1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: AntiVirusOverride:

Discussion in 'General Security' started by jayd, Dec 27, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. jayd

    jayd Thread Starter

    Joined:
    Mar 1, 2006
    Messages:
    201
    This only just started showing up in my Spybot S&D scans. Never saw it before a few days ago. I did read some thing but honestly what I read didn't answer my question which is,
    Should I allow Spybot S&D to remove this?

    Hope I'm posting the question in the correct place. Apologies if mistaken.

    Microsoft.WindowsSecurityCenter.AntiVirusOverride:

    Thank You and Good Wishes to all for a Happy, Healthy New Year
    J

    Tech Support Guy System Info Utility version 1.0.0.1
    OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz, x86 Family 15 Model 4 Stepping 3
    Processor Count: 2
    RAM: 3710 Mb
    Graphics Card: RADEON X300 SE 128MB HyperMemory, 128 Mb
    Hard Drives: C: Total - 73163 MB, Free - 46990 MB;
    Motherboard: Dell Inc. , 0WG261, , ..CN698615CP01D3.
    Antivirus: , Updated:yes, On-Demand Scanner: Enabled


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:03:01 PM, on 27/12/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Ad Muncher\AdMunch.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\dlcccoms.exe
    C:\Documents and Settings\Jay\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD0.dll
    O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD2.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD2.dll
    O3 - Toolbar: BT Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD0.dll
    O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
    O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
    O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
    O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk.disabled
    O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_wil...=menu_ie_frame
    O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_wil...=menu_ie_image
    O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_wil...d=menu_ie_link
    O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_wil...enu_ie_exclude
    O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_wil...menu_ie_report
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
    O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
    O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
    O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\system32\oline.dll


    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
    O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.co.uk/s/v/43.11/uploader2.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8942.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1231951123843
    O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/download...1/axofupld.cab
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37680.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-56193df6ff453161.spaces.l...d/MsnPUpld.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
    O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 18519 bytes
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,928
    These are just warnings that the Security Center alert that would normally warn you if your anti-virus has been turned off or disabled for any reason, has been unchecked so that it doesn't alert you.

    If you chose not to be alerted and turned those things off in the Security Center intentionally, then you can have SpyBot put these on Ignore.

    Otherwise, something or someone has changed those settings and that should be investigated further.

    As your computer specs indicate that you aren't running any anti-virus software then yes, it could of some concern in this instance.

    Please go here to download HijackThis.
    • To the right of the green arrow under HijackThis downloads click on the Executable button and download the HijackThis.exe file to your desktop.
    • Double-click the HijackThis.exe file on your desktop to launch the program. If you get a security warning asking if you want to run this software because the publisher couldn't be verified click on Run to allow it.
    • Click on the Scan button. The scan will not take long and when it's finished the resulting log will open automatically in Notepad.
    • Click on the Save log button and save the log file to your desktop. Copy and paste the contents of the log in your post.
    Please do not fix anything with HijackThis unless you are instructed to do so. Most of what appears in the log will be harmless and/or necessary.
     
  3. jayd

    jayd Thread Starter

    Joined:
    Mar 1, 2006
    Messages:
    201
    Hi and thank you.
    Yes, I did notice that the puter specs indicate no AV, and that's something I can't understand because I am in fact running ESET's Nod32 AV, which is updated as well. So that one's a mystery.
    In fact, I once altered that spec to yes but I see it has defaulted to NO. ??

    Thanks again and will immediately do as instructed. bbsoon
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,928
    Most of the anti-virus programs will disable those alerts because they self-monitor, meaning they will alert you if the program is not running but malware can change it as well. The logs indicate Eset is running but lets take a few steps to be sure all is in order.

    First, please run the TSG system utility again and post the results:

    http://static.techguy.org/download/SysInfo.exe

    Then, please do the following:

    Please download Malwarebytes' Anti-Malware from Here.

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,928
    It's only your computer specs field in your profile so it wouldn't revert back on its own. It's likely that you didn't save the changes. :)
     
  6. jayd

    jayd Thread Starter

    Joined:
    Mar 1, 2006
    Messages:
    201
    TSG system utility ???

    Where from? Or is the TSG the same as Hijack this?

    I do have Malwarebytes and use it daily. Ran a scan earlier and it showed things were clean. Do you want me to run it again now? Full or Quick scan if yes.
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,928
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,928
    Yes, please update MalwareBytes and run a full system scan.
     
  9. jayd

    jayd Thread Starter

    Joined:
    Mar 1, 2006
    Messages:
    201
    oh good grief charlie brown! TSG .. what's wrong with me. Of course. Color me embarrassed.
    Here it is.
    Tech Support Guy System Info Utility version 1.0.0.1
    OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz, x86 Family 15 Model 4 Stepping 3
    Processor Count: 2
    RAM: 3710 Mb
    Graphics Card: RADEON X300 SE 128MB HyperMemory, 128 Mb
    Hard Drives: C: Total - 73163 MB, Free - 46826 MB;
    Motherboard: Dell Inc. , 0WG261, , ..CN698615CP01D3.
    Antivirus: , Updated: No, On-Demand Scanner: Enabled
     
  10. jayd

    jayd Thread Starter

    Joined:
    Mar 1, 2006
    Messages:
    201
    going to MB now and will run a full scan.
     
  11. jayd

    jayd Thread Starter

    Joined:
    Mar 1, 2006
    Messages:
    201
    Here's the full scan requested.


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5405

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    27/12/2010 9:24:59 PM
    mbam-log-2010-12-27 (21-24-59).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 217636
    Time elapsed: 33 minute(s), 11 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,928
    Download OTS.exe to your Desktop.
    1. Close any open browsers.
    2. If your Real protection or Antivirus interferes with OTS, allow it to run.
    3. Double-click on OTS.exe to start the program.
    4. In Additional Scans section put a check in Disabled MS Config Items and EventViewer logs
    5. Now click the Run Scan button on the toolbar.
    6. Let it run unhindered until it finishes.
    7. When the scan is complete Notepad will open with the report file loaded in it.
    8. Save that notepad file.
    Use the Reply button, scroll down to the attachments section and attach the notepad file here.
     
  13. jayd

    jayd Thread Starter

    Joined:
    Mar 1, 2006
    Messages:
    201
    Cookiegal ...

    Just on line for a few minutes tonight checking emails. Just a tiny bit under the weather but wanted to acknowledge this project. Soonest I can get to it is tomorrow morning sometime. Hope that's okay. Will print out instr. but going to bed in a minute or two.
    Thank you for your patience and help.
    BBack tomoro
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,928
    That's fine. Take your time and I hope you feel better. :)
     
  15. jayd

    jayd Thread Starter

    Joined:
    Mar 1, 2006
    Messages:
    201
    Code:
    OTS logfile created on: 30/12/2010 9:35:40 AM - Run 1
    OTS by OldTimer - Version 3.1.40.1     Folder = C:\Documents and Settings\Jay\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
     
    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
    5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 71.45 Gb Total Space | 45.29 Gb Free Space | 63.39% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
     
    Computer Name: DFY1752J
    Current User Name: Jay
    Logged in as Administrator.
     
    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
     
    [Processes - Safe List]
    ots scan exe.exe -> C:\Documents and Settings\Jay\Desktop\OTS SCAN EXE.exe -> [2010/12/29 20:32:47 | 000,642,048 | ---- | M] (OldTimer Tools)
    admunch.exe -> C:\Program Files\Ad Muncher\AdMunch.exe -> [2010/12/28 00:30:22 | 000,534,728 | ---- | M] (Murray Hurps Corp Pty Ltd)
    mcsacore.exe -> C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -> [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.)
    acdaemon.exe -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe -> [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.)
    googlecrashhandler.exe -> C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe -> [2010/10/19 16:08:15 | 000,134,808 | ---- | M] (Google Inc.)
    iswsvc.exe -> C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -> [2010/09/02 12:26:16 | 000,493,048 | ---- | M] (Check Point Software Technologies)
    forcefield.exe -> C:\Program Files\CheckPoint\ZAForceField\ForceField.exe -> [2010/09/02 12:26:14 | 000,738,808 | ---- | M] (Check Point Software Technologies)
    vsmon.exe -> C:\WINDOWS\system32\ZoneLabs\vsmon.exe -> [2010/09/02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD)
    zlclient.exe -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -> [2010/09/02 09:21:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD)
    acservice.exe -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.)
    bthelpnotifier.exe -> C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe -> [2009/12/07 11:50:52 | 001,584,640 | ---- | M] (Alcatel-Lucent)
    ekrn.exe -> C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -> [2009/05/14 14:47:54 | 000,731,840 | ---- | M] (ESET)
    egui.exe -> C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe -> [2009/05/14 14:47:08 | 002,029,640 | ---- | M] (ESET)
    yahooauservice.exe -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)
    explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
    msascui.exe -> C:\Program Files\Windows Defender\MSASCui.exe -> [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation)
    msmpeng.exe -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)
    issch.exe -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> [2005/06/10 10:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation)
    stsystra.exe -> C:\WINDOWS\stsystra.exe -> [2005/03/22 23:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.)
    dsagnt.exe -> C:\Program Files\Dell Support\DSAgnt.exe -> [2004/07/19 07:51:24 | 000,306,688 | ---- | M] (Gteko Ltd.)
     
    [Modules - Safe List]
    ots scan exe.exe -> C:\Documents and Settings\Jay\Desktop\OTS SCAN EXE.exe -> [2010/12/29 20:32:47 | 000,642,048 | ---- | M] (OldTimer Tools)
    am32-32300.dll -> C:\Program Files\Ad Muncher\AM32-32300.dll -> [2010/12/28 00:30:22 | 000,072,192 | ---- | M] (Murray Hurps Corp Pty Ltd)
    sahook.dll -> c:\Program Files\McAfee\SiteAdvisor\sahook.dll -> [2010/12/09 14:20:40 | 000,018,176 | ---- | M] (McAfee, Inc.)
    iswshex.dll -> C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll -> [2010/09/02 12:26:22 | 000,640,504 | ---- | M] (Check Point Software Technologies)
    comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation)
    mccicontexthook_dsr.dll -> C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll -> [2009/12/07 11:50:46 | 000,198,656 | ---- | M] (Alcatel-Lucent)
    msvcr80.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll -> [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation)
    msvcp80.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll -> [2009/07/12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation)
     
    [Win32 Services - Safe List]
    (KodakCCS) Kodak Camera Connection Software [On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\KodakCCS.exe -> File not found
    (AppMgmt) Application Management [On_Demand | Stopped] -> C:\WINDOWS\System32\appmgmts.dll -> File not found
    (McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Auto | Running] -> C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -> [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.)
    (MatSvc) Microsoft Automated Troubleshooting Service [On_Demand | Stopped] -> C:\Program Files\Microsoft Fix it Center\Matsvc.exe -> [2010/11/16 01:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation)
    (IswSvc) ZoneAlarm Toolbar IswSvc [Auto | Running] -> C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -> [2010/09/02 12:26:16 | 000,493,048 | ---- | M] (Check Point Software Technologies)
    (vsmon) TrueVector Internet Monitor [Auto | Running] -> C:\WINDOWS\System32\ZoneLabs\vsmon.exe -> [2010/09/02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD)
    (nosGetPlusHelper) getPlus(R) Helper 3004 [On_Demand | Stopped] -> C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -> [2010/09/01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.)
    (GoToAssist) GoToAssist [On_Demand | Stopped] -> C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -> [2010/08/09 14:10:00 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
    (ACDaemon) ArcSoft Connect Daemon [Auto | Running] -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.)
    (getPlusHelper) getPlus(R) Helper [On_Demand | Stopped] -> C:\Program Files\NOS\bin\getPlus_Helper.dll -> [2009/09/23 15:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.)
    (EhttpSrv) ESET HTTP Server [On_Demand | Stopped] -> C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -> [2009/05/14 14:54:22 | 000,020,680 | ---- | M] (ESET)
    (ekrn) ESET Service [Auto | Running] -> C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -> [2009/05/14 14:47:54 | 000,731,840 | ---- | M] (ESET)
    (YahooAUService) Yahoo! Updater [Auto | Running] -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)
    (WLSetupSvc) Windows Live Setup Service [On_Demand | Stopped] -> C:\Program Files\Windows Live\installer\WLSetupSvc.exe -> [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation)
    (WinDefend) Windows Defender [Auto | Running] -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)
    (dlcc_device) dlcc_device [On_Demand | Stopped] -> C:\WINDOWS\System32\dlcccoms.exe -> [2005/06/21 20:19:38 | 000,491,520 | ---- | M] ()
     
    [Driver Services - Safe List]
    (wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wanatw4.sys -> File not found
    (srescan) srescan [Kernel | Boot | Stopped] -> C:\WINDOWS\System32\ZoneLabs\srescan.sys -> File not found
    (MRENDIS5) MRENDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -> File not found
    (MREMPR5) MREMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -> File not found
    (ISWKL) ZoneAlarm Toolbar ISWKL [Kernel | Auto | Running] -> C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -> [2010/09/02 12:26:10 | 000,026,872 | ---- | M] (Check Point Software Technologies)
    (vsdatant) vsdatant [Kernel | System | Running] -> C:\WINDOWS\system32\vsdatant.sys -> [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD)
    (cpuz133) cpuz133 [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\cpuz133_x32.sys -> [2010/05/11 11:00:34 | 000,020,072 | ---- | M] (Windows (R) Win 7 DDK provider)
    (MREMP50) MREMP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Motive\MREMP50.sys -> [2009/12/07 11:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
    (MRESP50) MRESP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Motive\MRESP50.sys -> [2009/12/07 11:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
    (epfwtdir) epfwtdir [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\epfwtdir.sys -> [2009/05/14 14:49:32 | 000,094,360 | ---- | M] (ESET)
    (ehdrv) ehdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ehdrv.sys -> [2009/05/14 14:47:14 | 000,107,256 | ---- | M] (ESET)
    (eamon) eamon [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\eamon.sys -> [2009/05/14 14:41:10 | 000,114,472 | ---- | M] (ESET)
    (cpuz132) cpuz132 [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\cpuz132_x32.sys -> [2009/03/27 00:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider)
    (amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\amdagp.sys -> [2008/04/13 18:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
    (sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sisagp.sys -> [2008/04/13 18:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
    (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
    (STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\sthda.sys -> [2005/11/16 21:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.)
    (DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -> [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions)
    (DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -> [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions)
    (DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -> [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions)
    (DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -> [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions)
    (DLABOIOM) DLABOIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLABOIOM.SYS -> [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions)
    (DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -> [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions)
    (DLAPoolM) DLAPoolM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAPoolM.SYS -> [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions)
    (DLADResN) DLADResN [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLADResN.SYS -> [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions)
    (DLACDBHM) DLACDBHM [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLACDBHM.SYS -> [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions)
    (DLARTL_N) DLARTL_N [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLARTL_N.SYS -> [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions)
    (DRVNDDM) DRVNDDM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DRVNDDM.SYS -> [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions)
    (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2005/08/04 04:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.)
    (nv) nv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation)
    (SDDMI2) SDDMI2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\DDMI2.sys -> [2004/06/09 08:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.)
    (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sparrow.sys -> [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.)
    (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys -> [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic)
    (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_hi.sys -> [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic)
    (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys -> [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic)
    (symc810) symc810 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc810.sys -> [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.)
    (ultra) ultra [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ultra.sys -> [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.)
    (ql12160) ql12160 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql12160.sys -> [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation)
    (ql1080) ql1080 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1080.sys -> [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation)
    (ql1280) ql1280 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1280.sys -> [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation)
    (dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation)
    (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\mraid35x.sys -> [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.)
    (asc) asc [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc.sys -> [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.)
    (asc3550) asc3550 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc3550.sys -> [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.)
    (AliIde) AliIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\aliide.sys -> [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.)
    (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\cmdide.sys -> [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.)
     
    [Registry - Safe List]
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
    HKEY_LOCAL_MACHINE\: Main\\"Secondary Start Pages" -> http://www.live.com/ [binary data] -> 
    HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html -> 
    HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
    HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
    < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
    HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com -> 
    HKEY_CURRENT_USER\: Main\\"SearchDefaultBranded" -> 1 -> 
    HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Google -> 
    HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 -> 
    HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com/ -> 
    HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache" -> http://uk.msn.com/?ocid=iehp -> 
    HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-gb -> 
    HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> BA 0C 4C 8F 6B A7 CB 01  [binary data] -> 
    HKEY_CURRENT_USER\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
    HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
    HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/search?q=%s -> 
    HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
    HKEY_CURRENT_USER\: "ProxyOverride" -> 127.0.0.1;*.local -> 
    < FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Jay\Application Data\Mozilla\FireFox\Profiles\xi750tuh.default\prefs.js -> 
    browser.search.defaultenginename -> "Secure Search" ->
    browser.search.defaultthis.engineName -> "ZoneAlarm Security Customized Web Search" ->
    browser.search.defaulturl -> "http://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}" ->
    browser.search.selectedEngine -> "Google" ->
    browser.search.useDBForOrder -> true ->
    browser.startup.homepage -> "http://www.google.com/webhp?rls=ig" ->
    extensions.enabledItems -> {3ED591BC-7CC7-495B-A526-B2431356EDC1}:2.0 ->
    extensions.enabledItems -> {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 ->
    extensions.enabledItems -> [email protected]:5.0.1 ->
    extensions.enabledItems -> {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 ->
    extensions.enabledItems -> {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 ->
    extensions.enabledItems -> {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 ->
    extensions.enabledItems -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 ->
    extensions.enabledItems -> {91da5e8a-3318-4f8c-b67e-5964de3ab546}:2.6.0.15 ->
    extensions.enabledItems -> {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.240.0 ->
    keyword.URL -> "http://uk.search.yahoo.com/search?fr=mcafee&p=" ->
    network.proxy.no_proxies_on -> "127.0.0.1,*.local" ->
    < FireFox Settings [User.js] > -> C:\Documents and Settings\Jay\Application Data\Mozilla\FireFox\Profiles\xi750tuh.default\user.js -> 
    < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
    HKLM\software\mozilla\Firefox\Extensions ->  -> 
    HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker [C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER] -> [2010/11/21 17:15:33 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> C:\Program Files\McAfee\SiteAdvisor [C:\PROGRAM FILES\MCAFEE\SITEADVISOR] -> [2010/12/16 18:41:08 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Firefox\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1} -> C:\Program Files\Ad Muncher\FirefoxExtension_2.0 [C:\PROGRAM FILES\AD MUNCHER\FIREFOXEXTENSION_2.0] -> [2010/12/28 00:30:22 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions ->  -> 
    HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/12/20 15:26:51 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/12/11 18:22:57 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\SeaMonkey\Extensions ->  -> 
    HKLM\software\mozilla\SeaMonkey\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1} -> C:\Program Files\Ad Muncher\FirefoxExtension_2.0 [C:\PROGRAM FILES\AD MUNCHER\FIREFOXEXTENSION_2.0] -> [2010/12/28 00:30:22 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Thunderbird\Extensions ->  -> 
    HKLM\software\mozilla\Thunderbird\Extensions\\[email protected] -> C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD] -> [2009/05/20 15:57:17 | 000,000,000 | ---D | M]
    < FireFox Extensions [User Folders] > -> 
      -> C:\Documents and Settings\Jay\Application Data\Mozilla\Extensions -> [2008/09/14 08:24:14 | 000,000,000 | ---D | M]
      -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions -> [2010/12/29 11:44:47 | 000,000,000 | ---D | M]
    No name found   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(2) -> [2008/12/09 13:39:01 | 000,000,000 | ---D | M]
    Microsoft .NET Framework Assistant   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2010/07/28 18:10:46 | 000,000,000 | ---D | M]
    Flashblock   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} -> [2010/10/14 18:14:56 | 000,000,000 | ---D | M]
    IE Tab   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} -> [2009/06/03 17:59:30 | 000,000,000 | ---D | M]
    ZoneAlarm Security Toolbar   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546} -> [2010/11/21 16:55:30 | 000,000,000 | ---D | M]
    WOT   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} -> [2010/09/11 18:28:27 | 000,000,000 | ---D | M]
    No name found   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} -> [2010/08/17 11:39:36 | 000,000,000 | ---D | M]
    Adblock Plus   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2010/12/24 17:14:42 | 000,000,000 | ---D | M]
    Adobe DLM (powered by getPlus(R))   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} -> [2010/10/20 14:08:00 | 000,000,000 | ---D | M]
      -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\[email protected] -> [2010/09/23 12:03:06 | 000,000,000 | ---D | M]
      -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\[email protected] -> [2009/03/26 14:53:47 | 000,000,000 | ---D | M]
    < FireFox SearchPlugins [User Folders] > -> 
     bing.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\bing.xml -> [2010/09/23 15:49:26 | 000,001,820 | ---- | M] ()
     conduit.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\conduit.xml -> [2010/08/19 21:08:14 | 000,000,939 | ---- | M] ()
     google-translate-any--en.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\google-translate-any--en.xml -> [2010/09/23 15:52:52 | 000,002,027 | ---- | M] ()
     mozilla-add-ons.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\mozilla-add-ons.xml -> [2008/12/03 15:18:50 | 000,001,620 | ---- | M] ()
     searchgeek.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\searchgeek.xml -> [2010/01/28 20:24:59 | 000,001,859 | ---- | M] ()
     snappy-words.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\snappy-words.xml -> [2010/01/28 20:19:24 | 000,002,256 | ---- | M] ()
     thesaurus---referencecom.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\thesaurus---referencecom.xml -> [2010/09/23 15:53:46 | 000,001,539 | ---- | M] ()
     timeanddatecom.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\timeanddatecom.xml -> [2010/12/29 11:44:51 | 000,011,187 | ---- | M] ()
     wot-safe-search.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\wot-safe-search.xml -> [2010/09/11 15:44:32 | 000,002,306 | ---- | M] ()
    < FireFox Extensions [Program Folders] > -> 
      -> C:\Program Files\Mozilla Firefox\extensions -> [2010/12/29 11:44:47 | 000,000,000 | ---D | M]
    Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} -> [2010/08/04 17:23:15 | 000,000,000 | ---D | M]
    Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} -> [2010/10/29 18:02:46 | 000,000,000 | ---D | M]
    < HOSTS File > ([2010/12/27 13:34:16 | 000,429,771 | R--- | M] - 14842 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
    First 25 entries...
    Reset Hosts
    127.0.0.1       localhost
    127.0.0.1	www.007guard.com
    127.0.0.1	007guard.com
    127.0.0.1	008i.com
    127.0.0.1	www.008k.com
    127.0.0.1	008k.com
    127.0.0.1	www.00hq.com
    127.0.0.1	00hq.com
    127.0.0.1	010402.com
    127.0.0.1	www.032439.com
    127.0.0.1	032439.com
    127.0.0.1	www.100888290cs.com
    127.0.0.1	100888290cs.com
    127.0.0.1	www.100sexlinks.com
    127.0.0.1	100sexlinks.com
    127.0.0.1	www.10sek.com
    127.0.0.1	10sek.com
    127.0.0.1	www.123topsearch.com
    127.0.0.1	123topsearch.com
    127.0.0.1	www.132.com
    127.0.0.1	132.com
    127.0.0.1	www.136136.net
    127.0.0.1	136136.net
    127.0.0.1	www.163ns.com
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
    {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2009/09/20 01:26:32 | 001,172,280 | ---- | M] (Yahoo! Inc.)
    {30F9B915-B755-4826-820B-08FBA6BD249D} [HKLM] -> C:\Program Files\ConduitEngine\ConduitEngine.dll [Conduit Engine] -> [2010/10/18 10:26:36 | 003,908,192 | ---- | M] (Conduit Ltd.)
    {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
    {5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> [2005/09/08 05:20:00 | 000,110,652 | ---- | M] (Sonic Solutions)
    {872b5b88-9db5-4310-bdd0-ac189557e5f5} [HKLM] -> C:\Program Files\DVDVideoSoftTB\tbDVD0.dll [DVDVideoSoftTB Toolbar] -> [2010/09/23 15:36:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
    {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Security Engine Registrar] -> [2010/09/02 12:26:26 | 000,591,352 | ---- | M] (Check Point Software Technologies)
    {91da5e8a-3318-4f8c-b67e-5964de3ab546} [HKLM] -> C:\Program Files\ZoneAlarm_Security\tbZone.dll [ZoneAlarm Security Toolbar] -> [2010/06/13 19:10:00 | 002,734,688 | ---- | M] (Conduit Ltd.)
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> [2009/07/13 15:02:19 | 000,668,656 | ---- | M] (Google Inc.)
    {B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2010/12/07 15:42:12 | 000,251,416 | ---- | M] (McAfee, Inc.)
    {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [HKLM] -> C:\Program Files\DVDVideoSoft\tbDVD2.dll [DVDVideoSoftTB Toolbar] -> [2010/10/18 10:26:36 | 003,908,192 | ---- | M] (Conduit Ltd.)
    {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [SingleInstance Class] -> [2009/09/20 01:26:34 | 000,158,008 | ---- | M] (Yahoo! Inc)
    < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
    "{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2010/12/07 15:42:12 | 000,251,416 | ---- | M] (McAfee, Inc.)
    "{872b5b88-9db5-4310-bdd0-ac189557e5f5}" [HKLM] -> C:\Program Files\DVDVideoSoftTB\tbDVD0.dll [DVDVideoSoftTB Toolbar] -> [2010/09/23 15:36:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
    "{91da5e8a-3318-4f8c-b67e-5964de3ab546}" [HKLM] -> C:\Program Files\ZoneAlarm_Security\tbZone.dll [ZoneAlarm Security Toolbar] -> [2010/06/13 19:10:00 | 002,734,688 | ---- | M] (Conduit Ltd.)
    "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}" [HKLM] -> C:\Program Files\DVDVideoSoft\tbDVD2.dll [DVDVideoSoftTB Toolbar] -> [2010/10/18 10:26:36 | 003,908,192 | ---- | M] (Conduit Ltd.)
    "{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Security Engine] -> [2010/09/02 12:26:26 | 000,591,352 | ---- | M] (Check Point Software Technologies)
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [BT Yahoo! Toolbar] -> [2009/09/20 01:26:32 | 001,172,280 | ---- | M] (Yahoo! Inc.)
    "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
    WebBrowser\\"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}" [HKLM] -> C:\Program Files\DVDVideoSoftTB\tbDVD0.dll [DVDVideoSoftTB Toolbar] -> [2010/09/23 15:36:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
    WebBrowser\\"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}" [HKLM] -> C:\Program Files\ZoneAlarm_Security\tbZone.dll [ZoneAlarm Security Toolbar] -> [2010/06/13 19:10:00 | 002,734,688 | ---- | M] (Conduit Ltd.)
    WebBrowser\\"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}" [HKLM] -> C:\Program Files\DVDVideoSoft\tbDVD2.dll [DVDVideoSoftTB Toolbar] -> [2010/10/18 10:26:36 | 003,908,192 | ---- | M] (Conduit Ltd.)
    WebBrowser\\"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Security Engine] -> [2010/09/02 12:26:26 | 000,591,352 | ---- | M] (Check Point Software Technologies)
    WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [BT Yahoo! Toolbar] -> [2009/09/20 01:26:32 | 001,172,280 | ---- | M] (Yahoo! Inc.)
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "Ad Muncher" -> C:\Program Files\Ad Muncher\AdMunch.exe ["C:\Program Files\Ad Muncher\AdMunch.exe" /bt] -> [2010/12/28 00:30:22 | 000,534,728 | ---- | M] (Murray Hurps Corp Pty Ltd)
    "ArcSoft Connection Service" -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe] -> [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.)
    "btbb_McciTrayApp" -> C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe ["C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"] -> [2009/12/07 11:50:52 | 001,584,640 | ---- | M] (Alcatel-Lucent)
    "DLCCCATS" -> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]] -> [2005/06/07 18:38:10 | 000,069,632 | ---- | M] ()
    "egui" -> C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe ["C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice] -> [2009/05/14 14:47:08 | 002,029,640 | ---- | M] (ESET)
    "ISUSPM Startup" -> C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> [2005/06/10 10:44:02 | 000,249,856 | ---- | M] (InstallShield Software Corporation)
    "ISUSScheduler" -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2005/06/10 10:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation)
    "ISW" -> C:\Program Files\CheckPoint\ZAForceField\ForceField.exe ["C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"] -> [2010/09/02 12:26:14 | 000,738,808 | ---- | M] (Check Point Software Technologies)
    "MSKDetectorExe" -> C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall] -> [2005/07/12 19:05:30 | 001,117,184 | ---- | M] (McAfee, Inc.)
    "SBAutoUpdate" -> C:\Program Files\SpywareBlaster\sbautoupdate.exe ["C:\Program Files\SpywareBlaster\sbautoupdate.exe"] -> [2010/08/30 22:35:16 | 000,938,744 | ---- | M] ()
    "SigmatelSysTrayApp" -> C:\WINDOWS\stsystra.exe [stsystra.exe] -> [2005/03/22 23:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.)
    "Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation)
    "ZoneAlarm Client" -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe ["C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"] -> [2010/09/02 09:21:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD)
    < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "DellSupport" -> C:\Program Files\Dell Support\DSAgnt.exe ["C:\Program Files\Dell Support\DSAgnt.exe" /startup] -> [2004/07/19 07:51:24 | 000,306,688 | ---- | M] (Gteko Ltd.)
    "swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2009/07/13 15:02:19 | 000,039,408 | ---- | M] (Google Inc.)
    < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
     -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk.disabled -> [2006/09/28 20:40:49 | 000,001,725 | ---- | M] ()
    < Jay Startup Folder > -> C:\Documents and Settings\Jay\Start Menu\Programs\Startup -> 
    < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
    < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"HonorAutoRunSetting" ->  [1] -> File not found
    \\"NoCDBurning" ->  [0] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [145] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
    Block frame with Ad Muncher ->  [http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=836746Y8&id=menu_ie_frame] -> File not found
    Block image with Ad Muncher ->  [http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=836746Y8&id=menu_ie_image] -> File not found
    Block link with Ad Muncher ->  [http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=836746Y8&id=menu_ie_link] -> File not found
    Don't filter page with Ad Muncher ->  [http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=836746Y8&id=menu_ie_exclude] -> File not found
    Report page to the Ad Muncher developers ->  [http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=836746Y8&id=menu_ie_report] -> File not found
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
    {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}:res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM [HKLM] -> C:\Program Files\ieSpell\iespell.dll [Button: ieSpell] -> [2006/03/27 17:17:34 | 000,225,280 | ---- | M] (Red Egg Software)
    {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}:res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM [HKLM] -> C:\Program Files\ieSpell\iespell.dll [Menu: ieSpell] -> [2006/03/27 17:17:34 | 000,225,280 | ---- | M] (Red Egg Software)
    {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}:res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM [HKLM] -> C:\Program Files\ieSpell\iespell.dll [Menu: ieSpell Options] -> [2006/03/27 17:17:34 | 000,225,280 | ---- | M] (Red Egg Software)
    {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2007/10/26 17:09:54 | 000,154,640 | ---- | M] (Microsoft Corporation)
    {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2007/10/26 17:09:54 | 000,154,640 | ---- | M] (Microsoft Corporation)
    {7F9DB11C-E358-4ca6-A83D-ACC663939424}:{9999A076-A9E2-4C99-8A2B-632FC9429223} [HKLM] -> Reg Error: Key error. [Button: Bonjour] -> File not found
    {B06300D0-CCDE-11d2-92D3-0000F87A4A55}:{C651A691-CCD9-11D2-92D3-0000F87A4A55} [HKLM] -> C:\WINDOWS\system32\webzone.dll [Menu: Add to R&estricted Zone] -> [1999/03/01 19:03:28 | 000,036,864 | ---- | M] ()
    {BF80219A-CCDD-11d2-92D3-0000F87A4A55}:{C651A693-CCD9-11D2-92D3-0000F87A4A55} [HKLM] -> C:\WINDOWS\system32\webzone.dll [Menu: Add to Tr&usted Zone] -> [1999/03/01 19:03:28 | 000,036,864 | ---- | M] ()
    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
    {FC09D8A3-C85A-11d2-92D0-0000F87A4A55}:{A58D06D4-CA90-11D2-92D2-0000F87A4A55} [HKLM] -> C:\WINDOWS\system32\oline.dll [Button: Offline] -> [1999/02/24 02:00:28 | 000,036,864 | ---- | M] ()
    < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
    CmdMapping\\"{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}" [HKLM] ->  [ieSpell] -> File not found
    CmdMapping\\"{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}" [HKLM] ->  [ieSpell Options] -> File not found
    CmdMapping\\"{7F9DB11C-E358-4ca6-A83D-ACC663939424}" [HKLM] ->  [Bonjour] -> File not found
    CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Value error.] -> File not found
    < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7566 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
    < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 11505 domain(s) found. -> 
    s1_amazon.co.uk [http] -> Trusted sites -> 
    www_amazon.co.uk [http] -> Trusted sites -> 
    www_amazon.com [http] -> Trusted sites -> 
    www.yahoo_americangreetings.com [http] -> Trusted sites -> 
    antzinpantz.com .[http] -> Trusted sites -> 
    helpchat_att.net [http] -> Trusted sites -> 
    webmail_att.net [http] -> Trusted sites -> 
    www_att.net [http] -> Trusted sites -> 
    www_barking-moonbat.com [http] -> Trusted sites -> 
    www_barking-moonbat.com [https] -> Trusted sites -> 
    ayankinkiwiland_blogspot.com [http] -> Trusted sites -> 
    www_cnettv.com [http] -> Trusted sites -> 
    forums_computeractive.co.uk [http] -> Trusted sites -> 
    www_computeractive.co.uk [http] -> Trusted sites -> 
    www_dailymail.co.uk [https] -> Trusted sites -> 
    www_download.com [http] -> Trusted sites -> 
    www_drpic.com [http] -> Trusted sites -> 
    www_dvdvideosoft.com [http] -> Trusted sites -> 
    www_emsisoft.com [http] -> Trusted sites -> 
    secure_eset.co.uk [https] -> Trusted sites -> 
    secure.kodakgallery_eu.com [https] -> Trusted sites -> 
    www_foxnews.com [http] -> Trusted sites -> 
    www_google.co.uk [http] -> Trusted sites -> 
    mail_google.com [http] -> Trusted sites -> 
    computer_howstuffworks.com [http] -> Trusted sites -> 
    www_humanevents.com [http] -> Trusted sites -> 
    www_irs.gov [http] -> Trusted sites -> 
    www_jacquielawson.com [http] -> Trusted sites -> 
    www_jessops.com [http] -> Trusted sites -> 
    www_kodak.com [http] -> Trusted sites -> 
    wwwuk_kodak.com [http] -> Trusted sites -> 
    www_kodakgallery.com [http] -> Trusted sites -> 
    letterpop.com .[http] -> Trusted sites -> 
    account_live.com [https] -> Trusted sites -> 
    cid-56193df6ff453161.home.services.spaces_live.com [http] -> Trusted sites -> 
    memory_loc.gov [http] -> Trusted sites -> 
    mail_lycos.com [http] -> Trusted sites -> 
    www_memorexlive.com [http] -> Trusted sites -> 
    office_microsoft.com [http] -> Trusted sites -> 
    support_microsoft.com [http] -> Trusted sites -> 
    technet2_microsoft.com [http] -> Trusted sites -> 
    update_microsoft.com [http] -> Trusted sites -> 
    www.update_microsoft.com [http] -> Trusted sites -> 
    by123fd.bay123.hotmail_msn.com [http] -> Trusted sites -> 
    photobucket.com .[http] -> Trusted sites -> 
    s144_photobucket.com [http] -> Trusted sites -> 
    www_safer-networking.org [http] -> Trusted sites -> 
    investing_schwab.com [https] -> Trusted sites -> 
    www_serif.com [http] -> Trusted sites -> 
    www_shagjam.com [http] -> Trusted sites -> 
    www1_snapfish.co.uk [http] -> Trusted sites -> 
    www_techsupportguy.com [http] -> Trusted sites -> 
    www_telegraph.co.uk [http] -> Trusted sites -> 
    www_tesco.com [http] -> Trusted sites -> 
    www_tescodigital.com [http] -> Trusted sites -> 
    www_theothersideofkim.com [http] -> Trusted sites -> 
    london_usembassy.gov [http] -> Trusted sites -> 
    wiredness.com .[http] -> Trusted sites -> 
    online_wsj.com [http] -> Trusted sites -> 
    uk.f256.mail_yahoo.com [http] -> Trusted sites -> 
    www_yousendit.com [https] -> Trusted sites -> 
    news_zdnet.com [http] -> Trusted sites -> 
    review_zdnet.com [http] -> Trusted sites -> 
    download_zonelabs.com [http] -> Trusted sites -> 
    < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
    {02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> http://office.microsoft.com/templates/ieawsdc.cab [Microsoft Office Template and Media Control] -> 
    {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [HKLM] -> http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab [Office Genuine Advantage Validation Tool] -> 
    {166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
    {17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] -> 
    {215B8138-A3CF-44C5-803F-8226143CFC0A} [HKLM] -> http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab [Trend Micro ActiveX Scan Agent 6.6] -> 
    {31E68DE2-5548-4B23-88F0-C51E6A0F695E} [HKLM] -> https://support.microsoft.com/OAS/ActiveX/odc.cab [Microsoft PID Sniffer] -> 
    {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [HKLM] -> http://office.microsoft.com/officeupdate/content/opuc3.cab [Office Update Installation Engine] -> 
    {406B5949-7190-4245-91A9-30A17DE16AD0} [HKLM] -> http://www.snapfish.co.uk/SnapfishUKActivia.cab [Snapfish Activia] -> 
    {474F00F5-3853-492C-AC3A-476512BBC336} [HKLM] -> http://picasaweb.google.co.uk/s/v/43.11/uploader2.cab [UploadListView Class] -> 
    {5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab [Windows Live Safety Center Base Module] -> 
    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231951123843 [MUWebControl Class] -> 
    {6F750200-1362-4815-A476-88533DE61D0C} [HKLM] -> http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab [Ofoto Upload Manager Class] -> 
    {7F8C8173-AD80-4807-AA75-5672F22B4582} [HKLM] -> http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab [ICSScanner Class] -> 
    {7FC1B346-83E6-4774-8D20-1A6B09B0E737} [HKLM] -> http://cid-56193df6ff453161.spaces.live.com/PhotoUpload/MsnPUpld.cab [Windows Live Photo Upload Control] -> 
    {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22] -> 
    {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} [HKLM] -> https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx [Get_ActiveX Control] -> 
    {BD8667B7-38D8-4C77-B580-18C3E146372C} [HKLM] -> http://ak.imgag.com/imgag/cp/install/Crusher.cab [Creative Toolbox Plug-in] -> 
    {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [HKLM] -> http://office.microsoft.com/officeupdate/content/opuc4.cab [Office Update Installation Engine] -> 
    {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} [HKLM] -> http://mail.lycos.com/hanmail-ax/AttachMail.cab [LycosMail Upload Control] -> 
    {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab [Reg Error: Key error.] -> 
    {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab [Reg Error: Key error.] -> 
    {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Reg Error: Key error.] -> 
    {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22] -> 
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22] -> 
    {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} [HKLM] -> http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab [CTAdjust Class] -> 
    {E8F628B5-259A-4734-97EE-BA914D7BE941} [HKLM] -> http://driveragent.com/files/driveragent.cab [Driver Agent ActiveX Control] -> 
    {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} [HKLM] -> http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll [PCPitstop Exam] -> 
    Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key error.] -> 
    Photobucket Publisher [HKLM] -> http://pic.photobucket.com/plugins/csve/photobucket_publisher.CAB [Reg Error: Key error.] -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
    DhcpNameServer -> 192.168.1.254 -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
    {CE0939F7-AC83-4916-9A59-38F3DBA89298}\\DhcpNameServer -> 192.168.1.254   (Intel(R) PRO/100 VE Network Connection) -> 
    IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
    "MaxScriptStatements" -> Reg Error: Invalid data type.
    "Use My Stylesheet" -> Reg Error: Invalid data type.
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
    Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
    GoToAssist -> C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll -> [2010/08/09 14:10:00 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
    < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> C:\Program Files\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 19:20:00 | 000,083,224 | ---- | M] (Microsoft Corporation)
    < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
    < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
    "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare] -> [2009/07/10 13:49:24 | 000,323,584 | ---- | M] (Eastman Kodak Company)
    "C:\WINDOWS\system32\ZoneLabs\vsmon.exe" -> C:\WINDOWS\System32\ZoneLabs\vsmon.exe [C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon] -> [2010/09/02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD)
    < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
    < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
    "AutoRun" -> 1 -> 
    "DisplayName" -> CD-ROM Driver -> 
    "ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
    < Drives with AutoRun files > ->  -> 
    C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 13:04:08 | 000,000,000 | ---- | M] ()
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
    \{6b05da32-e9f4-11de-90c2-00123fcd16ce}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell
    \{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell\\"" ->  [AutoRun] -> File not found
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell\AutoRun
    \{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell\AutoRun\command
    \{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found
    < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
    comfile [open] -> "%1" %* -> 
    exefile [open] -> "%1" %* -> 
    < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
    .com [@ = comfile] -> "%1" %* -> 
    .exe [@ = exefile] -> "%1" %* -> 
     
    [Registry - Additional Scans - Safe List]
    < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
    !AVG Anti-Spyware hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Reg Error: Value error. -> File not found
    < Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
    "bootini" -> 0 -> 
    "services" -> 0 -> 
    "startup" -> 0 -> 
    "system.ini" -> 0 -> 
    "win.ini" -> 0 -> 
    < EventViewer Logs - Last 10 Errors > -> Event Information -> Description
    Application [ Error ] 20/12/2010 10:33:14 AM Computer Name = DFY1752J | Source = Ci | ID = 4126 -> Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci. Index will   be automatically restored by refiltering all documents.
    Application [ Error ] 27/12/2010 4:42:08 PM Computer Name = DFY1752J | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module tbdvd0.dll, version 5.7.3.1, fault address 0x0014bc46.
    Application [ Error ] 27/12/2010 4:42:12 PM Computer Name = DFY1752J | Source = Application Error | ID = 1001 -> Description = Fault bucket 2019923880.
    Application [ Error ] 27/12/2010 4:42:21 PM Computer Name = DFY1752J | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module tbdvd0.dll, version 5.7.3.1, fault address 0x0014bc46.
    Application [ Error ] 27/12/2010 4:42:24 PM Computer Name = DFY1752J | Source = Application Error | ID = 1001 -> Description = Fault bucket 2019923880.
    Application [ Error ] 27/12/2010 4:42:32 PM Computer Name = DFY1752J | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module tbdvd0.dll, version 5.7.3.1, fault address 0x0014bc46.
    Application [ Error ] 29/12/2010 10:58:27 AM Computer Name = DFY1752J | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module tbdvd0.dll, version 5.7.3.1, fault address 0x0014bc46.
    Application [ Error ] 29/12/2010 10:59:19 AM Computer Name = DFY1752J | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
    Application [ Error ] 29/12/2010 11:04:04 AM Computer Name = DFY1752J | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module tbdvd0.dll, version 5.7.3.1, fault address 0x0014bc46.
    Application [ Error ] 29/12/2010 11:04:31 AM Computer Name = DFY1752J | Source = Application Error | ID = 1001 -> Description = Fault bucket 2019923880.
    System [ Error ] 02/12/2010 3:52:12 AM Computer Name = DFY1752J | Source = DCOM | ID = 10016 -> Description = The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BA126AD1-2166-11D1-B1D0-00805FC1270E}   to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
    System [ Error ] 09/12/2010 9:49:23 AM Computer Name = DFY1752J | Source = DCOM | ID = 10016 -> Description = The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BA126AD1-2166-11D1-B1D0-00805FC1270E}   to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
    System [ Error ] 16/12/2010 11:21:55 AM Computer Name = DFY1752J | Source = DCOM | ID = 10016 -> Description = The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BA126AD1-2166-11D1-B1D0-00805FC1270E}   to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
    System [ Error ] 22/12/2010 8:48:01 AM Computer Name = DFY1752J | Source = DCOM | ID = 10010 -> Description = The server {B366DEBE-645B-43A5-B865-DDD82C345492} did not register with DCOM within the required timeout.
    System [ Error ] 23/12/2010 4:26:58 PM Computer Name = DFY1752J | Source = DCOM | ID = 10016 -> Description = The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BA126AD1-2166-11D1-B1D0-00805FC1270E}   to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
    System [ Error ] 29/12/2010 11:39:25 AM Computer Name = DFY1752J | Source = Service Control Manager | ID = 7031 -> Description = The ESET Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
     
    [Files/Folders - Created Within 30 Days]
     OTS SCAN EXE.exe -> C:\Documents and Settings\Jay\Desktop\OTS SCAN EXE.exe -> [2010/12/29 20:32:37 | 000,642,048 | ---- | C] (OldTimer Tools)
     HijackThis.exe -> C:\Documents and Settings\Jay\Desktop\HijackThis.exe -> [2010/12/27 18:01:22 | 000,388,608 | ---- | C] (Trend Micro Inc.)
     SNOWY ENGLAND -> C:\Documents and Settings\Jay\Desktop\SNOWY ENGLAND -> [2010/12/24 16:32:45 | 000,000,000 | ---D | C]
     ndproxy.sys -> C:\WINDOWS\System32\dllcache\ndproxy.sys -> [2010/12/15 13:36:59 | 000,040,960 | ---- | C] (Microsoft Corporation)
     $hf_mig$ -> C:\WINDOWS\$hf_mig$ -> [2010/12/15 13:36:20 | 000,000,000 | -H-D | C]
     wab.exe -> C:\WINDOWS\System32\dllcache\wab.exe -> [2010/12/15 13:36:04 | 000,045,568 | ---- | C] (Microsoft Corporation)
     GPhotos.scr -> C:\WINDOWS\System32\GPhotos.scr -> [2010/12/02 03:35:18 | 004,280,320 | ---- | C] (Google Inc.)
     1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
     1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
     
    [Files/Folders - Modified Within 30 Days]
     MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2010/12/30 09:22:51 | 000,000,330 | -H-- | M] ()
     wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/12/30 09:20:32 | 000,002,206 | ---- | M] ()
     Google Software Updater.job -> C:\WINDOWS\tasks\Google Software Updater.job -> [2010/12/30 09:20:11 | 000,000,868 | ---- | M] ()
     ConfigExec.job -> C:\WINDOWS\tasks\ConfigExec.job -> [2010/12/30 09:19:56 | 000,000,616 | -H-- | M] ()
     bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/12/30 09:19:44 | 000,002,048 | --S- | M] ()
     hiberfil.sys -> C:\hiberfil.sys -> [2010/12/30 09:19:41 | 3890,368,512 | -HS- | M] ()
     OTS SCAN EXE.exe -> C:\Documents and Settings\Jay\Desktop\OTS SCAN EXE.exe -> [2010/12/29 20:32:47 | 000,642,048 | ---- | M] (OldTimer Tools)
     Download OTS.doc -> C:\Documents and Settings\Jay\Desktop\Download OTS.doc -> [2010/12/29 20:32:15 | 000,019,456 | ---- | M] ()
     Microsoft Word.lnk -> C:\Documents and Settings\Jay\Desktop\Microsoft Word.lnk -> [2010/12/29 20:29:18 | 000,002,473 | ---- | M] ()
     GoogleUpdateTaskUserS-1-5-21-2759717361-3091317912-2750151619-1006UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2759717361-3091317912-2750151619-1006UA.job -> [2010/12/29 20:13:00 | 000,000,968 | ---- | M] ()
     DataUpload.job -> C:\WINDOWS\tasks\DataUpload.job -> [2010/12/29 19:37:00 | 000,000,580 | -H-- | M] ()
     fssort.ini -> C:\Documents and Settings\Jay\Desktop\fssort.ini -> [2010/12/29 18:56:44 | 000,000,265 | -H-- | M] ()
     GoogleUpdateTaskUserS-1-5-21-2759717361-3091317912-2750151619-1006Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2759717361-3091317912-2750151619-1006Core.job -> [2010/12/29 17:13:00 | 000,000,916 | ---- | M] ()
     MAIL DELIVERY ONE reduced.jpg -> C:\Documents and Settings\Jay\Desktop\MAIL DELIVERY ONE reduced.jpg -> [2010/12/29 16:00:01 | 000,059,825 | ---- | M] ()
     .recently-used.xbel -> C:\Documents and Settings\Jay\.recently-used.xbel -> [2010/12/29 15:54:45 | 000,093,529 | ---- | M] ()
     User_Feed_Synchronization-{E54FF94D-3893-42A5-B6F9-EE26CF5E1FDA}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{E54FF94D-3893-42A5-B6F9-EE26CF5E1FDA}.job -> [2010/12/29 10:53:46 | 000,000,388 | -H-- | M] ()
     EasyShare Registration Task.job -> C:\WINDOWS\tasks\EasyShare Registration Task.job -> [2010/12/28 12:47:01 | 000,000,432 | ---- | M] ()
     HijackThis.exe -> C:\Documents and Settings\Jay\Desktop\HijackThis.exe -> [2010/12/27 18:01:29 | 000,388,608 | ---- | M] (Trend Micro Inc.)
     To the right of the green arrow under HijackThis downloads click on the Executable button and download the HijackThis.doc -> C:\Documents and Settings\Jay\Desktop\To the right of the green arrow under HijackThis downloads click on the Executable button and download the HijackThis.doc -> [2010/12/27 17:51:10 | 000,019,968 | ---- | M] ()
     hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010/12/27 13:34:16 | 000,429,771 | R--- | M] ()
     You can not fight terrorism or street rioting young thugs with human rights legislation.doc -> C:\Documents and Settings\Jay\Desktop\You can not fight terrorism or street rioting young thugs with human rights legislation.doc -> [2010/12/27 13:32:50 | 000,024,576 | ---- | M] ()
     A ****ED UP SONY SITE.jpg -> C:\Documents and Settings\Jay\Desktop\A ****ED UP SONY SITE.jpg -> [2010/12/26 17:13:28 | 000,031,988 | ---- | M] ()
     Sony CFDS05 Digital CD Radio Cassette Player.doc -> C:\Documents and Settings\Jay\Desktop\Sony CFDS05 Digital CD Radio Cassette Player.doc -> [2010/12/26 16:37:36 | 000,019,456 | ---- | M] ()
     Carol Vorderman Gor-Jus at 50.jpg -> C:\Documents and Settings\Jay\Desktop\Carol Vorderman Gor-Jus at 50.jpg -> [2010/12/26 15:24:53 | 000,119,810 | ---- | M] ()
     Our recent three NIGHTS IN PARIS.doc -> C:\Documents and Settings\Jay\Desktop\Our recent three NIGHTS IN PARIS.doc -> [2010/12/24 19:23:23 | 000,029,696 | ---- | M] ()
     A VERY ANNOYING AD.jpg -> C:\Documents and Settings\Jay\Desktop\A VERY ANNOYING AD.jpg -> [2010/12/23 20:34:16 | 000,012,235 | ---- | M] ()
     A CARD FOR DREW xmas 2010.doc -> C:\Documents and Settings\Jay\My Documents\A CARD FOR DREW xmas 2010.doc -> [2010/12/23 15:28:20 | 000,025,088 | ---- | M] ()
     hosts.20101227-133416.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20101227-133416.backup -> [2010/12/23 12:08:59 | 000,429,771 | R--- | M] ()
     Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/12/22 13:43:10 | 000,000,784 | ---- | M] ()
     FIXING THE FIX.doc -> C:\Documents and Settings\Jay\Desktop\FIXING THE FIX.doc -> [2010/12/21 18:53:19 | 000,019,456 | ---- | M] ()
     mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
     mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation)
     A FAT BAG OF ****.jpg -> C:\Documents and Settings\Jay\Desktop\A FAT BAG OF ****.jpg -> [2010/12/19 19:46:49 | 000,047,765 | ---- | M] ()
     hosts.20101223-120858.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20101223-120858.backup -> [2010/12/18 10:17:43 | 000,429,105 | R--- | M] ()
     FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/12/15 13:44:01 | 000,372,872 | ---- | M] ()
     imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/12/15 13:39:05 | 000,001,393 | ---- | M] ()
     perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/12/15 13:20:44 | 000,442,466 | ---- | M] ()
     perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/12/15 13:20:44 | 000,071,732 | ---- | M] ()
     Launch Internet Explorer Browser.lnk -> C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> [2010/12/15 13:20:35 | 000,000,779 | ---- | M] ()
     hosts.20101218-101742.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20101218-101742.backup -> [2010/12/15 11:40:36 | 000,428,361 | R--- | M] ()
     http examples.doc -> C:\Documents and Settings\Jay\Desktop\http examples.doc -> [2010/12/14 20:08:06 | 000,024,064 | ---- | M] ()
     AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/12/11 19:23:01 | 000,000,284 | ---- | M] ()
     Picasa 3.lnk -> C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk -> [2010/12/09 15:34:57 | 000,000,777 | ---- | M] ()
     hosts.20101215-114036.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20101215-114036.backup -> [2010/12/09 14:39:42 | 000,428,361 | R--- | M] ()
     To Whom it May Concern tesco dec. 6,2010.doc -> C:\Documents and Settings\Jay\My Documents\To Whom it May Concern tesco dec. 6,2010.doc -> [2010/12/05 15:39:23 | 000,020,480 | ---- | M] ()
     hosts.20101209-143941.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20101209-143941.backup -> [2010/12/02 11:25:10 | 000,428,073 | R--- | M] ()
     GPhotos.scr -> C:\WINDOWS\System32\GPhotos.scr -> [2010/12/02 03:35:18 | 004,280,320 | ---- | M] (Google Inc.)
     3 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
     1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
     1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
     
    [Files - No Company Name]
     Download OTS.doc -> C:\Documents and Settings\Jay\Desktop\Download OTS.doc -> [2010/12/29 20:29:41 | 000,019,456 | ---- | C] ()
     MAIL DELIVERY ONE reduced.jpg -> C:\Documents and Settings\Jay\Desktop\MAIL DELIVERY ONE reduced.jpg -> [2010/12/29 15:56:20 | 000,059,825 | ---- | C] ()
     .recently-used.xbel -> C:\Documents and Settings\Jay\.recently-used.xbel -> [2010/12/29 15:54:45 | 000,093,529 | ---- | C] ()
     To the right of the green arrow under HijackThis downloads click on the Executable button and download the HijackThis.doc -> C:\Documents and Settings\Jay\Desktop\To the right of the green arrow under HijackThis downloads click on the Executable button and download the HijackThis.doc -> [2010/12/27 17:51:10 | 000,019,968 | ---- | C] ()
     A ****ED UP SONY SITE.jpg -> C:\Documents and Settings\Jay\Desktop\A ****ED UP SONY SITE.jpg -> [2010/12/26 16:47:42 | 000,031,988 | ---- | C] ()
     Sony CFDS05 Digital CD Radio Cassette Player.doc -> C:\Documents and Settings\Jay\Desktop\Sony CFDS05 Digital CD Radio Cassette Player.doc -> [2010/12/26 16:37:35 | 000,019,456 | ---- | C] ()
     Carol Vorderman Gor-Jus at 50.jpg -> C:\Documents and Settings\Jay\Desktop\Carol Vorderman Gor-Jus at 50.jpg -> [2010/12/26 15:24:51 | 000,119,810 | ---- | C] ()
     Our recent three NIGHTS IN PARIS.doc -> C:\Documents and Settings\Jay\Desktop\Our recent three NIGHTS IN PARIS.doc -> [2010/12/23 21:47:24 | 000,029,696 | ---- | C] ()
     A VERY ANNOYING AD.jpg -> C:\Documents and Settings\Jay\Desktop\A VERY ANNOYING AD.jpg -> [2010/12/23 20:33:26 | 000,012,235 | ---- | C] ()
     A CARD FOR DREW xmas 2010.doc -> C:\Documents and Settings\Jay\My Documents\A CARD FOR DREW xmas 2010.doc -> [2010/12/23 15:28:20 | 000,025,088 | ---- | C] ()
     FIXING THE FIX.doc -> C:\Documents and Settings\Jay\Desktop\FIXING THE FIX.doc -> [2010/12/21 18:51:27 | 000,019,456 | ---- | C] ()
     A FAT BAG OF ****.jpg -> C:\Documents and Settings\Jay\Desktop\A FAT BAG OF ****.jpg -> [2010/12/19 19:46:48 | 000,047,765 | ---- | C] ()
     You can not fight terrorism or street rioting young thugs with human rights legislation.doc -> C:\Documents and Settings\Jay\Desktop\You can not fight terrorism or street rioting young thugs with human rights legislation.doc -> [2010/12/16 22:15:47 | 000,024,576 | ---- | C] ()
     Launch Internet Explorer Browser.lnk -> C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> [2010/12/15 13:20:34 | 000,000,779 | ---- | C] ()
     imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/12/15 13:19:30 | 000,001,393 | ---- | C] ()
     To Whom it May Concern tesco dec. 6,2010.doc -> C:\Documents and Settings\Jay\My Documents\To Whom it May Concern tesco dec. 6,2010.doc -> [2010/12/05 15:39:23 | 000,020,480 | ---- | C] ()
     kodakpcd.ini -> C:\Documents and Settings\Jay\Local Settings\Application Data\kodakpcd.ini -> [2010/01/07 14:13:42 | 000,000,022 | ---- | C] ()
     clear.log -> C:\Documents and Settings\Jay\Local Settings\Application Data\clear.log -> [2009/11/03 12:42:57 | 000,229,182 | ---- | C] ()
     Relax.ini -> C:\WINDOWS\Relax.ini -> [2008/06/06 17:31:59 | 000,000,052 | ---- | C] ()
     OGACheckControl.DLL -> C:\WINDOWS\System32\OGACheckControl.DLL -> [2007/03/05 12:34:28 | 000,676,224 | ---- | C] ()
     Svclog.log -> C:\Documents and Settings\All Users\Application Data\Svclog.log -> [2007/02/21 12:01:37 | 000,838,514 | ---- | C] ()
     dvd.bmk -> C:\Documents and Settings\Jay\Application Data\dvd.bmk -> [2007/02/02 15:34:30 | 000,003,072 | ---- | C] ()
     vidx16.dll -> C:\WINDOWS\System32\vidx16.dll -> [2006/12/15 10:20:17 | 000,010,240 | ---- | C] ()
     SBTEDrv.sys -> C:\WINDOWS\System32\drivers\SBTEDrv.sys -> [2006/10/30 09:30:30 | 000,010,032 | ---- | C] ()
     YCRWin32.dll -> C:\WINDOWS\System32\YCRWin32.dll -> [2006/10/19 12:25:56 | 000,065,536 | ---- | C] ()
     UNRAR3.dll -> C:\WINDOWS\System32\UNRAR3.dll -> [2006/09/19 18:44:25 | 000,153,088 | ---- | C] ()
     dlccpmui.dll -> C:\WINDOWS\System32\dlccpmui.dll -> [2006/09/15 13:49:03 | 000,638,976 | ---- | C] ()
     dlccins.dll -> C:\WINDOWS\System32\dlccins.dll -> [2006/09/15 13:49:03 | 000,155,648 | ---- | C] ()
     dlccinsr.dll -> C:\WINDOWS\System32\dlccinsr.dll -> [2006/09/15 13:49:03 | 000,106,496 | ---- | C] ()
     dlcccomm.dll -> C:\WINDOWS\System32\dlcccomm.dll -> [2006/09/15 13:49:02 | 000,413,696 | ---- | C] ()
     dlccpplc.dll -> C:\WINDOWS\System32\dlccpplc.dll -> [2006/09/15 13:49:02 | 000,114,688 | ---- | C] ()
     dlccvs.dll -> C:\WINDOWS\System32\dlccvs.dll -> [2006/09/15 13:49:02 | 000,040,960 | ---- | C] ()
     dlccusb1.dll -> C:\WINDOWS\System32\dlccusb1.dll -> [2006/09/15 13:49:01 | 001,134,592 | ---- | C] ()
     dlcchbn3.dll -> C:\WINDOWS\System32\dlcchbn3.dll -> [2006/09/15 13:49:01 | 000,770,048 | ---- | C] ()
     dlcclmpm.dll -> C:\WINDOWS\System32\dlcclmpm.dll -> [2006/09/15 13:49:01 | 000,483,328 | ---- | C] ()
     dlccprox.dll -> C:\WINDOWS\System32\dlccprox.dll -> [2006/09/15 13:49:01 | 000,155,648 | ---- | C] ()
     dlccserv.dll -> C:\WINDOWS\System32\dlccserv.dll -> [2006/09/15 13:49:00 | 001,183,744 | ---- | C] ()
     dlcccomc.dll -> C:\WINDOWS\System32\dlcccomc.dll -> [2006/09/15 13:49:00 | 000,704,512 | ---- | C] ()
     dlccutil.dll -> C:\WINDOWS\System32\dlccutil.dll -> [2006/09/15 13:48:59 | 000,430,080 | ---- | C] ()
     dlcccu.dll -> C:\WINDOWS\System32\dlcccu.dll -> [2006/09/15 13:48:59 | 000,073,728 | ---- | C] ()
     dlcccur.dll -> C:\WINDOWS\System32\dlcccur.dll -> [2006/09/15 13:48:59 | 000,036,864 | ---- | C] ()
     dlccinsb.dll -> C:\WINDOWS\System32\dlccinsb.dll -> [2006/09/15 13:48:58 | 000,176,128 | ---- | C] ()
     dlcccub.dll -> C:\WINDOWS\System32\dlcccub.dll -> [2006/09/15 13:48:58 | 000,086,016 | ---- | C] ()
     dlccjswr.dll -> C:\WINDOWS\System32\dlccjswr.dll -> [2006/09/15 13:48:57 | 000,131,072 | ---- | C] ()
     dlcccfg.dll -> C:\WINDOWS\System32\dlcccfg.dll -> [2006/09/15 13:48:54 | 000,069,632 | ---- | C] ()
     libeay32_0.9.6l.dll -> C:\WINDOWS\System32\libeay32_0.9.6l.dll -> [2006/06/22 18:22:20 | 000,796,584 | ---- | C] ()
     ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2006/05/31 10:32:33 | 000,000,376 | ---- | C] ()
     VistaEmail.ini -> C:\WINDOWS\VistaEmail.ini -> [2006/05/30 20:45:17 | 000,000,042 | ---- | C] ()
     iltwain.ini -> C:\WINDOWS\iltwain.ini -> [2006/04/21 16:08:40 | 000,000,034 | ---- | C] ()
     msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2006/04/17 10:26:23 | 000,000,002 | ---- | C] ()
     fusioncache.dat -> C:\Documents and Settings\Jay\Local Settings\Application Data\fusioncache.dat -> [2006/04/11 16:23:37 | 000,000,126 | ---- | C] ()
     DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Jay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2006/03/25 15:09:47 | 000,020,480 | ---- | C] ()
     smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2006/03/19 11:40:09 | 000,000,061 | ---- | C] ()
     wininit.ini -> C:\WINDOWS\wininit.ini -> [2006/03/19 11:38:07 | 000,000,126 | ---- | C] ()
     OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2006/03/19 11:12:30 | 000,000,475 | ---- | C] ()
     SDelete.dll -> C:\WINDOWS\System32\SDelete.dll -> [2005/11/02 09:39:16 | 000,040,960 | ---- | C] ()
     openports.dll -> C:\WINDOWS\System32\openports.dll -> [2005/11/02 09:39:16 | 000,024,924 | ---- | C] ()
     dlcccnv4.dll -> C:\WINDOWS\System32\dlcccnv4.dll -> [2005/04/01 10:44:16 | 000,061,440 | ---- | C] ()
     orun32.ini -> C:\WINDOWS\orun32.ini -> [2004/08/10 13:12:05 | 000,000,891 | ---- | C] ()
     fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2004/08/10 13:01:18 | 000,001,793 | ---- | C] ()
     ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2004/08/10 12:57:52 | 000,004,161 | ---- | C] ()
     px.ini -> C:\WINDOWS\System32\px.ini -> [2004/06/09 11:19:20 | 000,000,000 | ---- | C] ()
     MSO97V.DLL -> C:\WINDOWS\System32\MSO97V.DLL -> [2002/12/09 23:00:00 | 001,708,032 | ---- | C] ()
     DOCOBJ.DLL -> C:\WINDOWS\System32\DOCOBJ.DLL -> [2002/12/09 23:00:00 | 000,036,864 | ---- | C] ()
     MSORFS.DLL -> C:\WINDOWS\System32\MSORFS.DLL -> [2002/12/09 23:00:00 | 000,032,768 | ---- | C] ()
     HLINKPRX.DLL -> C:\WINDOWS\System32\HLINKPRX.DLL -> [2002/12/09 23:00:00 | 000,032,768 | ---- | C] ()
     webzone.dll -> C:\WINDOWS\System32\webzone.dll -> [1999/03/01 19:03:28 | 000,036,864 | ---- | C] ()
     oline.dll -> C:\WINDOWS\System32\oline.dll -> [1999/02/24 02:00:28 | 000,036,864 | ---- | C] ()
     MSRTEDIT.DLL -> C:\WINDOWS\System32\MSRTEDIT.DLL -> [1999/01/22 18:46:58 | 000,065,536 | ---- | C] ()
     REGOBJ.DLL -> C:\WINDOWS\System32\REGOBJ.DLL -> [1998/01/12 08:00:00 | 000,040,448 | ---- | C] ()
     
    [Alternate Data Streams]
    @Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
    @Alternate Data Stream - 494 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    < End of report >
    
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/970926

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice