WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93085 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

spotify problem

Started by fixer-man_nick , Apr 01 2011 05:38 PM

This topic is locked

16 replies to this topic

#1 fixer-man_nick

Authentic Member

Authentic Member
29 posts

Posted 01 April 2011 - 05:38 PM

I am one of the many people affected by this problem. I hope you can help me. The only issues I have are with spotify I cannot use it or remove it without the computer freezing. If I try to remove spotify Avast prompts to use the 'sandbox' (I don't know what that means). It suggests that the files listed below are infected.

c:\program files\spotify\uninstall.exe

c:\windows\system32\rundll32.exe

Any help would be much appreciated.

Nick

OTL logfile created on: 02/04/2011 00:06:29 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Nicholas\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

447.00 Mb Total Physical Memory | 222.00 Mb Available Physical Memory | 50.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 82.38 Gb Free Space | 71.96% Space Free | Partition Type: NTFS

Computer Name: PERSONAL-E765D1 | User Name: Nicholas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Nicholas\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
PRC - C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe (Entriq, Inc.)
PRC - C:\Program Files\Entriq\MediaSphere\3.8.2.9\EntriqMediaServer.exe (Entriq, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I091.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
PRC - C:\WINDOWS\system32\VTTrayp.exe (S3 Graphics Co., Ltd.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10MT1.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe (THOMSON Telecom Belgium)
PRC - C:\Program Files\Iomega\AutoDisk\ADService.exe (Iomega Corporation)
PRC - C:\Program Files\Iomega\AutoDisk\ADUserMon.exe (Iomega Corporation)
PRC - C:\Program Files\Iomega\DriveIcons\Imgicon.exe (Iomega)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Nicholas\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)
MOD - C:\Program Files\Iomega\DriveIcons\Imghook.dll (Iomega Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Iomega Activity Disk2) -- File not found
SRV - (HidServ) -- File not found
SRV - (CarboniteService) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ASKService) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
SRV - (KService) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (Iomega App Services) -- C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)
SRV - (_IOMEGA_ACTIVE_DISK_SERVICE_) -- C:\Program Files\Iomega\AutoDisk\ADService.exe (Iomega Corporation)

========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ppa3) -- C:\WINDOWS\system32\DRIVERS\ppa3.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (Intels51) Intel® -- C:\WINDOWS\system32\drivers\IntelS51.sys (Intel Corporation)
DRV - (iomdisk) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys (Iomega Corporation)
DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)
DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Ask"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: firetorrent@radicalsoft.com:2.0.3
FF - prefs.js..extensions.enabledItems: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..keyword.URL: "http://uk.yhs.search...2-tb-web_uk&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/02/07 12:08:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/02/23 19:08:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 19:59:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 19:59:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/20 01:46:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/03/23 12:33:33 | 000,000,000 | ---D | M]

[2010/10/31 14:33:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Extensions
[2010/10/31 14:33:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/04/01 16:25:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions
[2011/03/31 12:33:50 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/27 10:49:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/12 19:47:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/02 22:13:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/31 12:33:58 | 000,000,000 | ---D | M] (ZoneAlarm Community Toolbar) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
[2010/12/04 18:34:35 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2006/12/24 14:42:21 | 000,000,000 | ---D | M] (fraudeliminator) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{AEA25BF2-82A7-481c-9E0C-2639C802D17A}
[2009/02/08 22:38:59 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010/08/26 00:36:05 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/03/26 14:24:09 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/12/11 21:52:30 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/08/25 23:20:52 | 000,000,000 | ---D | M] (FireTorrent) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\firetorrent@radicalsoft.com
[2010/06/11 18:32:42 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\searchplugins\ask.uk.xml
[2011/04/01 16:25:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/08 21:59:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/28 22:39:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/07 20:15:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/02 00:52:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/23 19:08:44 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2011/02/07 12:08:22 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
[2010/05/08 21:58:59 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2005/06/01 23:26:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\FEMozMod.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/12/14 19:47:20 | 000,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll
[2011/03/09 15:16:03 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/03/09 15:16:03 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/03/09 15:16:03 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/09 15:16:03 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/06/19 20:56:16 | 000,000,698 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)
O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (FraudEliminator) - {A5181F8A-0B9D-43AC-8BE5-EB61651DB685} - C:\Program Files\FraudEliminator\2.3.4\FETB.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe (Iomega Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe (Iomega)
O4 - HKLM..\Run: [EPSON Stylus C48 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [five Media Manager Tray] C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe (Entriq, Inc.)
O4 - HKLM..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\Imgicon.exe (Iomega)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - Startup: C:\Documents and Settings\Nicholas\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([support] https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {46431044-1B22-4EF3-B333-863AAF310153} http://download.five...ive_3_4_0_8.cab (five Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1231005245375 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} http://download.five...0_10_Silent.cab (MediaControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://remote.brita...perSetupSP1.cab (JuniperSetupSP1 Control)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/25 09:49:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (65878755301654528)

========== Files/Folders - Created Within 30 Days ==========

[2011/03/13 21:49:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/03/04 00:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/03/04 00:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/04 00:45:15 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[1 C:\Documents and Settings\Nicholas\*.tmp files -> C:\Documents and Settings\Nicholas\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/01 23:07:22 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/01 23:05:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/31 22:45:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/28 10:47:47 | 000,453,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/28 10:47:46 | 000,074,794 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/17 23:41:33 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/09 00:37:01 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\Documents and Settings\Nicholas\*.tmp files -> C:\Documents and Settings\Nicholas\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/04 00:53:47 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/12/26 21:09:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/12/26 02:19:36 | 000,048,316 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/04/19 20:29:42 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2008/09/06 15:22:03 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\eappcfg.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/09 13:25:11 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/23 19:34:13 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/03/04 19:51:23 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/02/15 13:34:49 | 000,096,249 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006/02/15 13:34:49 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006/02/15 13:34:49 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2006/02/15 13:34:49 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2006/02/15 13:34:49 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2006/02/15 13:34:49 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2006/02/15 13:34:49 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2006/02/15 13:34:49 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2006/02/15 13:34:49 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2006/02/15 13:34:49 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2006/02/15 13:34:49 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2006/02/15 13:34:49 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2006/02/15 13:34:49 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2006/02/15 13:34:49 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2006/02/15 13:34:49 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2006/02/15 13:34:49 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2006/02/15 13:34:49 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/02/15 13:32:55 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE C48EU.ini
[2005/12/25 16:05:21 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\Rtusd.dll
[2005/12/25 16:05:21 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\RTUSD.INI
[2005/12/25 16:05:20 | 000,290,816 | ---- | C] () -- C:\WINDOWS\Carmctrl.dll
[2005/12/17 23:36:15 | 000,000,073 | ---- | C] () -- C:\WINDOWS\hdkctnts.ini
[2005/09/14 17:52:04 | 000,000,081 | ---- | C] () -- C:\WINDOWS\Q-PLUS.INI
[2005/07/11 14:46:35 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2005/07/11 12:59:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/07/11 12:59:37 | 000,099,970 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/07/11 12:59:09 | 000,007,724 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/06/25 19:24:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinInit.ini.backup
[2005/06/25 17:15:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/25 15:32:41 | 000,005,606 | R--- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/06/25 10:38:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/06/25 10:37:40 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/06/25 10:13:38 | 000,000,356 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/06/25 09:57:39 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2005/06/25 09:57:33 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2005/06/25 09:57:32 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2005/06/25 09:57:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2005/06/25 09:57:26 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2005/06/25 09:57:26 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2005/06/25 09:57:26 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2005/06/25 09:56:47 | 000,003,541 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2005/06/25 09:56:46 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005/06/25 09:51:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/06/25 09:46:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,453,828 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,074,794 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/06/15 18:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/24 02:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/09/08 00:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2007/01/24 00:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Documents
[2008/08/03 14:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Entriq
[2010/06/11 18:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2010/04/03 08:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/12/18 15:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2007/09/21 21:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2006/02/15 13:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009/03/13 00:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/09 01:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 16:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/10 00:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/06/05 22:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Active Disk
[2010/07/02 18:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\CheckPoint
[2010/07/24 21:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2006/02/15 13:48:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\EPSON
[2010/04/03 03:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\GARMIN
[2010/07/04 22:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Haihaisoft
[2010/07/04 22:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Haihaisoft Universal Player
[2010/08/24 17:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Juniper Networks
[2010/08/21 16:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Opera
[2010/06/11 18:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Radical Software Ltd
[2011/02/27 22:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Spotify
[2010/10/31 14:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Thunderbird
[2010/05/20 20:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Uniblue
[2010/05/24 01:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Windows Desktop Search
[2010/05/21 11:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Windows Search

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2005/06/25 09:49:09 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/06/25 09:43:25 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/06/13 22:42:29 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2005/06/25 09:49:09 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/06/25 09:49:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/06/25 09:49:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/06 21:27:47 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/04/01 23:05:12 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/06/25 09:48:38 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
[2001/07/26 10:23:32 | 000,134,928 | ---- | M] (Xerox) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\XCP2JPS.DLL

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/02/23 16:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/06/25 10:36:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/06/25 10:36:48 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/06/25 10:36:48 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/06 21:37:04 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/06/11 23:40:50 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Nicholas\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/06/25 09:54:47 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Nicholas\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2008/01/30 14:31:48 | 004,310,568 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\WebUpdater_241.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-24 21:02:01

< End of report >

OTL logfile created on: 02/04/2011 00:06:29 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Nicholas\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

447.00 Mb Total Physical Memory | 222.00 Mb Available Physical Memory | 50.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 82.38 Gb Free Space | 71.96% Space Free | Partition Type: NTFS

Computer Name: PERSONAL-E765D1 | User Name: Nicholas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Nicholas\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
PRC - C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe (Entriq, Inc.)
PRC - C:\Program Files\Entriq\MediaSphere\3.8.2.9\EntriqMediaServer.exe (Entriq, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I091.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
PRC - C:\WINDOWS\system32\VTTrayp.exe (S3 Graphics Co., Ltd.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10MT1.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe (THOMSON Telecom Belgium)
PRC - C:\Program Files\Iomega\AutoDisk\ADService.exe (Iomega Corporation)
PRC - C:\Program Files\Iomega\AutoDisk\ADUserMon.exe (Iomega Corporation)
PRC - C:\Program Files\Iomega\DriveIcons\Imgicon.exe (Iomega)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Nicholas\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)
MOD - C:\Program Files\Iomega\DriveIcons\Imghook.dll (Iomega Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Iomega Activity Disk2) -- File not found
SRV - (HidServ) -- File not found
SRV - (CarboniteService) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ASKService) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
SRV - (KService) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (Iomega App Services) -- C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)
SRV - (_IOMEGA_ACTIVE_DISK_SERVICE_) -- C:\Program Files\Iomega\AutoDisk\ADService.exe (Iomega Corporation)

========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ppa3) -- C:\WINDOWS\system32\DRIVERS\ppa3.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (Intels51) Intel® -- C:\WINDOWS\system32\drivers\IntelS51.sys (Intel Corporation)
DRV - (iomdisk) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys (Iomega Corporation)
DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)
DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Ask"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: firetorrent@radicalsoft.com:2.0.3
FF - prefs.js..extensions.enabledItems: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..keyword.URL: "http://uk.yhs.search...2-tb-web_uk&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/02/07 12:08:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/02/23 19:08:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 19:59:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 19:59:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/20 01:46:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/03/23 12:33:33 | 000,000,000 | ---D | M]

[2010/10/31 14:33:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Extensions
[2010/10/31 14:33:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/04/01 16:25:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions
[2011/03/31 12:33:50 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/27 10:49:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/12 19:47:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/02 22:13:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/31 12:33:58 | 000,000,000 | ---D | M] (ZoneAlarm Community Toolbar) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
[2010/12/04 18:34:35 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2006/12/24 14:42:21 | 000,000,000 | ---D | M] (fraudeliminator) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{AEA25BF2-82A7-481c-9E0C-2639C802D17A}
[2009/02/08 22:38:59 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010/08/26 00:36:05 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/03/26 14:24:09 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/12/11 21:52:30 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/08/25 23:20:52 | 000,000,000 | ---D | M] (FireTorrent) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\firetorrent@radicalsoft.com
[2010/06/11 18:32:42 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\searchplugins\ask.uk.xml
[2011/04/01 16:25:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/08 21:59:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/28 22:39:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/07 20:15:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/02 00:52:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/23 19:08:44 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2011/02/07 12:08:22 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
[2010/05/08 21:58:59 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2005/06/01 23:26:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\FEMozMod.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/12/14 19:47:20 | 000,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll
[2011/03/09 15:16:03 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/03/09 15:16:03 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/03/09 15:16:03 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/09 15:16:03 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/06/19 20:56:16 | 000,000,698 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)
O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (FraudEliminator) - {A5181F8A-0B9D-43AC-8BE5-EB61651DB685} - C:\Program Files\FraudEliminator\2.3.4\FETB.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe (Iomega Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe (Iomega)
O4 - HKLM..\Run: [EPSON Stylus C48 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [five Media Manager Tray] C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe (Entriq, Inc.)
O4 - HKLM..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\Imgicon.exe (Iomega)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - Startup: C:\Documents and Settings\Nicholas\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([support] https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {46431044-1B22-4EF3-B333-863AAF310153} http://download.five...ive_3_4_0_8.cab (five Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1231005245375 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} http://download.five...0_10_Silent.cab (MediaControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://remote.brita...perSetupSP1.cab (JuniperSetupSP1 Control)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/25 09:49:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (65878755301654528)

========== Files/Folders - Created Within 30 Days ==========

[2011/03/13 21:49:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/03/04 00:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/03/04 00:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/04 00:45:15 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[1 C:\Documents and Settings\Nicholas\*.tmp files -> C:\Documents and Settings\Nicholas\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/01 23:07:22 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/01 23:05:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/31 22:45:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/28 10:47:47 | 000,453,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/28 10:47:46 | 000,074,794 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/17 23:41:33 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/09 00:37:01 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\Documents and Settings\Nicholas\*.tmp files -> C:\Documents and Settings\Nicholas\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/04 00:53:47 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/12/26 21:09:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/12/26 02:19:36 | 000,048,316 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/04/19 20:29:42 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2008/09/06 15:22:03 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\eappcfg.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/09 13:25:11 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/23 19:34:13 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/03/04 19:51:23 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/02/15 13:34:49 | 000,096,249 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006/02/15 13:34:49 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006/02/15 13:34:49 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2006/02/15 13:34:49 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2006/02/15 13:34:49 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2006/02/15 13:34:49 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2006/02/15 13:34:49 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2006/02/15 13:34:49 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2006/02/15 13:34:49 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2006/02/15 13:34:49 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2006/02/15 13:34:49 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2006/02/15 13:34:49 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2006/02/15 13:34:49 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2006/02/15 13:34:49 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2006/02/15 13:34:49 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2006/02/15 13:34:49 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2006/02/15 13:34:49 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/02/15 13:32:55 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE C48EU.ini
[2005/12/25 16:05:21 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\Rtusd.dll
[2005/12/25 16:05:21 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\RTUSD.INI
[2005/12/25 16:05:20 | 000,290,816 | ---- | C] () -- C:\WINDOWS\Carmctrl.dll
[2005/12/17 23:36:15 | 000,000,073 | ---- | C] () -- C:\WINDOWS\hdkctnts.ini
[2005/09/14 17:52:04 | 000,000,081 | ---- | C] () -- C:\WINDOWS\Q-PLUS.INI
[2005/07/11 14:46:35 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2005/07/11 12:59:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/07/11 12:59:37 | 000,099,970 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/07/11 12:59:09 | 000,007,724 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/06/25 19:24:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinInit.ini.backup
[2005/06/25 17:15:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/25 15:32:41 | 000,005,606 | R--- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/06/25 10:38:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/06/25 10:37:40 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/06/25 10:13:38 | 000,000,356 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/06/25 09:57:39 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2005/06/25 09:57:33 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2005/06/25 09:57:32 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2005/06/25 09:57:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2005/06/25 09:57:26 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2005/06/25 09:57:26 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2005/06/25 09:57:26 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2005/06/25 09:56:47 | 000,003,541 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2005/06/25 09:56:46 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005/06/25 09:51:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/06/25 09:46:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,453,828 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,074,794 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/06/15 18:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/24 02:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/09/08 00:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2007/01/24 00:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Documents
[2008/08/03 14:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Entriq
[2010/06/11 18:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2010/04/03 08:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/12/18 15:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2007/09/21 21:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2006/02/15 13:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009/03/13 00:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/09 01:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 16:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/10 00:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/06/05 22:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Active Disk
[2010/07/02 18:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\CheckPoint
[2010/07/24 21:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2006/02/15 13:48:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\EPSON
[2010/04/03 03:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\GARMIN
[2010/07/04 22:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Haihaisoft
[2010/07/04 22:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Haihaisoft Universal Player
[2010/08/24 17:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Juniper Networks
[2010/08/21 16:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Opera
[2010/06/11 18:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Radical Software Ltd
[2011/02/27 22:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Spotify
[2010/10/31 14:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Thunderbird
[2010/05/20 20:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Uniblue
[2010/05/24 01:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Windows Desktop Search
[2010/05/21 11:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Windows Search

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2005/06/25 09:49:09 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/06/25 09:43:25 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/06/13 22:42:29 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2005/06/25 09:49:09 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/06/25 09:49:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/06/25 09:49:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/06 21:27:47 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/04/01 23:05:12 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/06/25 09:48:38 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
[2001/07/26 10:23:32 | 000,134,928 | ---- | M] (Xerox) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\XCP2JPS.DLL

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/02/23 16:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/06/25 10:36:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/06/25 10:36:48 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/06/25 10:36:48 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/06 21:37:04 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/06/11 23:40:50 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Nicholas\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/06/25 09:54:47 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Nicholas\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2008/01/30 14:31:48 | 004,310,568 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\WebUpdater_241.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-24 21:02:01

< End of report >

Advertisements

Register to Remove

#2 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 04 April 2011 - 06:50 PM

Hi fixer-man_nick,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

You accidentaly posted the same log twice. I'd like to see the extra.txt report.

Please run a scan with OTL again. It is not necessary to add anything in the custom scan box... but be sure to click All in the Extra Registry box. Then just click on Run Scan and it should produce two .txt files. Please post both.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#3 fixer-man_nick

Authentic Member

Authentic Member
29 posts

Posted 05 April 2011 - 06:28 PM

Hi Tomk

Thanks for your offer of help. Sorry about the mistake with the logs previously. I have re-scanned as per your instructions and I hope have posted them correctly this time.

Nick

OTL logfile created on: 06/04/2011 00:02:31 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Nicholas\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

447.00 Mb Total Physical Memory | 113.00 Mb Available Physical Memory | 25.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 81.62 Gb Free Space | 71.29% Space Free | Partition Type: NTFS

Computer Name: PERSONAL-E765D1 | User Name: Nicholas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Nicholas\My Documents\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
PRC - C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe (Entriq, Inc.)
PRC - C:\Program Files\Entriq\MediaSphere\3.8.2.9\EntriqMediaServer.exe (Entriq, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I091.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
PRC - C:\WINDOWS\system32\VTTrayp.exe (S3 Graphics Co., Ltd.)
PRC - C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe (THOMSON Telecom Belgium)
PRC - C:\Program Files\Iomega\AutoDisk\ADService.exe (Iomega Corporation)
PRC - C:\Program Files\Iomega\AutoDisk\ADUserMon.exe (Iomega Corporation)
PRC - C:\Program Files\Iomega\DriveIcons\Imgicon.exe (Iomega)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Nicholas\My Documents\Downloads\OTL(1).exe (OldTimer Tools)
MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)
MOD - C:\Program Files\Iomega\DriveIcons\Imghook.dll (Iomega Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Iomega Activity Disk2) -- File not found
SRV - (HidServ) -- File not found
SRV - (CarboniteService) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ASKService) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
SRV - (KService) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (Iomega App Services) -- C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)
SRV - (_IOMEGA_ACTIVE_DISK_SERVICE_) -- C:\Program Files\Iomega\AutoDisk\ADService.exe (Iomega Corporation)

========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ppa3) -- C:\WINDOWS\system32\DRIVERS\ppa3.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (Intels51) Intel® -- C:\WINDOWS\system32\drivers\IntelS51.sys (Intel Corporation)
DRV - (iomdisk) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys (Iomega Corporation)
DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)
DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Ask"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: firetorrent@radicalsoft.com:2.0.3
FF - prefs.js..extensions.enabledItems: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..keyword.URL: "http://uk.yhs.search...2-tb-web_uk&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/02/07 12:08:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/02/23 19:08:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/02 15:12:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/02 15:12:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/20 01:46:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/03/23 12:33:33 | 000,000,000 | ---D | M]

[2010/10/31 14:33:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Extensions
[2010/10/31 14:33:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/04/02 15:19:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions
[2011/03/31 12:33:50 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/27 10:49:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/12 19:47:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/04/02 15:19:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/31 12:33:58 | 000,000,000 | ---D | M] (ZoneAlarm Community Toolbar) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
[2006/12/24 14:42:21 | 000,000,000 | ---D | M] (fraudeliminator) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{AEA25BF2-82A7-481c-9E0C-2639C802D17A}
[2009/02/08 22:38:59 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/03/26 14:24:09 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/12/11 21:52:30 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/08/25 23:20:52 | 000,000,000 | ---D | M] (FireTorrent) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\firetorrent@radicalsoft.com
[2011/04/02 15:13:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\nostmp
[2010/06/11 18:32:42 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\searchplugins\ask.uk.xml
[2011/04/01 16:25:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/08 21:59:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/28 22:39:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/07 20:15:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/02 00:52:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\NICHOLAS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\S69WCYU0.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2011/02/23 19:08:44 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2010/05/08 21:58:59 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/02 15:12:29 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2005/06/01 23:26:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\FEMozMod.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/12/14 19:47:20 | 000,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll
[2011/04/02 15:12:35 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/04/02 15:12:35 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/04/02 15:12:35 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/04/02 15:12:35 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/04/02 15:12:35 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/06/19 20:56:16 | 000,000,698 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)
O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (FraudEliminator) - {A5181F8A-0B9D-43AC-8BE5-EB61651DB685} - C:\Program Files\FraudEliminator\2.3.4\FETB.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe (Iomega Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe (Iomega)
O4 - HKLM..\Run: [EPSON Stylus C48 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [five Media Manager Tray] C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe (Entriq, Inc.)
O4 - HKLM..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\Imgicon.exe (Iomega)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - Startup: C:\Documents and Settings\Nicholas\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([support] https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {46431044-1B22-4EF3-B333-863AAF310153} http://download.five...ive_3_4_0_8.cab (five Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1231005245375 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} http://download.five...0_10_Silent.cab (MediaControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://remote.brita...perSetupSP1.cab (JuniperSetupSP1 Control)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/25 09:49:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/13 21:49:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[1 C:\Documents and Settings\Nicholas\*.tmp files -> C:\Documents and Settings\Nicholas\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/05 08:19:28 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/05 08:17:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/03 11:19:58 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/31 22:45:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/28 10:47:47 | 000,453,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/28 10:47:46 | 000,074,794 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/17 23:41:33 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/09 00:37:01 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\Documents and Settings\Nicholas\*.tmp files -> C:\Documents and Settings\Nicholas\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/02 15:12:57 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2009/12/26 21:09:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/12/26 02:19:36 | 000,048,316 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/04/19 20:29:42 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2008/09/06 15:22:03 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\eappcfg.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/09 13:25:11 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/23 19:34:13 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/03/04 19:51:23 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/02/15 13:34:49 | 000,096,249 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006/02/15 13:34:49 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006/02/15 13:34:49 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2006/02/15 13:34:49 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2006/02/15 13:34:49 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2006/02/15 13:34:49 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2006/02/15 13:34:49 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2006/02/15 13:34:49 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2006/02/15 13:34:49 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2006/02/15 13:34:49 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2006/02/15 13:34:49 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2006/02/15 13:34:49 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2006/02/15 13:34:49 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2006/02/15 13:34:49 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2006/02/15 13:34:49 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2006/02/15 13:34:49 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2006/02/15 13:34:49 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/02/15 13:32:55 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE C48EU.ini
[2005/12/25 16:05:21 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\Rtusd.dll
[2005/12/25 16:05:21 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\RTUSD.INI
[2005/12/25 16:05:20 | 000,290,816 | ---- | C] () -- C:\WINDOWS\Carmctrl.dll
[2005/12/17 23:36:15 | 000,000,073 | ---- | C] () -- C:\WINDOWS\hdkctnts.ini
[2005/09/14 17:52:04 | 000,000,081 | ---- | C] () -- C:\WINDOWS\Q-PLUS.INI
[2005/07/11 14:46:35 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2005/07/11 12:59:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/07/11 12:59:37 | 000,099,970 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/07/11 12:59:09 | 000,007,724 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/06/25 19:24:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinInit.ini.backup
[2005/06/25 17:15:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/25 15:32:41 | 000,005,606 | R--- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/06/25 10:38:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/06/25 10:37:40 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/06/25 10:13:38 | 000,000,356 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/06/25 09:57:39 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2005/06/25 09:57:33 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2005/06/25 09:57:32 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2005/06/25 09:57:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2005/06/25 09:57:26 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2005/06/25 09:57:26 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2005/06/25 09:57:26 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2005/06/25 09:56:47 | 000,003,541 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2005/06/25 09:56:46 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005/06/25 09:51:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/06/25 09:46:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,453,828 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,074,794 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >

OTL Extras logfile created on: 06/04/2011 00:02:31 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Nicholas\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

447.00 Mb Total Physical Memory | 113.00 Mb Available Physical Memory | 25.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 81.62 Gb Free Space | 71.29% Space Free | Partition Type: NTFS

Computer Name: PERSONAL-E765D1 | User Name: Nicholas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- (Kontiki Inc.)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200B415D-7CC6-4818-8624-9E43EDF19D9C}" = Garmin City Navigator Europe NT v9
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 23
"{27F650A9-6FAB-41C8-8621-92FF0118B0C4}" = EPSON Easy Photo Print
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B43252C-A1E3-4C47-927C-9F2C276D3515}" = S3GSetup
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C859BBD-B524-4FD8-844D-B42D22671C00}" = Bridge Baron 15
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B7443F5-E141-42A0-AB61-ED2331AAD606}" = 4oD
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1FFCAB6-9950-48D4-9525-99295D3BAE37}" = FraudEliminator 2.3.4
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D22F5242-773E-4270-AB1F-492021BCABBE}" = Garmin City Navigator Europe NT 2010.31 Update
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"4oD" = 4oD
"Active Disk" = Active Disk
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Applian FLV Player2.0.24" = Applian FLV Player
"Ask Toolbar_is1" = ZoneAlarm Spy Blocker Toolbar
"avast" = avast! Free Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"C-Media Audio" = C-Media 3D Audio
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Counting_at_Bridge" = Counting at Bridge
"CSCLIB" = Canon Camera Support Core Library
"Demand Five Player_is1" = Demand Five Player
"Entriq MediaSphere_is1" = Uninstall Entriq MediaSphere
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"ESC48 User's Guide" = ESC48 User's Guide
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Intel® 536EP Modem" = Intel® 536EP Modem
"IomegaWare" = IomegaWare 4.0.2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 4.0 (x86 en-GB)" = Mozilla Firefox 4.0 (x86 en-GB)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Scan 1200c Driver" = Scan 1200c Driver
"ScoreBridge_is1" = ScoreBridge
"Spotify" = Spotify
"SSC Service Utility_is1" = SSC Service Utility v4.30
"VIA/S3G UniChrome Family Win2K/XP Display" = VIA/S3G Display Driver
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"VTTrayPlus" = S3 S3TrayPlus
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xerox DocuPrint C15-C11" = Xerox DocuPrint C15-C11
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/03/2011 12:16:51 | Computer Name = PERSONAL-E765D1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14361375

Error - 23/03/2011 18:53:58 | Computer Name = PERSONAL-E765D1 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 24/03/2011 05:42:25 | Computer Name = PERSONAL-E765D1 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\NICHOLAS\MY DOCUMENTS\NICK\SERVICES\ANGELA
ROBINSON(S).XLS> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)

Error - 30/03/2011 17:47:07 | Computer Name = PERSONAL-E765D1 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 02/04/2011 14:08:42 | Computer Name = PERSONAL-E765D1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 02/04/2011 14:08:42 | Computer Name = PERSONAL-E765D1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2062922

Error - 02/04/2011 14:08:42 | Computer Name = PERSONAL-E765D1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2062922

Error - 03/04/2011 16:14:19 | Computer Name = PERSONAL-E765D1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 03/04/2011 16:14:20 | Computer Name = PERSONAL-E765D1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8964078

Error - 03/04/2011 16:14:20 | Computer Name = PERSONAL-E765D1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8964078

[ System Events ]
Error - 05/04/2011 19:04:35 | Computer Name = PERSONAL-E765D1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 05/04/2011 19:04:37 | Computer Name = PERSONAL-E765D1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 05/04/2011 19:04:38 | Computer Name = PERSONAL-E765D1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 05/04/2011 19:04:39 | Computer Name = PERSONAL-E765D1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 05/04/2011 19:06:57 | Computer Name = PERSONAL-E765D1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 05/04/2011 19:06:59 | Computer Name = PERSONAL-E765D1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 05/04/2011 19:07:00 | Computer Name = PERSONAL-E765D1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 05/04/2011 19:07:02 | Computer Name = PERSONAL-E765D1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 05/04/2011 19:07:03 | Computer Name = PERSONAL-E765D1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 05/04/2011 19:07:04 | Computer Name = PERSONAL-E765D1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

< End of report >

#4 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 05 April 2011 - 06:40 PM

fixer-man_nick,

Spotify still appears in your uninstall list. What happens when you try to uninstall it?

You have a bad block on your D: drive.

Hold down the Windows key and then press R to open a runbox. In the box put Chkdsk D: /f and click on OK. Your computer will probably ask if you want to run Chkdsk the next time it boots. Agree to that, and then reboot your system and let chkdsk run.

Let me know how it goes as will as what happens when you try to uninstall spotify.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#5 fixer-man_nick

Authentic Member

Authentic Member
29 posts

Posted 06 April 2011 - 08:46 AM

Tomk Ran Chkdsk D: /f as asked but all that happened was a black window appeared for a fraction of a second (didn't have time to see if it had anything in it). I was not asked if I wanted to run chkdsk and nothing appeared when I rebooted the computer. When I try to uninstall Spotify the computer freezes. Nick

#6 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 06 April 2011 - 10:48 AM

fixer-man_nick,

Double click on OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :

:Processes

:OTL
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
[2011/03/13 21:49:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee

:Files
C:\Program Files\Spotify

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top

Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Reboot your computer

Please post the OTL log.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#7 fixer-man_nick

Authentic Member

Authentic Member
29 posts

Posted 06 April 2011 - 05:40 PM

Tomk The first time I tried to run OTL, Avast said it was infected. I deleted OTL and downloaded it again from this site. It worked from the freshly downloaded version and the log is below. Nick All processes killed ========== PROCESSES ========== ========== OTL ========== Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\Common\MsiExec folder moved successfully. C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\Common folder moved successfully. C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS folder moved successfully. C:\Documents and Settings\All Users\Application Data\McAfee folder moved successfully. ========== FILES ========== C:\Program Files\Spotify folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 2045592 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 1984760 bytes ->Temporary Internet Files folder emptied: 582082 bytes User: Nicholas ->Temp folder emptied: 8035580 bytes ->Temporary Internet Files folder emptied: 40462381 bytes ->Java cache emptied: 117233 bytes ->FireFox cache emptied: 55332797 bytes ->Apple Safari cache emptied: 0 bytes ->Opera cache emptied: 7285558 bytes ->Flash cache emptied: 2421 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2115443 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 204608 bytes Total Files Cleaned = 113.00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04062011_234955 Files\Folders moved on Reboot... C:\Documents and Settings\Nicholas\Local Settings\Temp\~DF3BD8.tmp moved successfully. C:\Documents and Settings\Nicholas\Local Settings\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\startupCache\startupCache.4.little moved successfully. File move failed. C:\Documents and Settings\Nicholas\Local Settings\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\Cache\_CACHE_001_ scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Nicholas\Local Settings\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\Cache\_CACHE_002_ scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Nicholas\Local Settings\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\Cache\_CACHE_003_ scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Nicholas\Local Settings\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\Cache\_CACHE_MAP_ scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Nicholas\Local Settings\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\urlclassifier3.sqlite scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Nicholas\Local Settings\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\XUL.mfl scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. C:\WINDOWS\temp\ZLT07e4a.TMP moved successfully. Registry entries deleted on Reboot...

#8 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 06 April 2011 - 05:46 PM

fixer-man_nick,

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).

Also please let me know how things seem on your end now.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#9 fixer-man_nick

Authentic Member

Authentic Member
29 posts

Posted 07 April 2011 - 02:55 AM

Tomk Malwarebytes scan was clear therefore nothing to check or remove. Log posted below. Everything seems OK and Spotify is gone. Nick. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6296 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 07/04/2011 09:12:34 mbam-log-2011-04-07 (09-12-33).txt Scan type: Quick scan Objects scanned: 158842 Time elapsed: 10 minute(s), 45 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

#10 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 07 April 2011 - 08:26 AM

fixer-man_nick, Please run a scan with OTL again for me to give, hopefully, one last look. Leave the default settings on everything and there should be just one log produced this time.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

Advertisements

Register to Remove

#11 fixer-man_nick

Authentic Member

Authentic Member
29 posts

Posted 07 April 2011 - 10:32 AM

Tomk

OTL log as requested.

Nick

OTL logfile created on: 07/04/2011 16:54:10 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Nicholas\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

447.00 Mb Total Physical Memory | 124.00 Mb Available Physical Memory | 28.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 81.34 Gb Free Space | 71.05% Space Free | Partition Type: NTFS

Computer Name: PERSONAL-E765D1 | User Name: Nicholas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Nicholas\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
PRC - C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe (Entriq, Inc.)
PRC - C:\Program Files\Entriq\MediaSphere\3.8.2.9\EntriqMediaServer.exe (Entriq, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I091.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
PRC - C:\WINDOWS\system32\VTTrayp.exe (S3 Graphics Co., Ltd.)
PRC - C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe (THOMSON Telecom Belgium)
PRC - C:\Program Files\Iomega\AutoDisk\ADService.exe (Iomega Corporation)
PRC - C:\Program Files\Iomega\AutoDisk\ADUserMon.exe (Iomega Corporation)
PRC - C:\Program Files\Iomega\DriveIcons\Imgicon.exe (Iomega)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Nicholas\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)
MOD - C:\Program Files\Iomega\DriveIcons\Imghook.dll (Iomega Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Iomega Activity Disk2) -- File not found
SRV - (HidServ) -- File not found
SRV - (CarboniteService) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ASKService) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
SRV - (KService) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (Iomega App Services) -- C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)
SRV - (_IOMEGA_ACTIVE_DISK_SERVICE_) -- C:\Program Files\Iomega\AutoDisk\ADService.exe (Iomega Corporation)

========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ppa3) -- C:\WINDOWS\system32\DRIVERS\ppa3.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (Intels51) Intel® -- C:\WINDOWS\system32\drivers\IntelS51.sys (Intel Corporation)
DRV - (iomdisk) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys (Iomega Corporation)
DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)
DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Ask"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: firetorrent@radicalsoft.com:2.0.3
FF - prefs.js..extensions.enabledItems: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..keyword.URL: "http://uk.yhs.search...2-tb-web_uk&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/02/07 12:08:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/02/23 19:08:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/02 15:12:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/02 15:12:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/20 01:46:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/03/23 12:33:33 | 000,000,000 | ---D | M]

[2010/10/31 14:33:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Extensions
[2010/10/31 14:33:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/04/07 15:35:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions
[2011/03/31 12:33:50 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/27 10:49:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/12 19:47:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/04/02 15:19:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/31 12:33:58 | 000,000,000 | ---D | M] (ZoneAlarm Community Toolbar) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
[2006/12/24 14:42:21 | 000,000,000 | ---D | M] (fraudeliminator) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{AEA25BF2-82A7-481c-9E0C-2639C802D17A}
[2009/02/08 22:38:59 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/03/26 14:24:09 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/12/11 21:52:30 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/08/25 23:20:52 | 000,000,000 | ---D | M] (FireTorrent) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\firetorrent@radicalsoft.com
[2011/04/02 15:13:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\nostmp
[2011/04/07 15:35:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\extensions\staged
[2010/06/11 18:32:42 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\searchplugins\ask.uk.xml
[2011/04/01 16:25:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/08 21:59:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/28 22:39:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/07 20:15:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/02 00:52:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\NICHOLAS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\S69WCYU0.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2011/02/23 19:08:44 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2010/05/08 21:58:59 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/02 15:12:29 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2005/06/01 23:26:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\FEMozMod.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/12/14 19:47:20 | 000,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll
[2011/04/02 15:12:35 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/04/02 15:12:35 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/04/02 15:12:35 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/04/02 15:12:35 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/04/02 15:12:35 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/06/19 20:56:16 | 000,000,698 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)
O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (FraudEliminator) - {A5181F8A-0B9D-43AC-8BE5-EB61651DB685} - C:\Program Files\FraudEliminator\2.3.4\FETB.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe (Iomega Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe (Iomega)
O4 - HKLM..\Run: [EPSON Stylus C48 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [five Media Manager Tray] C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe (Entriq, Inc.)
O4 - HKLM..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\Imgicon.exe (Iomega)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Nicholas\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([support] https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {46431044-1B22-4EF3-B333-863AAF310153} http://download.five...ive_3_4_0_8.cab (five Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1231005245375 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} http://download.five...0_10_Silent.cab (MediaControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://remote.brita...perSetupSP1.cab (JuniperSetupSP1 Control)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/25 09:49:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/07 08:57:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/07 08:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/07 08:57:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/06 23:49:55 | 000,000,000 | ---D | C] -- C:\_OTL
[1 C:\Documents and Settings\Nicholas\*.tmp files -> C:\Documents and Settings\Nicholas\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/07 08:57:28 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/07 08:33:21 | 000,001,650 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\tiscali broadband.lnk
[2011/04/07 08:03:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/07 08:01:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/03 11:19:58 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/31 22:45:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/28 10:47:47 | 000,453,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/28 10:47:46 | 000,074,794 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/17 23:41:33 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/09 00:37:01 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\Documents and Settings\Nicholas\*.tmp files -> C:\Documents and Settings\Nicholas\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/07 08:57:28 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/07 08:33:21 | 000,001,650 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\tiscali broadband.lnk
[2011/04/02 15:12:57 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2009/12/26 21:09:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/12/26 02:19:36 | 000,048,316 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/04/19 20:29:42 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2008/09/06 15:22:03 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\eappcfg.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/09 13:25:11 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/23 19:34:13 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/03/04 19:51:23 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/02/15 13:34:49 | 000,096,249 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006/02/15 13:34:49 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006/02/15 13:34:49 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2006/02/15 13:34:49 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2006/02/15 13:34:49 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2006/02/15 13:34:49 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2006/02/15 13:34:49 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2006/02/15 13:34:49 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2006/02/15 13:34:49 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2006/02/15 13:34:49 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2006/02/15 13:34:49 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2006/02/15 13:34:49 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2006/02/15 13:34:49 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2006/02/15 13:34:49 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2006/02/15 13:34:49 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2006/02/15 13:34:49 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2006/02/15 13:34:49 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/02/15 13:32:55 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE C48EU.ini
[2005/12/25 16:05:21 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\Rtusd.dll
[2005/12/25 16:05:21 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\RTUSD.INI
[2005/12/25 16:05:20 | 000,290,816 | ---- | C] () -- C:\WINDOWS\Carmctrl.dll
[2005/12/17 23:36:15 | 000,000,073 | ---- | C] () -- C:\WINDOWS\hdkctnts.ini
[2005/09/14 17:52:04 | 000,000,081 | ---- | C] () -- C:\WINDOWS\Q-PLUS.INI
[2005/07/11 14:46:35 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2005/07/11 12:59:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/07/11 12:59:37 | 000,099,970 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/07/11 12:59:09 | 000,007,724 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/06/25 19:24:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinInit.ini.backup
[2005/06/25 17:15:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/25 15:32:41 | 000,005,606 | R--- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/06/25 10:38:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/06/25 10:37:40 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/06/25 10:13:38 | 000,000,356 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/06/25 09:57:39 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2005/06/25 09:57:33 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2005/06/25 09:57:32 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2005/06/25 09:57:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2005/06/25 09:57:26 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2005/06/25 09:57:26 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2005/06/25 09:57:26 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2005/06/25 09:56:47 | 000,003,541 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2005/06/25 09:56:46 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005/06/25 09:51:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/06/25 09:46:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,453,828 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,074,794 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >

#12 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 07 April 2011 - 11:00 AM

fixer-man_nick,

Just a little straightening up...

Your Java is out of date.

Java™ 6 can be updated from the Java Control Panel. Go Start > Control Panel(Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

Double click on OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :

:Processes

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

:Commands
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top

Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Reboot your computer

Please post the OTL log.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#13 fixer-man_nick

Authentic Member

Authentic Member
29 posts

Posted 07 April 2011 - 05:04 PM

Tomk I've updated Java and run the fix. OTL log below. Nick All processes killed ========== PROCESSES ========== ========== OTL ========== Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. ========== COMMANDS ========== Restore points cleared and new OTL Restore Point set! [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 1056152 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 1984440 bytes ->Temporary Internet Files folder emptied: 582082 bytes User: Nicholas ->Temp folder emptied: 12635354 bytes ->Temporary Internet Files folder emptied: 210062 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 66217856 bytes ->Apple Safari cache emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 1306 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3433166 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 9323 bytes Total Files Cleaned = 82.00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04072011_231008 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\Nicholas\Local Settings\Temp\etilqs_lQkTerP6YNi8zsv not found! C:\Documents and Settings\Nicholas\Local Settings\Temp\~DFD8B9.tmp moved successfully. C:\Documents and Settings\Nicholas\Local Settings\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\startupCache\startupCache.4.little moved successfully. File move failed. C:\Documents and Settings\Nicholas\Local Settings\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\Cache\_CACHE_001_ scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Nicholas\Local Settings\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\Cache\_CACHE_002_ scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Nicholas\Local Settings\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\Cache\_CACHE_003_ scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Nicholas\Local Settings\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\Cache\_CACHE_MAP_ scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Nicholas\Local Settings\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\urlclassifier3.sqlite scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Nicholas\Local Settings\Application Data\Mozilla\Firefox\Profiles\s69wcyu0.default\XUL.mfl scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. File\Folder C:\WINDOWS\temp\ZLT00955.TMP not found! Registry entries deleted on Reboot...

#14 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 07 April 2011 - 05:15 PM

fixer-man_nick,

That should do it. :thumbup:

A little cleanup:

Double click on OTL to run it.
Click on CleanUp!
When done, you will be prompted to restart your computer. Please restart your computer.

Don't forget to restart any AV programs that you shut off.

The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

Also: "How to prevent malware"
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved. :thumbup:

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#15 fixer-man_nick

Authentic Member

Authentic Member
29 posts

Posted 08 April 2011 - 03:59 PM

Tomk All done. Thank you so much for all your help. Nick.

Body Background

skin color theme