Could You please take a look at these logs, and tell Me if I need to do anything else Please. I did run SAS a few times and avira. But untill I run mawarebytes, avira didn't show Yesterdays baddies ?.
........................
Malawarebytes log.
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.01.11.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
the boss :: FRONTROOM [administrator]
11/01/2014 21:57:11
mbam-log-2014-01-11 (21-57-11).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 343704
Time elapsed: 3 hour(s), 29 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 7
C:\System Volume Information\_restore{E9C43D59-A40F-4ACE-A02F-7357906EACB5}\RP1\A0000077.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E9C43D59-A40F-4ACE-A02F-7357906EACB5}\RP1\A0000079.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E9C43D59-A40F-4ACE-A02F-7357906EACB5}\RP1\A0000080.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E9C43D59-A40F-4ACE-A02F-7357906EACB5}\RP1\A0000081.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E9C43D59-A40F-4ACE-A02F-7357906EACB5}\RP1\A0000082.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E9C43D59-A40F-4ACE-A02F-7357906EACB5}\RP1\A0000103.dll (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E9C43D59-A40F-4ACE-A02F-7357906EACB5}\RP1\A0000104.exe (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
(end)
.......................
OTL logfile created on: 12/01/2014 02:44:32 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\the boss\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
989.48 Mb Total Physical Memory | 666.61 Mb Available Physical Memory | 67.37% Memory free
1.21 Gb Paging File | 0.75 Gb Available in Paging File | 61.96% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.11 Gb Total Space | 15.16 Gb Free Space | 45.78% Space Free | Partition Type: NTFS
Computer Name: FRONTROOM | User Name: the boss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\the boss\Desktop\OTL.scr (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe (Quanta Computer Inc.)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
PRC - C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation)
PRC - C:\Program Files\AVC Finger-sensing Pad Driver\FsCp.exe ()
PRC - C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe ()
PRC - C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG)
PRC - C:\Program Files\Ahead\InCD\incdsrv.exe (AHEAD Software)
PRC - C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Program Files\AVC Finger-sensing Pad Driver\FsCp.exe ()
MOD - C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe ()
MOD - C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
MOD - C:\Program Files\BroadJump\Client Foundation\TimerManager.DLL ()
MOD - C:\Program Files\BroadJump\Client Foundation\BJComSRCManager.DLL ()
MOD - C:\Program Files\BroadJump\Client Foundation\AppProperties.DLL ()
MOD - C:\Program Files\BroadJump\Client Foundation\Marshaller.dll ()
MOD - C:\Program Files\BroadJump\Client Foundation\BasicLoaderService.dll ()
MOD - C:\Program Files\BroadJump\Client Foundation\BJComRT.dll ()
MOD - C:\WINDOWS\system32\stlport_4_0_0_DDR.dll ()
========== Services (SafeList) ==========
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (FspadSvc) -- C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe ()
SRV - (InCDsrv) -- C:\Program Files\Ahead\InCD\incdsrv.exe (AHEAD Software)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (k750obex) -- system32\DRIVERS\k750obex.sys File not found
DRV - (k750mgmt) -- system32\DRIVERS\k750mgmt.sys File not found
DRV - (k750mdm) -- system32\DRIVERS\k750mdm.sys File not found
DRV - (k750mdfl) -- system32\DRIVERS\k750mdfl.sys File not found
DRV - (k750bus) -- system32\DRIVERS\k750bus.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\wayne\LOCALS~1\Temp\catchme.sys File not found
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (SISNICXP) -- C:\WINDOWS\system32\drivers\sisnicxp.sys (SiS Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (qkbfiltr) -- C:\WINDOWS\system32\drivers\qkbfiltr.sys (Quanta Computer, Inc.)
DRV - (fspad) -- C:\WINDOWS\system32\drivers\fspad.sys (Asia Vital Components Co.,Ltd.)
DRV - (qmofiltr) -- C:\WINDOWS\system32\drivers\qmofiltr.sys (Quanta Computer, Inc.)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (InCDrec) -- C:\WINDOWS\System32\drivers\incdrec.sys (Ahead Software AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\incdpass.sys (Ahead Software)
DRV - (InCDfs) -- C:\WINDOWS\System32\drivers\incdfs.sys ()
DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys (Logitech Inc.)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{1AB9E258-1622-499D-9B70-E06C8CCB79C6}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
IE - HKLM\..\SearchScopes\{6638B77B-D0DF-461F-9133-220D6020A463}: "URL" = http://images.search.yahoo.com/searc...erms}&fr=yie7c
IE - HKLM\..\SearchScopes\{9D9EFC7F-8E7D-4CF9-80C4-ECEB6B6FD37F}: "URL" = http://local.yahoo.com/results?stx={...erms}&fr=yie7c
IE - HKLM\..\SearchScopes\{BF1521BC-70FF-4303-9EC1-21ACA993D9BD}: "URL" = http://news.search.yahoo.com/search/...erms}&fr=yie7c
IE - HKLM\..\SearchScopes\{C60EBE12-0A1D-4B8B-82D6-5CFD294BE6C7}: "URL" = http://shopping.yahoo.com/search?p={...erms}&fr=yie7c
IE - HKLM\..\SearchScopes\{DBF4149D-43D5-4B05-A96F-6B51870D738F}: "URL" = http://video.yahoo.com/video/search?...erms}&fr=yie7c
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKCU\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?...ox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{25E0768B-6F96-40D2-9DA9-79C70260C4B8}: "URL" = http://news.search.yahoo.com/search/...erms}&fr=yie7c
IE - HKCU\..\SearchScopes\{5F73C9FE-755D-49CD-8C8B-034C82732AB3}: "URL" = http://local.yahoo.com/results?stx={...erms}&fr=yie7c
IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.google.com/search?q={sear...outputEncoding?}
IE - HKCU\..\SearchScopes\{A4002216-F71B-4F3E-854B-03A3FA149AB0}: "URL" = http://shopping.yahoo.com/search?p={...erms}&fr=yie7c
IE - HKCU\..\SearchScopes\{B909E871-1F49-4D21-AEB2-98823825B616}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
IE - HKCU\..\SearchScopes\{C02A4BE6-7476-4A95-B030-419A9F09FBEB}: "URL" = http://images.search.yahoo.com/searc...erms}&fr=yie7c
IE - HKCU\..\SearchScopes\{CC0D0CF2-665C-4255-BE0C-1BBC2B661B79}: "URL" = http://answers.yahoo.com/search/sear...erms}&fr=yie7c
IE - HKCU\..\SearchScopes\{ED5D69C1-8340-438F-A1BD-75E72A38D2B0}: "URL" = http://video.yahoo.com/video/search?...erms}&fr=yie7c
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_90 0_170.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
[2013/12/10 20:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
========== Chrome ==========
CHR - homepage: http://start.mysearchdial.com/?f=1&a...=1916909073&ir=
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ }{google:originalQueryForSuggestion}{google:assist edQueryStats}{google:searchFieldtrialParameter}{go ogle:searchClient}{google:sourceId}{google:instant ExtendedEnabledParameter}{google:omniboxStartMargi nParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}client={google:suggestClient}&q={sea rchTerms}&{google:cursorPosition}{google:zeroPrefi xUrl}{google:pageClassification}sugkey={google:sug gestAPIKeyParameter},
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf\6.3_0\
CHR - Extension: WOT = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpb ikblnp\2.0.17_0\
CHR - Extension: WOT = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpb ikblnp\2.1.1_0\
CHR - Extension: YouTube = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddi lifddb\1.5.5_0\
CHR - Extension: Adblock Plus = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddi lifddb\1.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0\
O1 HOSTS File: ([2014/01/04 01:30:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [fscp] C:\Program Files\AVC Finger-sensing Pad Driver\FsCp.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG)
O4 - HKLM..\Run: [Keyboard Manager Utility] C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe (Quanta Computer Inc.)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by114fd.bay114.hotmail.msn.co...s/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/res...lscbase370.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1342012978515 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/Ms...Downloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pu...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://fdl.msn.com/public/chat/msnchat45.cab (MSN Chat Control 4.5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{543330AD-2D59-4599-BF95-E62FDE47BA3E}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/09 17:51:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9f0520da-38ca-11de-b516-00c09fe37f03}\Shell - "" = AutoRun
O33 - MountPoints2\{9f0520da-38ca-11de-b516-00c09fe37f03}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9f0520da-38ca-11de-b516-00c09fe37f03}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{f5e1c791-313e-11da-ab7c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{f5e1c791-313e-11da-ab7c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f5e1c791-313e-11da-ab7c-806d6172696f}\Shell\AutoRun\command - "" = D:\OEMBranding.exe
O33 - MountPoints2\Z\Shell - "" = AutoRun
O33 - MountPoints2\Z\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\Z\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^wayne^Start Menu^Programs^Startup^wkcalrem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe - (Microsoft® Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2014/01/11 23:24:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2014/01/11 23:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2014/01/11 21:32:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\the boss\Recent
[2014/01/11 21:13:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\Local Settings\Application Data\Meltytech
[2014/01/11 20:39:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\the boss\My Documents\picvids
[2014/01/11 20:33:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\the boss\My Documents\wayne music
[2014/01/11 20:13:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\to adust window up-dater (bits)
[2014/01/11 19:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\MOGS
[2014/01/11 19:14:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\the boss\My Documents\my pictures 1
[2014/01/11 19:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\My Playlists
[2014/01/11 15:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\2013-10-18, Grace
[2014/01/11 15:05:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\2010 me
[2014/01/11 15:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\History
[2014/01/11 13:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\waynemorris112183024717
[2014/01/11 13:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\dogs2
[2014/01/11 13:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\pdf files
[2014/01/11 12:52:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\the boss\Desktop\OTL.scr
[2014/01/10 00:16:18 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014/01/09 21:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\Application Data\DigitalSites
[2014/01/05 12:24:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/01/04 19:10:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2014/01/04 01:35:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2014/01/04 01:13:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/01/04 01:05:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014/01/02 13:34:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/01/02 11:05:49 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/02 00:05:51 | 000,000,000 | ---D | C] -- C:\FRST
[2013/12/17 16:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\Application Data\SUPERAntiSpyware.com
[2013/12/15 23:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\Application Data\Avira
[2013/12/14 23:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/12/14 23:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2013/12/14 23:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/12/13 03:25:04 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Repair
[2013/12/13 03:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2013/12/13 03:12:19 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2013/12/13 03:12:08 | 000,135,648 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013/12/13 03:12:08 | 000,090,400 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013/12/13 03:12:08 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013/12/13 03:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013/12/13 03:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
========== Files - Modified Within 30 Days ==========
[2014/01/12 02:16:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/12 02:12:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/11 20:17:08 | 000,000,292 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\to adjust window auto up-dates.rtf
[2014/01/11 20:15:32 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\the boss\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/11 13:54:50 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2014/01/11 12:52:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\the boss\Desktop\OTL.scr
[2014/01/09 21:01:12 | 000,000,005 | ---- | M] () -- C:\Documents and Settings\the boss\Application Data\WBPU-TTL.DAT
[2014/01/09 21:01:11 | 000,000,106 | ---- | M] () -- C:\Documents and Settings\the boss\Application Data\WB.CFG
[2014/01/09 12:24:22 | 000,002,199 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\retired thoughts.rtf
[2014/01/04 01:30:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/01/04 01:13:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/12/26 20:29:04 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2013/12/22 12:46:18 | 001,028,034 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\firefox bookmarks.html
[2013/12/21 16:49:56 | 000,093,316 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\MPs that voted against food bank inquiry.rtf
[2013/12/18 02:19:12 | 000,001,313 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\penning oral % to be met.rtf
[2013/12/18 02:13:10 | 000,133,878 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\PIP oral hc911.rtf
[2013/12/16 12:22:16 | 000,000,325 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\find BITS in windows start and run.rtf
[2013/12/14 23:32:57 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/12/13 03:12:58 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2013/12/13 03:00:26 | 000,153,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2014/01/11 20:40:22 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\262.rtf
[2014/01/11 14:40:05 | 000,000,325 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\find BITS in windows start and run.rtf
[2014/01/11 14:39:47 | 005,742,396 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Macy Gray I Try.wma
[2014/01/11 14:39:28 | 003,174,852 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Hu_s_on_First.wmv
[2014/01/11 14:38:54 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\home swappers emails.rtf
[2014/01/11 14:38:20 | 000,007,117 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\how could you.rtf
[2014/01/11 14:37:06 | 001,028,034 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\firefox bookmarks.html
[2014/01/11 14:34:09 | 000,000,194 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\marxbrosvid.rtf
[2014/01/11 14:27:43 | 000,000,335 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\mine.rtf
[2014/01/11 14:27:18 | 000,006,373 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\cameron.rtf
[2014/01/11 14:27:18 | 000,001,981 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\CARE HOME PETITION.rtf
[2014/01/11 14:27:14 | 000,000,881 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\dads obituary.rtf
[2014/01/11 14:27:14 | 000,000,197 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\appeal video.rtf
[2014/01/11 14:25:24 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Kasperksky.rtf
[2014/01/11 14:21:17 | 000,011,709 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\IDS at autswitch.rtf
[2014/01/11 14:18:57 | 000,000,390 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Mcv.rtf
[2014/01/11 14:14:14 | 000,000,308 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\council tax.rtf
[2014/01/11 14:13:46 | 000,000,542 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\dads family.rtf
[2014/01/11 14:13:09 | 000,010,783 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\calums list1.rtf
[2014/01/11 14:13:09 | 000,006,067 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\calums list.rtf
[2014/01/11 14:13:09 | 000,004,680 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\calums list2.rtf
[2014/01/11 14:12:43 | 000,011,782 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Calum and peters list.rtf
[2014/01/11 14:12:03 | 000,011,867 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\blair.rtf
[2014/01/11 14:11:18 | 000,000,292 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\to adjust window auto up-dates.rtf
[2014/01/11 14:10:40 | 000,000,235 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\100 tory **** ups.rtf
[2014/01/11 14:08:59 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\mirosoft update fixer.rtf
[2014/01/11 14:07:06 | 000,093,316 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\MPs that voted against food bank inquiry.rtf
[2014/01/11 14:04:22 | 000,001,136 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\mums obituary.rtf
[2014/01/11 14:04:22 | 000,000,266 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Nelson passed away.rtf
[2014/01/11 14:03:54 | 000,071,914 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\parliament.rtf
[2014/01/11 14:03:54 | 000,037,033 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\paedos.rtf
[2014/01/11 14:03:01 | 000,031,278 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\petes list.rtf
[2014/01/11 13:54:50 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2014/01/11 13:31:15 | 000,000,341 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\New Playlist.wpl
[2014/01/11 13:30:07 | 000,005,159 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Now Playing.wpl
[2014/01/11 13:30:07 | 000,001,963 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\HIS.wpl
[2014/01/11 13:30:07 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\mine.wpl
[2014/01/11 13:30:07 | 000,000,346 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Untitled Playlist.wpl
[2014/01/11 13:14:37 | 000,069,897 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\0539c9a8-ed62-4af3-b0ff-f9b107d151cc_zpsec3eaa2f.jpg
[2014/01/09 21:01:12 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\the boss\Application Data\WBPU-TTL.DAT
[2014/01/09 21:01:07 | 000,000,106 | ---- | C] () -- C:\Documents and Settings\the boss\Application Data\WB.CFG
[2014/01/09 13:31:27 | 000,006,008 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\the Mccann case.rtf
[2014/01/09 12:24:22 | 000,002,199 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\retired thoughts.rtf
[2014/01/04 01:13:34 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2014/01/04 01:13:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/12/26 20:29:03 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2013/12/18 02:19:12 | 000,001,313 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\penning oral % to be met.rtf
[2013/12/18 02:13:10 | 000,133,878 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\PIP oral hc911.rtf
[2013/12/14 23:32:57 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/12/13 03:12:58 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012/09/27 10:01:09 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\the boss\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/15 10:51:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/12/23 22:10:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\the boss\Application Data\wklnhst.dat
[2006/12/14 08:05:35 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
========== ZeroAccess Check ==========
[2005/09/09 17:56:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 00:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/10/27 14:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2007/07/11 23:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
[2007/07/12 20:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2013/03/01 23:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2006/04/08 12:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\*******
[2008/10/30 16:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2014/01/11 10:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2014/01/09 21:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\DigitalSites
[2012/05/24 13:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\ElevatedDiagnostics
[2010/12/12 00:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\Opera
[2012/05/02 20:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\Oracle
[2005/09/09 21:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\SampleView
[2014/01/09 11:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\SumatraPDF
[2012/09/11 09:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\Template
[2009/12/29 05:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\Windows Live Writer
========== Purity Check ==========
========== Custom Scans ==========
========== Drive Information ==========
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: FUJITSU MHT2040AT
Partitions: 2
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 33.00GB
Starting Offset: 4449876480
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 4.00GB
Starting Offset: 32256
Hidden sectors: 0
< %SYSTEMDRIVE%\*.* >
[2005/09/09 17:51:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/04/16 15:47:34 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2014/01/04 01:13:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2006/12/12 21:24:45 | 000,033,553 | ---- | M] () -- C:\caavsetupLog.txt
[2006/12/13 01:44:30 | 000,015,012 | ---- | M] () -- C:\caisslog.txt
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2014/01/04 01:35:38 | 000,010,929 | ---- | M] () -- C:\ComboFix.txt
[2005/09/09 17:51:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/09/09 17:51:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/02/05 23:05:52 | 000,001,647 | -H-- | M] () -- C:\IPH.PH
[2005/09/12 17:45:51 | 000,000,021 | ---- | M] () -- C:\LOCAL
[2010/05/02 12:50:14 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2005/09/12 17:45:51 | 000,000,021 | ---- | M] () -- C:\MINI
[2005/09/09 17:51:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/23 11:27:08 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2014/01/12 02:11:35 | 352,321,536 | -HS- | M] () -- C:\pagefile.sys
[2009/03/27 22:27:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/03/28 13:08:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/03/28 14:37:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/03/29 16:37:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/05/14 17:45:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/05/15 21:10:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/05/21 02:36:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/05/24 10:40:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/05/24 10:42:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/06/02 00:07:44 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/06/02 23:04:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/06/03 00:10:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/06/15 03:54:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/03/27 22:27:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/03/28 13:08:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/03/28 14:37:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/03/29 16:37:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/05/14 17:45:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/05/15 21:10:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/05/21 02:36:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/05/24 10:40:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/05/24 10:42:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/06/02 00:07:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/06/02 23:04:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/06/03 00:10:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/06/15 03:54:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpi pelineprintproc.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\system32\*.exe /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2005/09/09 10:43:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/09/09 10:43:42 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005/09/09 10:43:42 | 000,872,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %PROGRAMFILES%\* >
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -rb [2005/01/26 06:20:26 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -hb [2005/01/26 06:20:26 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -sb [2005/01/26 06:20:26 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\aol.exe\shell\open\command\\: C:\PROGRA~1\AOL9~1.0\aol.exe [2005/01/26 06:21:10 | 000,038,000 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/10/29 06:15:36 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/10/29 06:15:36 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/10/29 06:15:36 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe"
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -rb [2005/01/26 06:20:26 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -hb [2005/01/26 06:20:26 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -sb [2005/01/26 06:20:26 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\aol.exe\shell\open\command\\: C:\PROGRA~1\AOL9~1.0\aol.exe [2005/01/26 06:21:10 | 000,038,000 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/10/29 06:15:36 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/10/29 06:15:36 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/10/29 06:15:36 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe"
< >
[2005/09/09 17:38:39 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2005/09/09 17:54:19 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
========== Alternate Data Streams ==========
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
.............................
extra
OTL Extras logfile created on: 12/01/2014 02:44:32 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\the boss\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
989.48 Mb Total Physical Memory | 666.61 Mb Available Physical Memory | 67.37% Memory free
1.21 Gb Paging File | 0.75 Gb Available in Paging File | 61.96% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.11 Gb Total Space | 15.16 Gb Free Space | 45.78% Space Free | Partition Type: NTFS
Computer Name: FRONTROOM | User Name: the boss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res. dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res. dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Micros oft DirectPlay Voice Test -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{373B90E1-A28C-434C-92B6-7281AFA6115A}" = WOT for Internet Explorer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{55aab41f-5d5c-abdf-4568-baef7658