,049 | ---- | M] () -- C:\XPH.TAG

< %PROGRAMFILES%\*. >
[2009/07/23 11:44:08 | 00,000,000 | R--D | M] -- C:\Program Files
[2009/03/31 08:59:01 | 00,000,000 | ---D | M] -- C:\Program Files\Acer
[2009/03/31 08:56:24 | 00,000,000 | ---D | M] -- C:\Program Files\Acer Incorporated
[2008/12/19 08:40:02 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/12/19 08:40:14 | 00,000,000 | ---D | M] -- C:\Program Files\Atheros
[2009/03/30 19:02:40 | 00,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/06/08 18:33:10 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/08/15 18:35:26 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/04/03 18:57:58 | 00,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/03/31 18:45:17 | 00,000,000 | ---D | M] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2009/06/08 18:32:01 | 00,000,000 | ---D | M] -- C:\Program Files\Google
[2009/03/31 09:01:50 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/12/19 08:40:31 | 00,000,000 | ---D | M] -- C:\Program Files\Intel
[2009/07/31 08:05:31 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/12/19 08:40:34 | 00,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2009/03/31 08:53:57 | 00,000,000 | ---D | M] -- C:\Program Files\Launch Manager
[2009/06/08 18:32:48 | 00,000,000 | ---D | M] -- C:\Program Files\McAfee
[2009/04/03 20:26:10 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/03/30 19:06:24 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/12/19 08:40:45 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/12/19 08:41:06 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2008/12/19 08:41:08 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Suite Activation Assistant
[2009/06/11 08:33:15 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/12/19 08:41:26 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/03/31 18:45:20 | 00,000,000 | ---D | M] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2008/12/19 08:41:27 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/09/27 16:31:16 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/06/06 12:35:06 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/12/19 08:41:27 | 00,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/12/19 08:41:28 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/04/03 20:10:41 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/12/19 08:41:29 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/12/19 08:41:29 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/03/31 08:59:51 | 00,000,000 | ---D | M] -- C:\Program Files\Option
[2009/08/13 09:51:03 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2008/12/19 08:41:31 | 00,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/06/06 12:34:20 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/03/31 18:45:19 | 00,000,000 | ---D | M] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2009/04/21 21:58:15 | 00,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2009/04/21 21:58:10 | 00,000,000 | ---D | M] -- C:\Program Files\STOPzilla!
[2008/12/19 08:41:34 | 00,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2009/03/31 18:45:23 | 00,000,000 | ---D | M] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2008/08/15 18:43:32 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/03/30 19:06:07 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/03/30 19:05:30 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/07/23 11:44:09 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/07/23 11:44:07 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/12/19 08:41:36 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/08/15 18:36:12 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/07/05 23:34:00 | 00,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2008/12/19 08:41:36 | 00,000,000 | ---D | M] -- C:\Program Files\xerox

< %systemroot%\system32\drivers\*.dat >
[2005/06/26 22:29:50 | 00,000,520 | ---- | M] () -- C:\WINDOWS\system32\drivers\RTEQEX0.dat
[2005/06/26 22:29:28 | 00,000,520 | ---- | M] () -- C:\WINDOWS\system32\drivers\RTEQEX1.dat
[2007/07/13 07:11:56 | 00,000,008 | ---- | M] () -- C:\WINDOWS\system32\drivers\rtkhdaud.dat
[2008/06/06 15:08:56 | 00,000,164 | ---- | M] () -- C:\WINDOWS\system32\drivers\SamSfPa.dat

0

#4 27-09-2009 09:51PM

Jimmy Bottlehead

Registered Users, Registered Users 2 Posts: 9,931 ✭✭✭

Join Date: December 2005

Posts: 9598

< %PROGRAMFILES%\*.* >

< %PROGRAMFILES%\*.exe >

Invalid Environment Variable: DESKTOP

< %USERNAME%\*.exe >

< %USERPROFILE%\*.exe >

< %ALLUSERSPROFILE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMROOT%\*.exe >
[2006/03/16 21:56:22 | 00,524,288 | ---- | M] (Acer Inc.) -- C:\WINDOWS\Alaunch.exe
[2005/05/03 11:43:00 | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcmtr.exe
[2006/05/04 09:26:00 | 02,808,832 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
[2002/05/25 00:34:46 | 00,032,768 | ---- | M] () -- C:\WINDOWS\AMove.exe
[2002/05/31 22:24:48 | 00,024,576 | ---- | M] (Acer Inc.) -- C:\WINDOWS\APanel.exe
[2008/04/15 04:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2008/04/15 04:00:00 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\hh.exe
[2008/08/15 18:56:16 | 00,315,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe
[2007/06/28 09:44:00 | 02,165,760 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2008/04/15 04:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\NOTEPAD.EXE
[2007/07/05 12:35:54 | 00,094,208 | ---- | M] (sonix) -- C:\WINDOWS\PLFSetL.exe
[2008/04/15 04:00:00 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\regedit.exe
[2008/05/16 07:39:00 | 16,862,720 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
[2007/03/23 12:19:00 | 09,715,200 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.exe
[2008/04/02 02:27:00 | 01,196,032 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2007/11/20 11:15:00 | 01,826,816 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe
[2006/07/21 09:14:00 | 00,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
[2008/04/15 04:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2008/04/15 04:00:00 | 00,049,680 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_16.exe
[2008/04/15 04:00:00 | 00,025,600 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_32.exe
[2007/12/03 08:11:56 | 00,207,368 | ---- | M] (Dritek System Inc.) -- C:\WINDOWS\UNINST32.EXE
[2008/04/15 04:00:00 | 00,256,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhelp.exe
[2008/04/15 04:00:00 | 00,283,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhlp32.exe

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system\*.exe >

< %systemroot%\AppPatch\*.exe >

< %systemroot%\Cache\*.exe >

< %systemroot%\Downloaded Program Files\*.exe >

< %systemroot%\Fonts\*.exe >

< %systemroot%\Help\*.exe >

< %APPDATA%\*.exe >

< %APPDATA%\Google\*.exe >

< %systemroot%\system32\inf\*.exe >

< %APPDATA%\Opera\Opera\profile\widgets\*.exe >

< %PROGRAMFILES%\Opera\program\plugins\*.exe >

< %APPDATA%\Opera\Opera\profile\toolbar\*.exe >

< %systemroot%\Web\*.exe >

< %systemroot%\Wbem\*.exe >

< %systemroot%\twain_32\*.exe >

< %systemroot%\WinSxS\*.exe >

< %systemroot%\Sun\*.exe >

< %systemroot%\srchasst\*.exe >

< %systemroot%\Shellnew\*.exe >

< %systemroot%\Security\*.exe >

< %systemroot%\Resources\*.exe >

< %systemroot%\Repair\*.exe >

< %systemroot%\Registration\*.exe >

< %systemroot%\RegisteredPackages\*.exe >

< %systemroot%\pss\*.exe >

< %systemroot%\Provisioning\*.exe >

< %systemroot%\PIF\*.exe >

< %systemroot%\PeerNet\*.exe >

< %systemroot%\PcTel\*.exe >

< %systemroot%\Offline Web Pages\*.exe >

< %systemroot%\network diagnostic\*.exe >
[2008/04/15 04:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\network diagnostic\xpnetdiag.exe

< %systemroot%\mui\*.exe >

< %systemroot%\msapps\*.exe >

< %systemroot%\msagent\*.exe >
[2008/04/15 04:00:00 | 00,256,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\msagent\agentsvr.exe

< %systemroot%\minidump\*.exe >

< %systemroot%\media\*.exe >

< %systemroot%\Help\*.exe >

< %systemroot%\ie7\*.exe >
[2008/04/15 04:00:00 | 00,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ie7\ie4uinit.exe
[2008/04/15 04:00:00 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ie7\iedw.exe
[2008/04/15 04:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ie7\iexplore.exe
[2008/04/15 04:00:00 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ie7\mshta.exe

< %systemroot%\ie7updates\*.exe >

< %systemroot%\ime\*.exe >

< %systemroot%\installer\*.exe >

< %systemroot%\internet logs\*.exe >

< %systemroot%\Cursors\*.exe >

< %systemroot%\Config\*.exe >

< %systemroot%\internet logs\*.exe >

< %systemroot%\Assembly\*.exe >

< %systemroot%\internet logs\*.exe >

< %systemroot%\AppPatch\*.exe >

< %systemroot%\l2schemas\*.exe >

< %systemroot%\Debug\*.exe >

< %systemroot%\ehome\*.exe >

< %systemroot%\Connection Wizard\*.exe >

< %systemroot%\system32\1025\*.exe >

< %systemroot%\system32\1028\*.exe >

< %systemroot%\system32\1031\*.exe >

< %systemroot%\system32\1033\*.exe >

< %systemroot%\system32\1037\*.exe >

< %systemroot%\system32\1041\*.exe >

< %systemroot%\system32\1042\*.exe >

< %systemroot%\system32\1054\*.exe >

< %systemroot%\system32\2052\*.exe >

< %systemroot%\system32\3076\*.exe >

< %systemroot%\system32\appmgmt\*.exe >

< %systemroot%\system32\bits\*.exe >

< %systemroot%\system32\catroot\*.exe >

< %systemroot%\system32\catroot2\*.exe >

< %systemroot%\system32\com\*.exe >
[2008/04/15 04:00:00 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\com\comrepl.exe
[2008/04/15 04:00:00 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\com\comrereg.exe

< %systemroot%\system32\config\*.exe >

< %systemroot%\system32\dhcp\*.exe >

< %systemroot%\system32\DirectX\*.exe >

< %systemroot%\system32\drvstore\*.exe >

< %systemroot%\system32\en\*.exe >

< %systemroot%\system32\en-us\*.exe >

< %systemroot%\system32\export\*.exe >

< %systemroot%\system32\GroupPolicy\*.exe >

< %systemroot%\system32\ias\*.exe >

< %systemroot%\system32\icsxml\*.exe >

< %systemroot%\system32\ime\*.exe >

< %systemroot%\system32\inetsrv\*.exe >

< %systemroot%\system32\LogFiles\*.exe >

< %systemroot%\system32\Macromed\*.exe >

< %systemroot%\system32\Microsoft\*.exe >

< %systemroot%\system32\Msdtc\*.exe >

< %systemroot%\system32\Mui\*.exe >

< %systemroot%\system32\npp\*.exe >
[2008/04/15 04:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\npp\nppagent.exe

< %systemroot%\system32\NtMsData\*.exe >

< %systemroot%\system32\oobe\*.exe >
[2008/04/15 04:00:00 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oobe\msoobe.exe
[2008/04/15 04:00:00 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oobe\oobebaln.exe

< %systemroot%\system32\PreInstall\*.exe >

< %systemroot%\system32\ras\*.exe >

< %systemroot%\system32\ReInstallBackups\*.exe >

< %systemroot%\system32\Restore\*.exe >
[2008/04/15 04:00:00 | 00,380,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Restore\rstrui.exe
[2008/04/15 04:00:00 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Restore\srdiag.exe

< %systemroot%\system32\Scripting\*.exe >

< %systemroot%\system32\Setup\*.exe >

< %systemroot%\system32\ShellExt\*.exe >

< %systemroot%\system32\SoftwareDistribution\*.exe >

< %systemroot%\system32\URTTEmp\*.exe >
[2003/02/21 13:16:08 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\URTTEmp\regtlib.exe

< %systemroot%\system32\USMT\*.exe >
[2008/04/15 04:00:00 | 00,103,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\USMT\migload.exe
[2008/04/15 04:00:00 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\USMT\migwiz.exe
[2008/04/15 04:00:00 | 00,241,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\USMT\migwiza.exe

< %systemroot%\system32\Wbem\*.exe >
[2008/04/15 04:00:00 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Wbem\mofcomp.exe
[2008/04/15 04:00:00 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Wbem\scrcons.exe
[2008/04/15 04:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Wbem\unsecapp.exe
[2008/04/15 04:00:00 | 00,116,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Wbem\wbemtest.exe
[2008/04/15 04:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Wbem\winmgmt.exe
[2008/04/15 04:00:00 | 00,196,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Wbem\wmiadap.exe
[2008/04/15 04:00:00 | 00,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Wbem\wmiapsrv.exe
[2009/02/06 11:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Wbem\wmiprvse.exe

< %systemroot%\system32\Wins\*.exe >

< %systemroot%\system32\Xircom\*.exe >

< %systemroot%\system32\XPSViewer\*.exe >
[2008/07/29 21:26:06 | 00,301,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\XPSViewer\XPSViewer.exe

< %COMMONPROGRAMFILES%\*.exe >

< %APPDATA%\*.* >
[2008/08/15 11:30:24 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Sam\Application Data\desktop.ini
[2009/06/05 15:43:59 | 00,000,114 | ---- | M] () -- C:\Documents and Settings\Sam\Application Data\wklnhst.dat

< %TEMP%\*.* >
[2009/04/24 23:13:42 | 00,074,075 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\011e079d-c93e-47d2-b678-fdf0e9d67547.rsf
[2009/04/24 23:13:39 | 00,042,894 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\02319396-b644-4945-9152-9ca44c3913c7.rsf
[2008/10/23 10:47:34 | 00,315,264 | ---- | M] (McAfee, Inc.) -- C:\DOCUME~1\Sam\LOCALS~1\Temp\0262121238769919mcinst.exe
[2009/04/21 18:37:54 | 00,083,113 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\04127ed5-84e3-490c-8835-fe79a2dee7bb.rsf
[2009/04/24 23:13:35 | 00,075,538 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\06280ff8-cfdf-40a0-9b4a-f51a1db13a02.rsf
[2009/04/04 11:14:11 | 00,006,233 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\0822dc67-4548-487c-8910-2db5c0119e6b.rsf
[2009/07/12 12:45:56 | 00,133,793 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\092cc3cb-68b7-41b4-adad-aef9b71e8eb0.rsf
[2009/05/24 21:15:20 | 00,034,585 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\0af11973-0380-4be1-ab9f-7e0acf2e406b.rsf
[2009/04/04 11:14:21 | 00,004,964 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\0b0d13ee-6e03-4743-a037-41b2b9f2153b.rsf
[2009/05/30 11:14:11 | 00,045,734 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\0b10be2d-96c5-402c-8964-5e3e97fb420b.rsf
[2009/04/04 11:14:28 | 00,075,538 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\0b124baa-1f48-4550-90ee-dac067285126.rsf
[2009/04/24 23:13:30 | 00,013,146 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\0c0a6793-cb0c-4a7a-9fb1-8fdb962d2b3c.rsf
[2009/04/24 23:13:32 | 00,041,458 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\0c1c9391-8152-4275-9c87-c67b95705107.rsf
[2009/04/24 23:13:27 | 00,006,233 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\0c3ae0f7-f35c-4293-9a86-c72c519cdad3.rsf
[2009/08/04 22:09:59 | 00,039,664 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\0d4c953b-601f-4035-9299-c5bd12f6d25c.rsf
[2009/04/01 08:15:47 | 00,014,480 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\0fa14e99-2872-4dab-b083-33b65b436d95.rsf
[2009/04/04 11:14:22 | 00,041,458 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\0ff22786-25d6-4708-98d9-4a8ece39f468.rsf
[2009/04/29 15:07:12 | 00,094,108 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\112137d3-50a8-4c73-8640-86f0ada0bc33.rsf
[2009/04/24 23:13:28 | 00,041,811 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\13edc85e-f8fc-4fc8-85c2-f774f5d75463.rsf
[2009/04/24 23:13:27 | 03,103,911 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\14587f70-0174-45b7-9c2a-ba42c52be6b6.rsf
[2009/04/04 11:14:19 | 00,013,842 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\147b6198-00de-40c7-8d5d-e11be235cd58.rsf
[2009/04/04 11:14:31 | 00,001,906 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\16aef6e8-a712-4f64-9203-310cb0d0c69b.rsf
[2009/04/24 23:13:29 | 00,089,479 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\16b75a4f-b3be-4d82-9573-813c6b848a07.rsf
[2009/05/04 20:14:45 | 00,009,238 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\18cd6883-bbe8-42dd-a3ed-edef5663df47.rsf
[2009/04/24 23:13:36 | 00,052,103 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\1b2ebe2b-2baa-4e27-b541-eb09a5b00cdb.rsf
[2009/05/24 21:15:19 | 00,032,349 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\1c5af9da-ede5-4ebe-a2cd-ba61388f9331.rsf
[2009/04/24 23:13:37 | 00,045,720 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\1d31fb27-8e10-41d6-9752-77194ba4066a.rsf
[2009/05/28 22:43:54 | 00,003,237 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\1ec22e78-daa9-438c-bb1f-e663bba8c1f7.rsf
[2009/04/24 23:13:35 | 00,082,750 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\1f26a948-ad4d-4ebf-b322-df48ed9dc4c4.rsf
[2009/05/28 22:43:54 | 00,041,703 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\22ead49d-4ea5-4cbb-b42f-0b0f94d17843.rsf
[2009/04/24 23:13:39 | 00,037,046 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\2afcb35d-ff9f-412d-8f7a-726cadaa7676.rsf
[2009/04/24 23:13:38 | 00,004,726 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\2ddaf6a0-38fa-47c8-aea1-cf3d560690c1.rsf
[2009/04/04 11:14:18 | 00,013,146 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\2e9e4a4a-5c83-404e-9f8a-c2dfe4532532.rsf
[2009/04/24 23:13:43 | 00,063,371 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\2efca6f8-4d65-46f4-948a-c9924d46142c.rsf
[2009/04/24 23:13:30 | 00,015,616 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\30664c19-770a-417a-9fe7-8e69370bb864.rsf
[2009/04/04 11:14:21 | 00,007,530 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\3b2e260d-e5e0-4b85-9ca8-7e6fc08ac7a0.rsf
[2009/04/24 23:13:33 | 00,088,894 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\41d8fa1e-ca04-4f43-b5f0-e33a3c907aa3.rsf
[2009/03/30 18:40:54 | 00,000,000 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\43c094ca-7ea2-4ed0-a5e5-ff7db13b999a.rsf
[2009/04/24 23:13:32 | 00,035,046 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\4531cc08-f08d-4546-885e-e9bc28f9ec3e.rsf
[2009/04/24 23:13:27 | 00,023,814 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\472f82e2-c130-4b55-8759-e64c19a53f7b.rsf
[2009/06/08 17:16:22 | 03,273,057 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\479d9f5f-c6fd-4255-8150-51d9e2011401.rsf
[2009/04/04 11:14:30 | 00,082,750 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\485a54e4-2094-4f2a-baf2-acc9caa216a7.rsf
[2009/04/24 23:13:38 | 00,061,876 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\4c730a63-6c4b-4f1a-a37d-e7ddcd5f8f5c.rsf
[2009/05/05 22:04:17 | 00,079,368 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\4dba5624-0220-4486-92d0-ee55a5ac7c07.rsf
[2009/05/13 12:46:47 | 00,064,892 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\4f148216-5a0e-404a-942c-7bee67d75624.rsf
[2009/04/04 11:14:32 | 00,024,896 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\4fcda97b-3c96-4146-9ff8-529791cd0be0.rsf
[2009/04/24 23:13:36 | 00,024,896 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\507b397c-4248-4725-aba8-c051122839f5.rsf
[2009/04/21 18:37:51 | 00,069,156 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\5171cdcd-5f13-4514-944f-12356397b065.rsf
[2009/04/21 18:37:51 | 00,004,726 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\52e10528-7ea4-4828-ba2e-fa892341632c.rsf
[2009/04/24 23:13:31 | 00,023,398 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\539d07bf-a0d0-4c42-9650-8e4c7beccd05.rsf
[2009/04/01 08:15:48 | 00,065,020 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\544ea5ac-a9b0-495c-94c8-d8a0c9759b19.rsf
[2009/04/21 18:37:50 | 00,061,876 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\5478752d-f255-4e5b-b21f-0b0580a27020.rsf
[2009/09/01 15:10:50 | 00,019,312 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\55f1d93c-2348-4dc2-a4a7-893cf7d27e51.rsf
[2009/07/12 12:45:54 | 00,067,263 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\568266c4-74d3-4466-a732-0ecb1a30ebe9.rsf
[2009/04/24 23:13:33 | 00,064,954 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\56884c63-548a-4a2f-a55d-2c7dc412f6bb.rsf
[2009/05/24 21:15:20 | 00,024,685 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\57e7baa9-036f-480e-a9dd-4fda517f8557.rsf
[2009/09/25 17:47:53 | 00,004,394 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\587de34c-057e-423a-a242-e8d156babdd6.rsf
[2009/05/13 12:46:48 | 00,080,498 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\58cd9e29-0ede-4981-90cc-72da2d246d05.rsf
[2009/04/24 23:13:31 | 00,083,814 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\5a5ccccb-8a55-474a-b99d-0b94ec36e7f7.rsf
[2009/04/21 18:37:47 | 00,065,360 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\5b00b499-5968-4f78-8daf-984b624ca894.rsf
[2009/04/04 11:14:26 | 00,079,008 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\5c6f8a55-c697-4c93-80c3-8a7c29dd153f.rsf
[2009/04/21 18:37:53 | 00,012,729 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\6386045d-44ee-4ca4-87bc-ede839c2f563.rsf
[2009/04/24 23:13:40 | 00,012,729 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\646e8b75-e1ed-429c-a005-9a6e9d162a08.rsf
[2009/04/21 18:37:52 | 00,037,046 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\64a20c24-2ad6-4ea5-84bd-e0b338bfa209.rsf
[2009/04/04 11:14:19 | 00,034,940 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\6508ef8f-138f-49ad-9e0b-a6bf5ab9167f.rsf
[2009/04/04 11:14:32 | 00,052,103 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\663dfcf8-3da5-4268-9a2e-cfeb8d6c4aaf.rsf
[2009/05/14 15:28:53 | 00,031,568 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\69036266-a7f8-4914-8410-424eb2f32366.rsf
[2009/08/21 13:44:47 | 00,054,498 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\6935c854-211b-40c8-902a-6475a24109a4.rsf
[2009/05/29 22:18:00 | 00,027,574 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\6a0a1914-e432-41ac-b8eb-3a2ff66e9046.rsf
[2009/04/04 11:14:10 | 00,003,589 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\712268c3-b78c-4cff-8b80-5eb0270982fd.rsf
[2009/04/24 23:13:31 | 00,034,940 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\71bc2cbe-de62-4b32-b825-e520b40a247a.rsf
[2009/04/24 23:13:40 | 00,083,113 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\71c151d9-7b29-409f-91ab-efe819ce20c2.rsf
[2009/04/21 18:37:53 | 00,077,330 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\72618110-d19c-4ddb-b0c1-764899a2b360.rsf
[2009/04/04 11:14:19 | 00,023,398 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\72c5245f-4991-420d-8e14-2008189c264c.rsf
[2009/05/28 22:43:54 | 00,004,439 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\75da8183-e514-479e-aeaa-f82b9aac9131.rsf
[2009/08/21 13:44:46 | 00,099,506 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\761b829b-a2d7-4a8e-a479-4cb901eb28e3.rsf
[2009/04/24 23:13:28 | 00,032,737 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\76dea693-b272-4184-8e3b-5fde55514fb2.rsf
[2009/09/11 17:50:01 | 00,037,532 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\795a8cc6-8903-4b30-95d7-94527f00ab37.rsf
[2009/04/24 23:13:34 | 00,014,480 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\7b0a25cc-d1dc-4c14-bdfc-cbc65b183b83.rsf
[2009/09/25 17:47:53 | 00,113,388 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\7d1b6690-0a04-4e27-a7c3-40d071c830c0.rsf
[2009/05/24 21:15:17 | 00,058,724 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\7e5fd7cd-1989-43f9-bf96-fe50f97d1399.rsf
[2009/05/10 09:16:06 | 00,055,650 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\83cd2b53-7bf8-41fd-9a60-c54ef6d9f463.rsf
[2009/04/24 23:13:40 | 00,022,257 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\857e4ac6-13cd-407f-8bfc-7aafa08d0e37.rsf
[2009/08/04 22:09:59 | 00,046,892 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\87a28c21-e624-4fcd-b878-f0c401e3b323.rsf
[2009/04/04 11:14:11 | 00,008,689 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\87cb3b34-596f-4419-ada8-c89e0a157040.rsf
[2009/04/04 11:14:12 | 00,041,811 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\88b45f1f-2e7b-4b35-956b-91bbecf47282.rsf
[2009/04/24 23:13:27 | 00,008,689 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\8967f1ba-dac8-4860-9c04-8dd2e5d6f797.rsf
[2009/04/04 11:14:21 | 00,008,028 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\8d994279-caa0-4b9f-99f3-f65e0397c5c0.rsf
[2009/04/24 23:13:42 | 00,062,223 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\8feaaa60-0d81-4e54-97d5-c6df1dde3fe8.rsf
[2009/04/04 11:14:24 | 00,088,894 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\906624e9-0059-456f-ac86-ba4fb0291106.rsf
[2009/05/24 21:15:16 | 00,067,372 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\916bdf99-6a4f-436f-b962-e244920dc91f.rsf
[2009/04/21 18:37:48 | 00,045,720 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\969f86cb-4950-4176-8786-bbeb59a05f50.rsf
[2009/04/04 11:14:11 | 00,032,737 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\970a5f49-eb16-4894-bddd-b7dd49a0992c.rsf
[2009/04/24 23:13:34 | 00,079,008 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\97d0f6b2-7ab2-4177-a82a-63095c13fd03.rsf
[2009/08/21 13:44:47 | 00,033,309 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\98baa731-81d5-4273-ad3e-549e8e44d216.rsf
[2009/05/04 20:14:44 | 00,134,228 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\9db9d242-0775-4c0c-bc05-024f07b0a31e.rsf
[2009/04/04 11:14:27 | 00,065,020 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\a0efdf74-4818-4c6a-8af4-d5ac343ba9e6.rsf
[2009/05/24 21:15:22 | 00,070,583 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\a22d8e6e-71f4-4212-ac34-f9c04049d87d.rsf
[2009/04/04 11:14:21 | 00,083,814 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\a4d4ac39-dad9-41e4-afe4-d54b59674400.rsf
[2009/07/12 12:45:55 | 00,064,499 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\a7fc6f29-d609-4d71-9622-c8561fbb7076.rsf
[2009/03/31 08:55:47 | 00,000,203 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\acer_gtb_log.txt
[2009/03/31 08:48:46 | 00,020,991 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\Arabic.bin
[2009/03/31 08:50:44 | 00,005,144 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\ASPNETSetup_00000.log
[2009/03/30 19:03:33 | 00,079,816 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\avg8inst.log
[2009/04/21 18:37:54 | 00,063,097 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\b644175d-1501-4f8b-a18d-c629a918f609.rsf
[2009/05/24 21:15:19 | 00,041,955 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\b7b2a694-6436-4b11-845e-4542fcda157d.rsf
[2009/09/25 17:47:53 | 00,034,622 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\b94889fa-df63-4066-af9c-9987543c610b.rsf
[2009/04/24 23:13:39 | 00,077,330 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\bacdb5a7-82d6-4a31-b440-e810321f075f.rsf
[2009/04/24 23:13:34 | 00,065,020 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\bb415d6d-0d39-4d8f-9032-acd4739385dd.rsf
[2009/04/21 18:37:55 | 00,101,909 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\bd7f107e-7cae-42f2-854f-44d04a9ef45c.rsf
[2009/04/04 11:14:18 | 00,048,828 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\bdbecaee-be6a-47a4-8801-ef8221e35368.rsf
[2009/04/24 23:13:32 | 00,008,028 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\be92119e-9f4a-438f-a472-0d5349daa5ce.rsf
[2009/04/24 23:13:32 | 00,007,530 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\c56fea04-0205-4a67-9001-92e88adbbbfc.rsf
[2009/04/21 18:37:54 | 00,022,257 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\c62e3c45-1696-483c-850c-339b98c4d747.rsf
[2009/05/28 22:43:54 | 00,082,811 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\c6f5c246-4c78-424c-a055-ee3aca1e5787.rsf
[2009/05/13 12:46:47 | 00,001,666 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\c8c4dd31-447d-411d-afe0-dc5209fad1be.rsf
[2009/04/24 23:13:29 | 00,184,063 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\c98b9d1c-711e-47a4-84ed-f69e5c010e67.rsf
[2009/04/21 18:37:52 | 00,042,894 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\caa8443e-43ea-4e9c-a01f-f131dcf466a2.rsf
[2009/04/24 23:13:27 | 00,003,589 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\cb851079-779b-40e3-9036-444719e745e7.rsf
[2009/04/24 23:13:41 | 00,101,909 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\ccb1daa4-a7fc-490b-9a7d-5176a29ab250.rsf
[2009/06/08 17:22:16 | 00,000,996 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\chrome_installer.log
[2009/03/31 08:48:46 | 00,024,321 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\Czech.bin
[2009/05/04 20:14:45 | 00,132,564 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\d2712a2f-d4ff-4303-bf76-d9043abece1a.rsf
[2009/04/01 08:15:46 | 00,079,008 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\d3ce2750-872b-4a12-8b20-538366a37314.rsf
[2009/07/12 12:45:54 | 00,032,299 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\d4e2130d-5b74-4aae-86c7-2ee5176fa3fc.rsf
[2009/04/24 23:13:37 | 00,066,628 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\d5779ae3-60bf-49f7-b7f0-c3b379b0f3ff.rsf
[2009/04/24 23:13:38 | 00,069,156 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\d80dd162-feff-44b3-b32d-015825f357fa.rsf
[2009/04/04 11:14:15 | 00,184,063 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\d8cf9570-6242-47d6-b9c2-ced717a5ea82.rsf
[2009/04/04 11:14:11 | 00,023,814 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\d96d3a7e-eb37-4f09-9f91-bc05332ecd34.rsf
[2009/03/31 08:48:44 | 00,022,794 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\Danish.bin
[2009/04/24 23:13:35 | 00,001,906 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\dd373320-e7b4-4efd-9d16-690ec6539ac0.rsf
[2009/05/04 20:14:44 | 00,070,880 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\dd59027d-47e5-4f17-a550-605b888ea567.rsf
[2009/03/31 08:53:34 | 04,572,130 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\dd_netfx20MSI3D4E.txt
[2009/03/31 08:53:36 | 00,014,308 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\dd_netfx20UI3D4E.txt
[2009/04/24 23:13:32 | 00,004,964 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\df6f93cd-3a6a-4e70-ae38-fb64712d5c2a.rsf
[2009/03/31 08:48:44 | 00,025,758 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\Dutch.bin
[2009/04/04 11:14:25 | 00,064,954 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\e07b58f9-ee7e-498c-a3e5-b882561beead.rsf
[2009/04/04 11:14:23 | 00,035,046 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\e4a259fe-b9e7-4a38-a9fb-622c07f6cd53.rsf
[2009/04/24 23:13:30 | 00,048,828 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\e591e2ae-f6d1-410f-85c0-2f2870a72a54.rsf
[2009/04/04 11:14:17 | 00,089,479 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\e6fba4cd-0ae5-4dd6-b2dd-2bcb9255efd5.rsf
[2009/04/04 11:14:17 | 00,015,616 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\e7ddc047-c516-4f43-a283-5535f7c92d68.rsf
[2009/03/31 08:48:45 | 00,021,944 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\English.bin
[2009/04/22 22:11:17 | 00,028,700 | -H-- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\etilqs_cDEAeJAi3btwBlNWeloJ
[2009/04/01 08:17:03 | 00,001,024 | -H-- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\etilqs_eNAOVYnlOqM5O6HojdLW
[2009/04/01 08:17:04 | 00,001,544 | -H-- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\etilqs_eNAOVYnlOqM5O6HojdLW-journal
[2009/04/01 08:09:17 | 00,024,600 | -H-- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\etilqs_OBfTufnX8OFOAod95zrJ
[2009/06/01 18:25:25 | 00,001,024 | -H-- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\etilqs_OYFdHshi45bXmmGgGiHQ
[2009/06/01 18:25:26 | 00,001,544 | -H-- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\etilqs_OYFdHshi45bXmmGgGiHQ-journal
[2009/05/29 22:10:38 | 00,028,700 | -H-- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\etilqs_prZUV82ldprqkQJ7UxMQ
[2009/05/06 15:28:40 | 00,028,700 | -H-- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\etilqs_X0kLjNrLtOwVUgbVb9g3
[2009/04/04 11:14:10 | 03,103,911 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\f215893c-e2c1-4728-80a5-1921ce924e43.rsf
[2009/04/24 23:13:36 | 00,065,360 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\f4a3f0cd-aa32-4ced-8809-df0e9cc06339.rsf
[2009/07/12 12:45:55 | 00,002,749 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\f4aad007-5b63-43f1-997f-f6b35bcc8d49.rsf
[2009/04/04 11:14:26 | 00,014,480 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\f8ce75ec-b119-4a35-9c60-faa38dc82bc7.rsf
[2009/08/04 22:10:00 | 00,062,834 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\f91b1779-1fbb-4644-b661-a1b5db6f30c4.rsf
[2009/04/21 18:37:50 | 00,066,628 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\fc1b4bd4-37cd-425e-85f7-f8def47f3e7e.rsf
[2009/04/24 23:13:41 | 00,063,097 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\fc73b90e-6286-4a1e-baab-4098d895edae.rsf
[2009/04/24 23:13:30 | 00,013,842 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\ff65d5b0-149c-47f1-a3a2-85b0ead3e8fa.rsf
[2009/03/31 08:48:46 | 00,022,868 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\Finnish.bin
[2009/03/31 08:48:45 | 00,027,246 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\French.bin
[2009/05/21 00:41:42 | 00,158,621 | R--- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\GC BRC 30-09.pdf
[2009/03/31 08:54:44 | 00,000,000 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\gdF1.tmp.ggc
[2009/03/31 08:48:45 | 00,025,764 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\German.bin
[2009/03/31 08:55:47 | 00,000,944 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\GoogleToolbarInstaller1.log
[2009/03/31 08:55:47 | 00,103,736 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\GoogleToolbarInstaller2.log
[2009/03/31 08:48:46 | 00,025,093 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\Greek.bin
[2009/03/31 08:48:46 | 00,019,564 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\Hebrew.bin
[2009/03/31 08:48:46 | 00,026,094 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\Hungarian.bin
[2009/03/31 08:48:45 | 00,027,421 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\Italian.bin
[2009/03/31 08:48:44 | 00,024,340 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\Japanese.bin
[2009/07/02 18:38:14 | 00,046,592 | R--- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\Job Seekers Allowance 2005.DOC
[2009/03/31 08:48:44 | 00,020,145 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\Korean.bin
[2009/05/27 20:07:31 | 00,235,149 | R--- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\moto_0012.jpg
[2009/03/31 08:48:46 | 00,021,975 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\Norwegian.bin
[2009/03/31 08:48:46 | 00,024,232 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\Polish.bin
[2009/03/31 08:48:46 | 00,025,082 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\Portuguese(Brazil).bin
[2009/03/31 08:48:45 | 00,026,271 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\Portuguese.bin
[2008/08/15 18:58:44 | 00,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\DOCUME~1\Sam\LOCALS~1\Temp\RtkBtMnt.exe
[2009/03/31 08:48:45 | 00,026,136 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\Russian.bin
[2009/04/17 10:29:50 | 00,003,647 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\SetupExe(200904171029301CC).log
[2009/05/14 10:30:47 | 00,003,651 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\SetupExe(20090514103043100C).log
[2009/05/24 21:43:07 | 00,003,651 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\SetupExe(2009052421430117D8).log
[2009/05/27 16:55:33 | 00,003,654 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\SetupExe(2009052716551312B8).log
[2009/09/26 12:38:20 | 00,003,652 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\SetupExe(20090926123815DC).log
[2009/09/27 22:31:21 | 00,003,647 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\SetupExe(2009092722311584C).log
[2009/03/31 08:48:45 | 00,016,420 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\SimChin.bin
[2009/05/24 21:56:35 | 00,034,304 | R--- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\Skills-CV-template.doc
[2009/03/31 08:48:45 | 00,027,764 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\Spanish.bin
[2009/03/31 08:48:45 | 00,024,093 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\SWEDISH.bin
[2009/03/31 08:48:46 | 00,021,987 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\Thai.bin
[2009/05/15 16:36:40 | 00,098,867 | R--- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\tor bank complaint.pdf
[2009/03/31 08:48:44 | 00,016,962 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\TradChin.bin
[2009/03/31 08:48:46 | 00,022,263 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\Turkish.bin
[2009/04/17 10:30:38 | 00,004,343 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\UserInfoSetup(200904171029591CC).log
[2009/05/14 10:31:34 | 00,004,009 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\UserInfoSetup(20090514103053100C).log
[2009/05/24 21:43:49 | 00,004,009 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\UserInfoSetup(2009052421431517D8).log
[2009/05/27 16:56:56 | 00,016,866 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\UserInfoSetup(2009052716554512B8).log
[2009/09/26 12:38:33 | 00,004,016 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\UserInfoSetup(20090926123823DC).log
[2009/09/27 22:33:23 | 00,016,905 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\UserInfoSetup(2009092722312484C).log
[2009/09/01 22:35:32 | 00,001,384 | ---- | M] () -- C:\DOCUME~1\Sam\LOCALS~1\Temp\wmplog00.sqm
[25 C:\DOCUME~1\Sam\LOCALS~1\Temp\*.tmp files]

< set /c >
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Sam\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KIERAN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Sam
LOGONSERVER=\\KIERAN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\DivX Shared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 28 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1c02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Sam\LOCALS~1\Temp
TMP=C:\DOCUME~1\Sam\LOCALS~1\Temp
USERDOMAIN=KIERAN
USERNAME=Sam
USERPROFILE=C:\Documents and Settings\Sam
windir=C:\WINDOWS
< End of report >

0

#5 27-09-2009 09:52PM

Jimmy Bottlehead

Registered Users, Registered Users 2 Posts: 9,931 ✭✭✭

Join Date: December 2005

Posts: 9598

OTL Extras logfile created on: 27/09/2009 22:32:50 - Run 1
OTL by OldTimer - Version 3.0.15.0 Folder = C:\Documents and Settings\Sam\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1011.88 Mb Total Physical Memory | 383.76 Mb Available Physical Memory | 37.93% Memory free
2.37 Gb Paging File | 1.98 Gb Available in Paging File | 83.34% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.17 Gb Total Space | 132.02 Gb Free Space | 91.58% Space Free | Partition Type: NTFS
Drive

| 955.23 Mb Total Space | 940.52 Mb Free Space | 98.46% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KIERAN
Current User Name: Sam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A5E68D5-DEA7-4067-B191-B4AE756C057B}" = STOPzilla
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F604A3C1-E9CD-4213-8BE3-23FBF2935467}" = GlobeTrotter Connect
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG8Uninstall" = AVG 8.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LManager" = Launch Manager
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/07/2009 15:50:45 | Computer Name = KIERAN | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 07/07/2009 11:36:57 | Computer Name = KIERAN | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3439, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 03/08/2009 10:50:52 | Computer Name = KIERAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 03/08/2009 10:50:52 | Computer Name = KIERAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 03/08/2009 10:50:53 | Computer Name = KIERAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 03/08/2009 10:50:53 | Computer Name = KIERAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 03/08/2009 10:50:53 | Computer Name = KIERAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 03/08/2009 11:04:19 | Computer Name = KIERAN | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3474, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 03/08/2009 11:04:23 | Computer Name = KIERAN | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3474, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 19/08/2009 12:06:53 | Computer Name = KIERAN | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 25/09/2009 12:32:32 | Computer Name = KIERAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
szkg5

Error - 25/09/2009 12:32:32 | Computer Name = KIERAN | Source = Service Control Manager | ID = 7000
Description = The szkg service failed to start due to the following error: %%2

Error - 26/09/2009 06:58:38 | Computer Name = KIERAN | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avg8wd service.

Error - 26/09/2009 20:57:41 | Computer Name = KIERAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
szkg5

Error - 26/09/2009 20:57:41 | Computer Name = KIERAN | Source = Service Control Manager | ID = 7000
Description = The szkg service failed to start due to the following error: %%2

Error - 27/09/2009 01:23:52 | Computer Name = KIERAN | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the GtDetectSc service.

Error - 27/09/2009 08:31:33 | Computer Name = KIERAN | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 27/09/2009 11:05:37 | Computer Name = KIERAN | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the GtDetectSc service.

Error - 27/09/2009 17:23:52 | Computer Name = KIERAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
szkg5

Error - 27/09/2009 17:23:52 | Computer Name = KIERAN | Source = Service Control Manager | ID = 7000
Description = The szkg service failed to start due to the following error: %%2

< End of report >

0

#6 28-09-2009 01:31PM

ActorSeeksJob

Closed Accounts Posts: 1,970 ✭✭✭

Join Date: February 2007

Posts: 1946

hi

A malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it.

Please download LSPFix from here.
Run the LSPFix.exe that you have just finished downloading.
Check the I know what I'm doing box.
In the Keep box you should see one or more instances of iS3lsp.dll .
Select every instance of iS3lsp.dll and move each one to the Remove box by clicking the >> button.
When you are done click Finish>>.

Reboot your PC and do the following

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
PRC - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
SRV - (szserver [Auto | Running]) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
O2 - BHO: (ZILLAbar Browser Helper Object) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll (iS3, Inc)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll (iS3, Inc)
[2009/09/27 22:27:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/04/21 21:58:10 | 00,000,000 | ---D | M] -- C:\Program Files\STOPzilla!

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

0

#7 28-09-2009 03:00PM

Jimmy Bottlehead

Registered Users, Registered Users 2 Posts: 9,931 ✭✭✭

Join Date: December 2005

Posts: 9598

OTL logfile created on: 28/09/2009 15:52:16 - Run 2
OTL by OldTimer - Version 3.0.15.0 Folder = C:\Documents and Settings\Sam\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1011.88 Mb Total Physical Memory | 583.47 Mb Available Physical Memory | 57.66% Memory free
2.37 Gb Paging File | 2.04 Gb Available in Paging File | 85.86% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.17 Gb Total Space | 132.50 Gb Free Space | 91.91% Space Free | Partition Type: NTFS
Drive

| 955.23 Mb Total Space | 940.09 Mb Free Space | 98.41% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KIERAN
Current User Name: Sam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe (OptionNV)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
PRC - C:\WINDOWS\System32\igfxext.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Sam\Local Settings\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Documents and Settings\Sam\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GtDetectSc [Auto | Running]) -- C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe (OptionNV)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IviRegMgr [Auto | Running]) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0309&m=aoa150
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0309&m=aoa150
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: avg@igeared:2.507.024.001
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/26 18:16:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/26 18:09:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/08/25 15:37:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/17 07:55:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/17 07:55:50 | 00,000,000 | ---D | M]

[2009/03/30 18:44:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\mozilla\Extensions
[2009/03/30 18:44:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/25 17:44:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\mozilla\Firefox\Profiles\swnsnibm.default\extensions
[2009/07/02 18:42:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\mozilla\Firefox\Profiles\swnsnibm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/03 17:11:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/17 07:55:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/17 07:55:42 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/17 07:55:42 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/24 20:34:32 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2009/02/24 20:34:14 | 01,337,648 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/02/24 20:34:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/09/17 07:55:46 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/24 20:34:32 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/08/01 08:48:59 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/08/01 08:48:59 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/26 18:15:58 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/08/01 08:48:59 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/08/01 08:48:59 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/01 08:48:59 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/08/01 08:48:59 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/01 08:48:59 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/01 08:48:59 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 126 domain(s) and sub-domain(s) not assigned to a zone.
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/15 18:37:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/09/28 15:44:10 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/09/27 22:28:25 | 00,516,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe

========== Files - Modified Within 14 Days ==========

[2009/09/28 15:50:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/28 15:50:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/28 15:50:36 | 10,611,05664 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/28 15:45:58 | 00,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{479C7E99-7F92-404A-A968-D4AB250DDB21}.job
[2009/09/28 15:33:22 | 03,736,898 | -H-- | M] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\IconCache.db
[2009/09/27 22:19:22 | 00,516,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe
[2009/09/27 13:04:02 | 41,842,542 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/26 12:03:43 | 00,113,133 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/22 22:34:14 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== LOP Check ==========

[2009/09/28 15:44:18 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/12/19 08:38:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2009/08/02 20:14:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/03/30 18:42:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Partner
[2009/05/15 13:21:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/06/05 15:43:59 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Sam\Application Data
[2009/05/05 21:13:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\AVGTOOLBAR
[2009/05/27 16:55:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Template
[2008/04/15 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/28 15:50:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/09/28 15:45:58 | 00,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{479C7E99-7F92-404A-A968-D4AB250DDB21}.job

========== Purity Check ==========

< End of report >

0

#8 28-09-2009 04:03PM

xprepairs

Closed Accounts Posts: 69 ✭✭

Join Date: September 2009

Posts: 67

Actually IMO the quickest easiest way to uninstall StopZilla is using revo uninstaller.
http://www.revouninstaller.com/revo_uninstaller_free_download.html
Use the uninstaller and just delete the highlighted entries in the registry.

0

#9 28-09-2009 05:00PM

ActorSeeksJob

Closed Accounts Posts: 1,970 ✭✭✭

Join Date: February 2007

Posts: 1946

Did you do the LSP Fix step ?

Also try the Revo Uninstaller step that was suggested

0

#10 28-09-2009 05:13PM

Jimmy Bottlehead

Registered Users, Registered Users 2 Posts: 9,931 ✭✭✭

Join Date: December 2005

Posts: 9598

ActorSeeksJob wrote: »

Did you do the LSP Fix step ?

Also try the Revo Uninstaller step that was suggested

Yeah I did the LSP step alright. Stopzilla isn't coming up when I log into Windows now so is that it all sorted?

0

#11 28-09-2009 05:17PM

Jimmy Bottlehead

Registered Users, Registered Users 2 Posts: 9,931 ✭✭✭

Join Date: December 2005

Posts: 9598

Jimmy Bottlehead wrote: »

Yeah I did the LSP step alright. Stopzilla isn't coming up when I log into Windows now so is that it all sorted?

Sorry for the double post, StopZilla is not coming up when Windows is logged into but it is still installed. Should i do a Windows Uninstall and see what happens?

0

#12 28-09-2009 06:34PM

ActorSeeksJob

Closed Accounts Posts: 1,970 ✭✭✭

Join Date: February 2007

Posts: 1946

do this instead

Download and install Revo Uninstaller

Double click the Revo Uninstaller icon on your desktop to start the program
Scroll through the listed programs and Right Click on the program you wish to uninstall
From the pop out menu choose Uninstall
Click Yes to the confirmation dialogue
In the next window select the Advanced mode
Click Next to start uninstalling the program
Answer Yes to confirm the uninstall
When the program has completed the four steps, click Next to allow the program to search for leftovers
Once complete, click Next, then Finish
Repeat the above steps for any other programs you wish to remove.

0

#13 28-09-2009 06:48PM

Jimmy Bottlehead

Registered Users, Registered Users 2 Posts: 9,931 ✭✭✭

Join Date: December 2005

Posts: 9598

ActorSeeksJob wrote: »

do this instead

Download and install Revo Uninstaller
Double click the Revo Uninstaller icon on your desktop to start the program

Scroll through the listed programs and Right Click on the program you wish to uninstall

From the pop out menu choose Uninstall

Click Yes to the confirmation dialogue

In the next window select the Advanced mode

Click Next to start uninstalling the program

Answer Yes to confirm the uninstall

When the program has completed the four steps, click Next to allow the program to search for leftovers

Once complete, click Next, then Finish

Repeat the above steps for any other programs you wish to remove.

Done! A message came up regarding an error using the StopZilla installer but it continued and seems to have wiped it off the system!!

Any way to double check?

0

#14 28-09-2009 07:18PM

ActorSeeksJob

Closed Accounts Posts: 1,970 ✭✭✭

Join Date: February 2007

Posts: 1946

I'd say its all gone now, but open up OTL.exe, click Quick Scan post that log

0

#15 28-09-2009 07:43PM

Jimmy Bottlehead

Registered Users, Registered Users 2 Posts: 9,931 ✭✭✭

Join Date: December 2005

Posts: 9598

OTL logfile created on: 28/09/2009 20:41:19 - Run 5
OTL by OldTimer - Version 3.0.15.0 Folder = C:\Documents and Settings\Sam\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1011.88 Mb Total Physical Memory | 582.20 Mb Available Physical Memory | 57.54% Memory free
2.37 Gb Paging File | 2.05 Gb Available in Paging File | 86.30% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.17 Gb Total Space | 132.57 Gb Free Space | 91.96% Space Free | Partition Type: NTFS
Drive

| 955.23 Mb Total Space | 939.31 Mb Free Space | 98.33% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KIERAN
Current User Name: Sam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe (OptionNV)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Documents and Settings\Sam\Local Settings\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Documents and Settings\Sam\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GtDetectSc [Auto | Running]) -- C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe (OptionNV)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IviRegMgr [Auto | Running]) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0309&m=aoa150
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0309&m=aoa150
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: avg@igeared:2.507.024.001
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/26 18:16:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/26 18:09:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/08/25 15:37:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/17 07:55:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/17 07:55:50 | 00,000,000 | ---D | M]

[2009/03/30 18:44:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\mozilla\Extensions
[2009/03/30 18:44:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/25 17:44:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\mozilla\Firefox\Profiles\swnsnibm.default\extensions
[2009/07/02 18:42:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\mozilla\Firefox\Profiles\swnsnibm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/03 17:11:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/17 07:55:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/17 07:55:42 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/17 07:55:42 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/24 20:34:32 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2009/02/24 20:34:14 | 01,337,648 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/02/24 20:34:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/09/17 07:55:46 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/24 20:34:32 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/08/01 08:48:59 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/08/01 08:48:59 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/26 18:15:58 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/08/01 08:48:59 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/08/01 08:48:59 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/01 08:48:59 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/08/01 08:48:59 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/01 08:48:59 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/01 08:48:59 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 126 domain(s) and sub-domain(s) not assigned to a zone.
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/15 18:37:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/09/28 19:37:03 | 00,000,921 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\Revo Uninstaller.lnk
[2009/09/28 19:36:53 | 00,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2009/09/28 16:06:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Application Data\InterVideo
[2009/09/28 15:44:10 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/09/27 22:28:25 | 00,516,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe

========== Files - Modified Within 14 Days ==========

[2009/09/28 20:35:01 | 00,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{479C7E99-7F92-404A-A968-D4AB250DDB21}.job
[2009/09/28 19:37:03 | 00,000,921 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\Revo Uninstaller.lnk
[2009/09/28 15:50:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/28 15:50:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/28 15:50:36 | 10,611,05664 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/28 15:33:22 | 03,736,898 | -H-- | M] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\IconCache.db
[2009/09/27 22:19:22 | 00,516,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe
[2009/09/27 13:04:02 | 41,842,542 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/26 12:03:43 | 00,113,133 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/22 22:34:14 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== LOP Check ==========

[2009/09/28 15:44:18 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/12/19 08:38:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2009/08/02 20:14:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/03/30 18:42:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Partner
[2009/05/15 13:21:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/09/28 16:06:32 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Sam\Application Data
[2009/05/05 21:13:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\AVGTOOLBAR
[2009/09/28 16:06:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\InterVideo
[2009/05/27 16:55:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Template
[2008/04/15 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/28 15:50:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/09/28 20:35:01 | 00,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{479C7E99-7F92-404A-A968-D4AB250DDB21}.job

========== Purity Check ==========

< End of report >

0

#16 29-09-2009 12:30PM

ActorSeeksJob

Closed Accounts Posts: 1,970 ✭✭✭

Join Date: February 2007

Posts: 1946

Your logs are clean

Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

Download OTC to your desktop and run it
Click Yes to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Below I have included a number of recommendations for how to protect your computer against malware infections.

Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
- NoScript - for blocking ads and other potential website attacks
- McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
Please read my guide on how to prevent malware and about safe computing here

Thank you for your patience, and performing all of the procedures requested.

0

#17 29-09-2009 02:51PM

xprepairs

Closed Accounts Posts: 69 ✭✭

Join Date: September 2009

Posts: 67

So actually my idea the revo uninstaller removed stopzilla?
It sure saves lots of scanning and time sometimes

0

#18 29-09-2009 03:56PM

ActorSeeksJob

Closed Accounts Posts: 1,970 ✭✭✭

Join Date: February 2007

Posts: 1946

No my step removed StopZilla

0

#19 29-09-2009 07:03PM

Jimmy Bottlehead

Registered Users, Registered Users 2 Posts: 9,931 ✭✭✭

Join Date: December 2005

Posts: 9598

It worked either way guy, so thanks a million

Hugely appreciated!

0

#20 01-10-2009 02:18PM

xprepairs

Closed Accounts Posts: 69 ✭✭

Join Date: September 2009

Posts: 67

Jimmy Bottlehead , thanks for posting back, glad to try to assist.

0

How to remove StopZilla properly?

Comments