WiredWX Hobby Weather ToolsLog in

 


Bearshare mediabar

2 posters

descriptionBearshare mediabar EmptyBearshare mediabar

more_horiz
I am stuck with a hijacked homepage on Firefox, even after uninstalling and reinstalling FF, its been taken over by bearshare.( supposedly a music P2P site) and I cannot shift it.
Its lurking as a hidden file in progs, something like bearshareC:/programs//bearshare apps./mediabar but I cannot shift it. Removed it on ad-remove progs and most of it went apart from these traces.
I have tried malwarebytes, superantispyware, cccleaner, spybot, hijackthis and others but they dont see it. I know there is a longwinded regedit way to do this but never done a regedit so a bit nervous of taking that route. Any alternative ( free) suggestions would be most welcome.

descriptionBearshare mediabar EmptyRe: Bearshare mediabar

more_horiz
Hi.Welcome.


Let clean out these first....


Copy the text the in the code box to notepad. Save it as fixreg.reg to your desktop.
Be sure the "Save as" type is set to "all files"
Once you have saved it double click it and allow it to merge with the registry.



REGEDIT4
[-HKEY_CLASSES_ROOT\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
[-HKEY_CLASSES_ROOT\CLSID\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\uninstall\bearshare mediabar]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\uninstall\bearshare mediabar\displayicon]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\uninstall\bearshare mediabar\DisplayName]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\uninstall\bearshare mediabar\NoModify]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\uninstall\bearshare mediabar\NoRepair]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\uninstall\bearshare mediabar\Path]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\uninstall\bearshare mediabar\Publisher]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\uninstall\bearshare mediabar\UninstallString]



Then..................
Please carry out the instructions that are posted.... Here

descriptionBearshare mediabar EmptyRe: Bearshare mediabar

more_horiz
Problems posting OTL logs, part 1+2 or separately, "file too big" error.
Help!

descriptionBearshare mediabar EmptyRe: Bearshare mediabar

more_horiz
Go in parts.Its not going to be a problem.

descriptionBearshare mediabar EmptyRe: Bearshare mediabar

more_horiz
OK, will try in bits

OTL logfile created on: 04/01/2011 03:58:57 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENU | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 199.71 Gb Free Space | 85.76% Space Free | Partition Type: NTFS

Computer Name: CHRIS-D43E51E89 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/04 03:56:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.com
PRC - [2010/12/14 20:02:18 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/11/24 18:15:11 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/11/12 09:31:52 | 001,145,992 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\Fighters\FighterSuiteService.exe
PRC - [2010/11/12 09:31:30 | 000,214,664 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\Fighters\sfus.exe
PRC - [2010/11/12 09:31:25 | 000,821,384 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\Fighters\sfagent.exe
PRC - [2010/07/17 09:53:41 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/04 19:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/06/13 10:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/05 19:57:03 | 000,475,136 | ---- | M] (WheresJames Software (www.wheresjames.com)) -- C:\Program Files\WheresJames\StartupMgr\StartupMgr.exe


========== Modules (SafeList) ==========

MOD - [2011/01/04 03:56:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.com
MOD - [2010/07/04 21:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2006/08/25 15:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/29 10:41:26 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/11/24 18:15:11 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/11/12 09:31:52 | 001,145,992 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files\Fighters\FighterSuiteService.exe -- (Suite Service)
SRV - [2010/11/12 09:31:30 | 000,214,664 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files\Fighters\sfus.exe -- (SPAMfighter Update Service)
SRV - [2010/07/21 13:50:45 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/17 09:54:16 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/17 09:54:13 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2007/09/26 15:06:43 | 001,838,592 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\DKbFltr.sys -- (DKbFltr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\adiusbaw.sys -- (adiusbaw)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)
DRV - [2010/07/17 09:54:19 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/17 09:54:14 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/07/17 09:54:14 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/07/17 09:54:14 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/07/17 09:54:13 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/07/17 09:53:42 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 08:44:56 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/10 18:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/13 15:49:01 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/02/17 18:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/26 23:58:15 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2009/11/26 23:58:15 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2007/12/21 03:53:20 | 002,843,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/12/19 17:53:00 | 000,037,376 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001)
DRV - [2007/10/23 10:51:04 | 000,103,296 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/04/24 11:33:46 | 000,100,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mgmt.sys -- (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/24 11:33:46 | 000,098,696 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125obex.sys -- (s125obex)
DRV - [2007/04/24 11:33:44 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007/04/24 11:33:42 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007/04/24 11:33:34 | 000,083,336 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)
DRV - [2007/04/03 13:57:54 | 000,099,080 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
DRV - [2007/04/03 13:57:52 | 000,098,696 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116obex.sys -- (s116obex)
DRV - [2007/04/03 13:57:52 | 000,023,176 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)
DRV - [2007/04/03 13:57:50 | 000,100,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 13:57:48 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007/04/03 13:57:48 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007/04/03 13:57:42 | 000,083,336 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2007/03/08 17:47:28 | 000,000,000 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Ultra.dll -- (ultra)
DRV - [2006/12/29 03:41:16 | 000,054,272 | R--- | M] (DAVICOM Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dm9usb.sys -- (DM9USB)
DRV - [2006/08/04 08:29:24 | 000,043,904 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/05/04 11:02:00 | 000,380,928 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2006/05/02 17:12:06 | 000,229,376 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/03/17 18:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/02/26 21:46:20 | 000,081,408 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/02/07 11:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/10/07 14:13:56 | 000,083,344 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\z530obex.sys -- (z530obex)
DRV - [2005/10/07 14:13:04 | 000,085,408 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\z530mgmt.sys -- (z530mgmt) Sony Ericsson Z530 USB WMC Device Management Drivers (WDM)
DRV - [2005/10/07 14:12:12 | 000,094,064 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\z530mdm.sys -- (z530mdm)
DRV - [2005/10/07 14:12:08 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\z530mdfl.sys -- (z530mdfl)
DRV - [2005/10/07 14:11:06 | 000,058,288 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\z530bus.sys -- (z530bus) Sony Ericsson Z530 Driver driver (WDM)
DRV - [2005/10/07 12:25:34 | 000,058,288 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810bus.sys -- (w810bus) Sony Ericsson W810 Driver driver (WDM)
DRV - [2004/10/27 16:21:36 | 000,138,240 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/13 02:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/04 12:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/03/24 02:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2001/08/17 11:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search Powered by Google"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.selectedEngine: "BearShare Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com/"
FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1
FF - prefs.js..keyword.URL: "http://search.bearshare.com/web?src=ffb&systemid=2&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/01/01 18:56:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/01 19:09:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/04 03:50:48 | 000,000,000 | ---D | M]

[2010/12/31 22:01:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2011/01/03 22:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\8tnfnad1.default\extensions
[2011/01/01 18:58:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\8tnfnad1.default\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}(2)
[2011/01/01 18:57:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\8tnfnad1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2011/01/01 18:57:25 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\8tnfnad1.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2011/01/03 22:23:00 | 000,000,000 | ---D | M] (Microsoft Default Manager) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\8tnfnad1.default\extensions\DefaultManager@Microsoft
[2011/01/01 18:58:25 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\8tnfnad1.default\extensions\en-GB@dictionaries.addons.mozilla(2).org
[2011/01/01 18:58:24 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\8tnfnad1.default\extensions\en-US@dictionaries.addons.mozilla(2).org
[2011/01/01 18:58:24 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\8tnfnad1.default\extensions\piclens@cooliris(2).com
[2009/10/21 19:01:26 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\8tnfnad1.default\searchplugins\conduit.xml
[2010/12/30 17:34:01 | 000,001,588 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\8tnfnad1.default\searchplugins\ixquick---uk.xml
[2011/01/04 03:24:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/04 03:24:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2008/06/18 06:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2007/08/10 04:14:16 | 000,229,376 | ---- | M] (Couponstar Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npcpbrkuk7.dll
[2005/02/08 00:04:00 | 000,135,680 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npcsau7.dll
[2011/01/04 03:24:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/09/15 11:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2010/12/03 17:47:02 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/03 17:47:02 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/03 17:47:02 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/03 17:47:02 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2007/09/27 17:07:22 | 000,000,947 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (TweakMASTER PRO Component) - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\Program Files\TweakMASTER\TweakBHO.dll (Hagel Technologies Ltd)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [sfagent] C:\Program Files\Fighters\sfagent.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Spyware Doctor with AntiVirus] C:\Documents and Settings\Chris\Desktop\sdasetup[1].exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WheresJames Startup Manager] C:\Program Files\WheresJames\StartupMgr\StartupMgr.exe (WheresJames Software (www.wheresjames.com))
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe (NOS Microsystems Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Add to &LinkFox - C:\Program Files\TweakMASTER\TweakBHO.dll (Hagel Technologies Ltd)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: FreshDownload - {73670950-D4F7-4066-96E0-88F70E25B5F8} - C:\Program Files\FreshDevices\FreshDownload\fd.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Value error.)
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaudio.cab (Reg Error: Value error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1294113133203 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/05 16:04:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: AVG Anti-Spyware Driver - Driver
SafeBootMin: AVG Anti-Spyware Guard - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: AVG Anti-Spyware Driver - Driver
SafeBootNet: AVG Anti-Spyware Guard - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0430454D-47EA-11D6-AD58-00010333D0AD} - Reg Error: Value error.
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - Reg Error: Value error.
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {90953F2E-C8CE-D2DE-4A73-C0FE2D896AE0} - Outlook Express
ActiveX: {924C1588-90C3-4910-B6CA-D57A1C0418FE} - Reg Error: Value error.
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Compression Technologies, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\Ir50_32.dll (Intel Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54901231209938944)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/04 03:56:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.com
[2011/01/04 03:52:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/01/04 03:24:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/01/04 03:24:40 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/01/03 22:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/01/03 22:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/01/03 22:06:30 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2011/01/03 22:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\Unlocker
[2011/01/03 22:06:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2011/01/02 20:38:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/01/02 20:25:37 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2011/01/02 20:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2011/01/02 20:12:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Perfect Uninstaller
[2011/01/01 21:10:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/01/01 21:10:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/01/01 20:41:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/01 20:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/01 20:41:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/01 19:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/01/01 18:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\avi
[2011/01/01 18:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\2007-8 invoices
[2011/01/01 18:57:03 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/01/01 18:57:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/01/01 18:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BT Broadband Talk Softphone
[2011/01/01 18:56:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\BT
[2011/01/01 18:56:37 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/01/01 18:56:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2011/01/01 18:56:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\Recent
[2011/01/01 18:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/01/01 16:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com
[2011/01/01 16:18:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/01/01 16:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Malwarebytes
[2011/01/01 16:01:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/01 16:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/31 22:05:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CCB
[2010/12/31 22:01:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\My Received Files
[2010/12/24 23:28:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Apple Computer
[2010/12/24 23:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/12/24 23:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/12/24 23:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/12/24 23:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/12/24 23:27:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/12/24 23:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/12/24 23:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/12/24 23:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/12/24 23:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Apple Computer
[2010/12/13 16:05:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\nativity
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Chris\Desktop\*.tmp files -> C:\Documents and Settings\Chris\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/04 03:56:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.com
[2011/01/04 03:50:48 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/01/04 03:36:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/04 03:35:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/04 03:24:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/01/04 03:24:32 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/04 03:24:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/04 03:24:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/04 03:24:32 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/01/04 03:14:12 | 000,001,140 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\fixreg.reg
[2011/01/03 22:06:31 | 000,001,120 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\eBay.lnk
[2011/01/03 22:06:31 | 000,001,120 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk
[2011/01/03 19:39:14 | 000,000,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/01/02 21:05:57 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/01/02 21:05:57 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Spybot - Search & Destroy.lnk
[2011/01/02 20:38:06 | 000,513,032 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\sdasetup[1].exe
[2011/01/02 20:12:35 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2011/01/02 20:12:33 | 000,000,677 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Perfect Uninstaller.lnk
[2011/01/02 20:12:33 | 000,000,659 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Perfect Uninstaller.lnk
[2011/01/02 17:59:21 | 000,210,944 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/01 21:10:47 | 000,001,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/01 20:41:51 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/01/01 20:41:51 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/01 19:09:54 | 000,001,630 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/01 19:09:54 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/12/31 22:01:40 | 000,000,146 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Emoticons for your messenger!.url
[2010/12/31 18:41:37 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\CRASH SCORECARD.doc
[2010/12/31 15:41:09 | 000,000,225 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\cards20.gif
[2010/12/31 15:41:04 | 000,000,270 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\cards17.gif
[2010/12/31 15:40:53 | 000,000,313 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\cards32.gif
[2010/12/31 15:40:47 | 000,000,378 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\cards30.gif
[2010/12/31 15:40:40 | 000,000,334 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\cards29.gif
[2010/12/30 11:19:13 | 000,005,892 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\435305-Royalty-Free-RF-Clipart-Illustration-Of-A-3d-Black-Club-Playing-Card-Button.jpg
[2010/12/28 21:19:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/28 18:59:06 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\RAY ELAINE CHRIS RAY ELAINE CHRIS.doc
[2010/12/26 14:45:04 | 000,027,727 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\michael-jackson_history_vol11.jpg
[2010/12/25 06:01:34 | 006,426,710 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\IMG_0000.mp4
[2010/12/20 20:18:07 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\pc build 12-10.doc
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Chris\Desktop\*.tmp files -> C:\Documents and Settings\Chris\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/04 03:50:48 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/01/04 03:14:12 | 000,001,140 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\fixreg.reg
[2011/01/03 22:06:31 | 000,001,120 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\eBay.lnk
[2011/01/03 22:06:31 | 000,001,120 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk
[2011/01/03 19:38:28 | 000,000,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/01/02 20:38:07 | 000,513,032 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\sdasetup[1].exe
[2011/01/02 20:12:35 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2011/01/02 20:12:33 | 000,000,677 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Perfect Uninstaller.lnk
[2011/01/02 20:12:33 | 000,000,659 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Perfect Uninstaller.lnk
[2011/01/02 20:02:34 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Internet Explorer.lnk
[2011/01/01 21:10:47 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/01 20:41:51 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/01/01 20:41:51 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/31 22:01:40 | 000,000,146 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Emoticons for your messenger!.url
[2010/12/31 15:41:09 | 000,000,225 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\cards20.gif
[2010/12/31 15:41:04 | 000,000,270 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\cards17.gif
[2010/12/31 15:40:53 | 000,000,313 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\cards32.gif
[2010/12/31 15:40:47 | 000,000,378 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\cards30.gif
[2010/12/31 15:40:40 | 000,000,334 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\cards29.gif
[2010/12/30 14:31:43 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\CRASH SCORECARD.doc
[2010/12/30 11:16:47 | 000,005,892 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\435305-Royalty-Free-RF-Clipart-Illustration-Of-A-3d-Black-Club-Playing-Card-Button.jpg
[2010/12/28 18:59:06 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\RAY ELAINE CHRIS RAY ELAINE CHRIS.doc
[2010/12/26 14:45:04 | 000,027,727 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\michael-jackson_history_vol11.jpg
[2010/12/26 14:13:10 | 006,426,710 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\IMG_0000.mp4
[2010/12/24 23:27:02 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/13 21:19:09 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\pc build 12-10.doc
[2009/06/23 21:50:55 | 000,308,224 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2009/06/23 21:50:55 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2008/06/12 22:46:44 | 000,000,088 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2008/05/06 13:08:17 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2007/09/27 16:39:19 | 001,200,128 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2007/09/27 16:39:19 | 001,015,808 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2007/09/27 16:39:19 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2007/09/27 16:39:18 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/09/27 16:39:18 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/09/27 16:39:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2007/09/12 18:27:26 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/08/26 15:20:44 | 000,000,046 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2007/07/17 10:53:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/07 16:08:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SelSet.INI
[2007/04/03 15:06:41 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/03/08 17:47:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Ultra.dll
[2007/03/05 18:53:52 | 000,210,944 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/05 18:41:32 | 000,000,104 | R--- | C] () -- C:\WINDOWS\hpw1100k.ini
[2007/03/05 18:39:26 | 000,014,671 | ---- | C] () -- C:\WINDOWS\hpbj1100.ini
[2007/03/05 16:10:09 | 000,020,069 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2007/03/05 16:09:28 | 000,019,744 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/03/05 16:09:27 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/03/05 16:09:24 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/03/05 14:48:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 12:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2000/01/07 00:00:00 | 000,024,448 | ---- | C] () -- C:\WINDOWS\sysgtime.dll
[2000/01/07 00:00:00 | 000,024,448 | ---- | C] () -- C:\WINDOWS\System32\proclsvr.drv

descriptionBearshare mediabar EmptyRe: Bearshare mediabar

more_horiz
Other half of first log:

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2007/03/05 16:04:00 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2008/02/11 20:56:59 | 000,001,522 | -H-- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2007/03/05 16:04:21 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/03/05 16:09:12 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2007/03/05 16:09:11 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2007/10/15 19:26:59 | 023,402,288 | ---- | M] ( ) -- C:\Documents and Settings\Chris\Desktop\AdbeRdr810_en_US.exe
[2009/03/22 21:40:07 | 009,596,744 | ---- | M] (Avery ) -- C:\Documents and Settings\Chris\Desktop\averywizard_3_1_en_uk.exe
[2007/07/17 10:43:09 | 013,308,682 | ---- | M] (Avery ) -- C:\Documents and Settings\Chris\Desktop\avery_wizard_3_1_uk.exe
[2003/04/22 20:02:14 | 000,135,168 | ---- | M] (AVIPreview by AJ) -- C:\Documents and Settings\Chris\Desktop\AVIPreview.exe
[2007/10/16 10:26:16 | 000,798,244 | ---- | M] (Joshua F. Madison ) -- C:\Documents and Settings\Chris\Desktop\ConvertSetup.exe
[2008/05/06 13:07:58 | 001,157,392 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\couponprinter.exe
[2009/03/03 18:58:22 | 002,565,056 | ---- | M] (IObit ) -- C:\Documents and Settings\Chris\Desktop\DefragSetup(3).exe
[2008/05/31 20:22:27 | 018,289,392 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\Chris\Desktop\DivXInstaller.exe
[2007/09/26 17:01:06 | 000,053,760 | ---- | M] (Tolunay Orkun) -- C:\Documents and Settings\Chris\Desktop\DRTCP021.exe
[2009/06/27 19:21:13 | 077,738,888 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Chris\Desktop\ExcelViewer.exe
[2009/11/28 21:08:00 | 028,868,320 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Chris\Desktop\FileFormatConverters.exe
[2007/03/05 18:27:18 | 005,808,632 | ---- | M] (Mozilla) -- C:\Documents and Settings\Chris\Desktop\Firefox Setup 2.0.0.2.exe
[2009/08/06 22:28:19 | 007,872,680 | ---- | M] (Mozilla) -- C:\Documents and Settings\Chris\Desktop\Firefox Setup 3.5.2.exe
[2008/07/16 20:51:47 | 000,306,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Chris\Desktop\GoogleEarthPluginSetup_en.exe
[2008/03/20 10:40:47 | 034,130,184 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Chris\Desktop\GoogleSketchUpWEN(2).exe
[2007/06/02 18:35:41 | 015,732,984 | ---- | M] (Google ) -- C:\Documents and Settings\Chris\Desktop\Google_Earth_BZXD.exe
[2005/02/16 11:06:00 | 000,218,112 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\Chris\Desktop\HijackThis.exe
[2007/10/09 06:42:55 | 005,809,216 | ---- | M] (Hypnotizer) -- C:\Documents and Settings\Chris\Desktop\hyplay.exe
[2007/06/16 21:16:38 | 001,591,515 | ---- | M] (WheresJames.com) -- C:\Documents and Settings\Chris\Desktop\InstallAPClockPlayer.exe
[2008/11/04 12:26:37 | 002,165,104 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Chris\Desktop\InstallSnapfishPluginV3.exe
[2007/09/27 18:35:05 | 005,970,944 | ---- | M] (Irfan Skiljan) -- C:\Documents and Settings\Chris\Desktop\irfanview_plugins_400_setup.exe
[2007/03/13 19:14:46 | 000,763,144 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\IsoBurner-Setup.exe
[2009/02/03 21:13:16 | 002,267,648 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\photoeditor180.exe
[2009/04/30 10:42:06 | 002,273,024 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\photoeditor200.exe
[2007/07/17 10:06:40 | 001,592,068 | ---- | M] (Anderson Wilson ) -- C:\Documents and Settings\Chris\Desktop\Presilo-EN.exe
[2009/01/28 07:33:39 | 007,514,704 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Chris\Desktop\rminstall.exe
[2011/01/02 20:38:06 | 000,513,032 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\sdasetup[1].exe
[2009/09/26 18:50:11 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Chris\Desktop\setup-spybotsd162.exe
[2008/10/12 23:03:35 | 000,589,312 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Shared Writings Poetry 1(2).exe
[2008/01/14 00:05:38 | 000,589,312 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Shared Writings Poetry 1.exe
[2007/07/22 19:52:49 | 003,673,600 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\sitegwi.exe
[2009/06/10 19:55:12 | 001,000,616 | ---- | M] (SPAMfighter ApS) -- C:\Documents and Settings\Chris\Desktop\slow-pcfighter_Web.exe
[2000/10/16 13:30:56 | 000,217,088 | ---- | M] (65 Systems) -- C:\Documents and Settings\Chris\Desktop\SpaceMonger.exe
[2009/04/09 19:49:18 | 001,699,576 | ---- | M] (SPAMfighter ApS) -- C:\Documents and Settings\Chris\Desktop\spamfighter_web.exe
[2007/10/19 08:14:56 | 000,881,192 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Chris\Desktop\WGAPluginInstall.exe
[2007/11/02 14:23:12 | 025,755,448 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Chris\Desktop\wmp11-windowsxp-x86-enu.exe
[2007/05/16 13:08:30 | 000,318,904 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Chris\Desktop\wmpfirefoxplugin.exe
[2009/06/19 22:34:47 | 233,139,240 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Chris\Desktop\X12-30247.exe
[1 C:\Documents and Settings\Chris\Desktop\*.tmp files -> C:\Documents and Settings\Chris\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2002/03/11 08:45:04 | 001,708,856 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Chris\My Documents\instmsia.exe
[2002/03/11 09:06:30 | 001,822,520 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Chris\My Documents\instmsiw.exe
[2006/11/13 16:31:40 | 000,315,392 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\setup.exe

< %USERPROFILE%\*.exe >
[2007/12/13 10:59:03 | 000,557,056 | ---- | M] (Citrix Online) -- C:\Documents and Settings\Chris\GoToAssist_phone__306_en.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2010/12/03 19:43:55 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2010/12/03 19:43:55 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2010/12/03 19:43:55 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2010/12/03 19:43:55 | 000,245,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/03/05 16:09:11 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Chris\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/03/05 13:51:27 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/03/05 13:51:27 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/03/05 13:51:27 | 000,929,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 12:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/04 12:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/04 12:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 12:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 12:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/03/24 02:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\nsndis5.sys
[2004/08/04 12:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 12:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 12:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 12:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 12:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 12:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 12:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 12:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 12:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 12:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2004/08/04 12:00:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2008/09/15 11:57:41 | 001,846,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2007/12/21 02:17:24 | 000,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2erec.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %SYSTEMDRIVE%\*.* >
[2007/03/05 16:04:18 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/03/05 15:59:39 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2007/03/05 16:04:18 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/05/19 06:38:23 | 000,000,360 | ---- | M] () -- C:\drmHeader.bin
[2007/03/05 16:04:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/04 03:32:06 | 000,021,586 | ---- | M] () -- C:\JavaRa.log
[2010/12/26 18:35:57 | 000,004,274 | ---- | M] () -- C:\LU4.log
[2007/03/05 16:04:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 12:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/01/04 03:35:20 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007/10/02 07:17:27 | 000,007,790 | ---- | M] () -- C:\resetlog.txt

< %PROGRAMFILES%\*. >
[2007/10/30 13:31:32 | 000,000,000 | ---D | M] -- C:\Program Files\3B Software
[2009/03/22 22:58:07 | 000,000,000 | ---D | M] -- C:\Program Files\Actual Moon 3D
[2007/03/13 19:19:48 | 000,000,000 | ---D | M] -- C:\Program Files\Ad Muncher
[2011/01/04 03:50:40 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2007/06/16 21:18:50 | 000,000,000 | ---D | M] -- C:\Program Files\Amazing Planet
[2007/03/05 16:14:49 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2007/03/15 19:41:55 | 000,000,000 | ---D | M] -- C:\Program Files\AntiSpam Engine
[2011/01/01 18:58:06 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2007/09/27 16:58:23 | 000,000,000 | ---D | M] -- C:\Program Files\Ascentive
[2011/01/04 03:45:04 | 000,000,000 | ---D | M] -- C:\Program Files\Ashampoo
[2007/03/05 15:26:35 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2007/03/05 16:20:08 | 000,000,000 | ---D | M] -- C:\Program Files\Attansic
[2009/03/22 21:44:02 | 000,000,000 | ---D | M] -- C:\Program Files\Avery
[2009/11/26 23:58:13 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2011/01/03 22:28:41 | 000,000,000 | ---D | M] -- C:\Program Files\Bing Bar Installer
[2009/12/05 22:18:10 | 000,000,000 | ---D | M] -- C:\Program Files\BitTorrent
[2011/01/01 18:59:53 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/01/01 18:57:00 | 000,000,000 | ---D | M] -- C:\Program Files\BT Broadband Talk Softphone
[2007/12/13 22:13:23 | 000,000,000 | ---D | M] -- C:\Program Files\BT Home Hub
[2007/11/02 14:15:18 | 000,000,000 | ---D | M] -- C:\Program Files\Codec
[2011/01/03 19:42:27 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2007/03/05 16:01:48 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/05/06 13:08:17 | 000,000,000 | ---D | M] -- C:\Program Files\Coupon Printer
[2007/12/17 20:57:46 | 000,000,000 | ---D | M] -- C:\Program Files\D-Link
[2010/02/28 21:54:40 | 000,000,000 | ---D | M] -- C:\Program Files\Dan Elwell's Broadband Speed Test
[2009/07/09 21:20:25 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2008/01/14 08:11:20 | 000,000,000 | ---D | M] -- C:\Program Files\DNA
[2007/09/27 16:54:17 | 000,000,000 | ---D | M] -- C:\Program Files\DU Meter
[2011/01/04 03:35:52 | 000,000,000 | ---D | M] -- C:\Program Files\Fighters
[2008/06/30 21:49:23 | 000,000,000 | ---D | M] -- C:\Program Files\FreshDevices
[2010/03/24 22:13:58 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011/01/03 21:10:47 | 000,000,000 | ---D | M] -- C:\Program Files\GraphicView32
[2007/03/05 16:52:46 | 000,000,000 | ---D | M] -- C:\Program Files\Grisoft
[2007/03/05 18:45:01 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2011/01/02 20:25:37 | 000,000,000 | ---D | M] -- C:\Program Files\HijackThis
[2009/11/28 20:59:44 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2007/03/05 16:10:38 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2008/12/12 20:02:05 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/12/05 22:21:49 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2010/12/24 23:27:58 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/11/21 15:04:49 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2011/01/01 18:58:04 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/01/04 03:32:06 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2007/10/16 10:26:39 | 000,000,000 | ---D | M] -- C:\Program Files\JoshMadison
[2007/04/03 15:06:41 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2011/01/03 21:10:47 | 000,000,000 | ---D | M] -- C:\Program Files\LANguard Network Scanner
[2007/03/13 19:38:06 | 000,000,000 | ---D | M] -- C:\Program Files\LSoft Technologies
[2011/01/01 20:41:51 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/22 22:58:08 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2011/01/03 22:28:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007/07/17 10:53:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2007/03/05 16:04:28 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/11/28 21:08:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/01/03 22:07:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/03/22 22:58:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2007/07/17 10:48:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works Suite 2003
[2007/03/05 16:02:26 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/01/01 19:09:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/11/28 21:08:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2007/03/05 16:00:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2007/03/05 16:01:16 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/03/17 01:20:10 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/03/05 16:02:41 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2007/12/19 20:10:29 | 000,000,000 | ---D | M] -- C:\Program Files\Network Stumbler
[2011/01/04 03:49:28 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2007/03/05 16:01:25 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2007/03/07 18:49:02 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 2.1
[2010/03/16 20:53:04 | 000,000,000 | ---D | M] -- C:\Program Files\Optimal Programs
[2007/06/13 09:15:35 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2011/01/02 20:12:33 | 000,000,000 | ---D | M] -- C:\Program Files\Perfect Uninstaller
[2009/03/22 22:58:11 | 000,000,000 | ---D | M] -- C:\Program Files\PIXresizer
[2007/07/17 10:07:12 | 000,000,000 | ---D | M] -- C:\Program Files\Presilo
[2011/01/01 18:58:06 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2002/01/01 00:27:05 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/06/20 22:25:05 | 000,000,000 | ---D | M] -- C:\Program Files\Serif
[2009/12/28 00:20:51 | 000,000,000 | ---D | M] -- C:\Program Files\SIW
[2010/03/22 23:56:16 | 000,000,000 | ---D | M] -- C:\Program Files\Smart2DCutting
[2007/12/26 17:51:10 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Ericsson
[2010/11/21 14:58:23 | 000,000,000 | ---D | M] -- C:\Program Files\SPAMfighter
[2011/01/02 21:07:02 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2009/09/05 19:25:56 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2011/01/01 21:10:56 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2009/03/22 22:58:12 | 000,000,000 | ---D | M] -- C:\Program Files\The Weather Channel
[2007/09/27 16:54:16 | 000,000,000 | ---D | M] -- C:\Program Files\TweakMASTER
[2007/03/05 16:09:04 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/03/19 18:54:24 | 000,000,000 | ---D | M] -- C:\Program Files\Univision Canada Limited
[2011/01/03 22:06:31 | 000,000,000 | ---D | M] -- C:\Program Files\Unlocker
[2011/01/03 21:10:48 | 000,000,000 | ---D | M] -- C:\Program Files\UP
[2009/05/09 19:41:54 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2007/03/05 19:57:02 | 000,000,000 | ---D | M] -- C:\Program Files\WheresJames
[2009/03/22 22:58:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2007/03/31 17:40:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2007/03/05 16:01:08 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2007/03/05 16:03:26 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2007/03/05 16:04:28 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2008/08/03 22:08:29 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2007/03/05 14:48:25 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Chris\Application Data\desktop.ini
[2010/08/27 13:09:03 | 000,070,112 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\GDIPFONTCACHEV1.DAT


< MD5 for: AGP440.SYS >
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys
[2004/08/04 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2004/08/04 12:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys
[2008/04/13 18:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/04 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2009/02/06 18:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
[2009/02/06 18:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[2004/08/04 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 12:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 12:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2004/08/03 22:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2004/08/03 22:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\system32\drivers\USBSTOR.SYS
[2008/04/13 18:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-02-26 20:00:58

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

descriptionBearshare mediabar EmptyRe: Bearshare mediabar

more_horiz
OTL Extras logfile created on: 04/01/2011 03:58:57 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENU | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 199.71 Gb Free Space | 85.76% Space Free | Partition Type: NTFS

Computer Name: CHRIS-D43E51E89 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Value error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- ()
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0EA44599-1E9D-4517-A088-9588A9FAB211}" = AirPlus G
"{1D0AB230-E7BC-41CB-A50C-F282273E897B}" = SPAMfighter Client
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Giga Ethernet Utility
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23970E31-948B-466E-8376-1224D32FDF0C}" = Convert
"{242B9150-74EC-4606-AAB1-2F0C719378D7}" = hp business inkjet 1100
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JRAID
"{43983EB4-43DC-4C3D-9712-1EF592A31CA8}" = OpenOffice.org 2.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{56FBF401-0D15-4BA7-B7EE-2BECD86FC8DA}" = LANguard Network Scanner
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2009.10.22
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BDC83FD3-1A0F-46FB-8852-5E9A94294143}" = Serif PagePlus 8.0 PDF Edition
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Active@ ISO Burner v 1.1" = Active@ ISO Burner v 1.1
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"All ATI Software" = ATI - Software Uninstall Utility
"AtcL1" = Attansic L1 Gigabit Ethernet Driver
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG 9.0
"BT Broadband Talk Softphone Frontier_is1" = BT Broadband Talk Softphone 2.0
"BT Home Hub" = BT Home Hub
"Clock Player 1.4" = Clock Player 1.4
"Codec_is1" = Codec 8.1 build 4
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer2.0" = Coupon Printer
"cutting" = Cutting Optimization pro
"Dan Elwell's Broadband Speed Test_is1" = Dan Elwell's Broadband Speed Test
"dumeter3_is1" = DU Meter
"Google Desktop" = Google Desktop
"GraphicView 32" = GraphicView 32
"HijackThis" = HijackThis 1.99.1
"Intelligent Remote Module" = Intelligent Remote Module
"IObit SmartDefrag Beta 2.1_is1" = IObit SmartDefrag Beta 2.1
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.88 Full
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.8
"Picasa 3" = Picasa 3
"PIXresizer_is1" = PIXresizer 2.0.3
"Presilo Label Builder_is1" = Presilo 0.4.3.0
"Smart2DCutting_is1" = Smart2DCutting 3.2 Demo
"SPAMfighter" = SPAMfighter
"twkmastr1_is1" = TweakMASTER
"Unlocker" = Unlocker 1.9.0
"UP286_is1" = Ultimate Paint 2.88 Freeware Edition
"WheresJames Startup Manager 2.22" = WheresJames Startup Manager 2.22
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2003Setup" = Microsoft Works 2003 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD" = XviD MPEG-4 Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/04/2009 05:40:16 | Computer Name = CHRIS-D43E51E89 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 16/04/2009 17:01:35 | Computer Name = CHRIS-D43E51E89 | Source = Application Error | ID = 1000
Description = Faulting application i_view32.exe, version 4.1.0.0, faulting module
mpg.dll, version 3.9.7.0, fault address 0x000011d0.

Error - 20/04/2009 14:57:31 | Computer Name = CHRIS-D43E51E89 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3372, faulting module
kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.

Error - 20/04/2009 15:03:41 | Computer Name = CHRIS-D43E51E89 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3372, faulting module
kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.

Error - 21/04/2009 14:18:48 | Computer Name = CHRIS-D43E51E89 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 29/04/2009 04:05:14 | Computer Name = CHRIS-D43E51E89 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 06/05/2009 17:28:21 | Computer Name = CHRIS-D43E51E89 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2002 -- Error 1706. Setup cannot find the
required files. Check your connection to the network, or CD-ROM drive. For other
potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 27/05/2009 15:41:23 | Computer Name = CHRIS-D43E51E89 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module unknown, version 0.0.0.0, fault address 0x051322d4.

Error - 09/06/2009 16:40:46 | Computer Name = CHRIS-D43E51E89 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2002 -- Error 1706. Setup cannot find the
required files. Check your connection to the network, or CD-ROM drive. For other
potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 13/12/2009 06:45:39 | Computer Name = CHRIS-D43E51E89 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 03/01/2011 23:34:28 | Computer Name = CHRIS-D43E51E89 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/01/2011 23:34:28 | Computer Name = CHRIS-D43E51E89 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/01/2011 23:34:28 | Computer Name = CHRIS-D43E51E89 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/01/2011 23:34:28 | Computer Name = CHRIS-D43E51E89 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/01/2011 23:34:28 | Computer Name = CHRIS-D43E51E89 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/01/2011 23:34:29 | Computer Name = CHRIS-D43E51E89 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/01/2011 23:34:29 | Computer Name = CHRIS-D43E51E89 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/01/2011 23:35:49 | Computer Name = CHRIS-D43E51E89 | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%2

Error - 03/01/2011 23:35:49 | Computer Name = CHRIS-D43E51E89 | Source = Service Control Manager | ID = 7024
Description = The AVG WatchDog service terminated with service-specific error 3758161981
(0xE001003D).

Error - 03/01/2011 23:35:49 | Computer Name = CHRIS-D43E51E89 | Source = Service Control Manager | ID = 7001
Description = The AVG E-mail Scanner service depends on the AVG WatchDog service
which failed to start because of the following error: %%1066


< End of report >

descriptionBearshare mediabar EmptyRe: Bearshare mediabar

more_horiz
WARNING these fixes are designed for this user only and may cause damage if run on any other machine.


Please download the OTM.exe by OldTimer.

Save it to your Desktop.
Please double-click OTM.exe to run it.
Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


Code:


:Processes
explorer.exe
:otl
FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.selectedEngine: "BearShare Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com/"
FF - prefs.js..keyword.URL: "http://search.bearshare.com/web?src=ffb&systemid=2&q="
:folder
:Files
:reg
:services
:Commands
[clearallrestorepoints]
[createrestorepoint]
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]


Return to OTM.exe, right click in the "Paste Instructions for Items to be Moved" window (under the light yellow bar) and choose Paste.
Click the red Moveit! button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

----------------------------------------

Please download Malwarebytes' Anti-Malware from one of these places:

Majorgeeks or Besttechie


Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.Do so.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply.


descriptionBearshare mediabar EmptyRe: Bearshare mediabar

more_horiz
OTM log

All processes killed
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret <:otl> in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret ~[Filtered]~ in the current context!
Error: Unable to interpret <:folder> in the current context!
========== FILES ==========
========== REGISTRY ==========
========== SERVICES/DRIVERS ==========
========== COMMANDS ==========

Restore points cleared and new OTM Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Chris
->Temp folder emptied: 6095951 bytes
->Temporary Internet Files folder emptied: 157438088 bytes
->Java cache emptied: 427685 bytes
->FireFox cache emptied: 16307491 bytes
->Flash cache emptied: 5516 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2568008 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1129784 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 23196431 bytes

Total Files Cleaned = 200.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 01042011_193621

Files moved on Reboot...

Registry entries deleted on Reboot...

descriptionBearshare mediabar EmptyRe: Bearshare mediabar

more_horiz
Malwarebytes log


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5460

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

04/01/2011 19:47:12
mbam-log-2011-01-04 (19-47-12).txt

Scan type: Quick scan
Objects scanned: 129102
Time elapsed: 1 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionBearshare mediabar EmptyRe: Bearshare mediabar

more_horiz
Ok.All done.Log looks good!



Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.


Please download OTC to your desktop.


Double-click OTC to run it. (Vista users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.


Here are some tips to reduce the potential for malware infection in the future; I strongly suggest that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again

Afterwork

Malware Prevention

How Did I Get Infected

More Tips on Prevention
.


=============================




Last edited by Pancake on 4th January 2011, 9:44 pm; edited 1 time in total

descriptionBearshare mediabar EmptyRe: Bearshare mediabar

more_horiz
Before I do that, I have to mention that the bearshare stiil has my Firefox homepage.......Is there something else buried thats revitalising itself?

descriptionBearshare mediabar EmptyRe: Bearshare mediabar

more_horiz
I dont use FireFox myself so all I can suggest is that you uninstall and reinstall a fresh copy.

descriptionBearshare mediabar EmptyRe: Bearshare mediabar

more_horiz
Still have bearshre hogging the firefox browser, also keep getting an error msg, jusched has to close

AppName: jusched.exe AppVer: 2.0.2.4 ModName: user32.dll
ModVer: 5.1.2600.3099 Offset: 0001e69c

I have run the cleanup tool as suggested.

descriptionBearshare mediabar EmptyRe: Bearshare mediabar

more_horiz
I have just uninstalled firefox and downloaded and installed the latest version and it has immediately been taken over by bearshare...........

descriptionBearshare mediabar EmptyRe: Bearshare mediabar

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum