Thankyou for your help
Here is the Highjackthis log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:33:25, on 16/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\KService\KService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 Technologies 3D Room Planner) - http://magnet.2020.net/virtualplanner/C ... _Win32.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/33.06/uploader2.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInCon ... ontrol.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 4571785562
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0680357593
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.co.uk/downloads ... ofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.co.uk/downloads ... ofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.co.uk/downloads ... ofupld.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/app ... OFILER.CAB
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} (Bonusprint Image Uploader Version 6.x Control) - http://webalbum.bonusprint.com/ukipc01/ ... oader6.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Fac ... der4_5.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crl ... crlocx.ocx
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://smarthumanlogistics.webex.com/c ... eatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1678CC5-DC47-40D3-84CE-F00E0E69C957}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 10703 bytes
Here is the COMBOFIX LOG as requested
ComboFix 10-09-15.01 - Rob Leach 16/09/2010 8:44.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.160 [GMT 1:00]
Running from: c:\documents and settings\Rob Leach\Desktop\ComboFix.exe
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {81F4C1AC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {8248B4DC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {827A0B24-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {8295A2A4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {BADB0D00-FFA4-00FF-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81D184E4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81DC3C44-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81DE3DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81E3ABFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81E6C334-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81EE4334-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81EF4054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F15DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F25A1C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F314B4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F42054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F5235C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F58DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F5ABFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F62054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F7B9CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81F8F35C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FA75F4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FB1054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FB2DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FB3054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FB5BFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FC6914-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FD73DC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FDA054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FDBB64-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FE5054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FED054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {81FF12C4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82005DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8200761C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8200E054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82010DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8201369C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8202B334-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82035BFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82039054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8204CB64-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8204DDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82066924-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8206E054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8207B054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8207FDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820812BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8208D054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82090DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8209156C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82094BFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8209E5F4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820A5A1C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820AD054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820AE2BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820BE054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820C4054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820C8054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820E8B64-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820ED69C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820F3054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {820FF5AC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {821019A4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8210D62C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82114054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82128DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8212E5CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82134CA4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82144054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8214E784-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82150DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82171C0C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8218E054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {821A2974-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82263DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {822C1054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {822F7054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {823AD23C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {823BE5AC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {823D0054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {823E63E4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {823F1864-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {823F5BFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8240F054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82428C74-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82428CE4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82432DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82436DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82437DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8243E8BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8243EDDC-FFA4-00FF-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82457BFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8247740C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82477A6C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82484DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824898AC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8249239C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824954B4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824959A4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824B158C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824B6A44-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824D99BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824EB67C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {824FA9F4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82500AEC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {825612D4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82564924-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8257C7BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {825A4DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {825D15CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {826C8054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {826CFDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8270EBFC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8271180C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827286BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827296CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82736DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82739724-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8273BDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8273E59C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82741594-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827453BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82750B64-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82753DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82758DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82759DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8275FDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8276233C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8276D3AC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82777704-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82778924-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8278A91C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8278CCEC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82791DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82792844-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82796864-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8279E054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827A05A4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827A948C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827B23BC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827B9294-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827BD4D4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827D42DC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827DADDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827E1054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827E24E4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827E4984-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {827EF054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8281741C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82817CC4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82822054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82834804-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82838B24-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82880B24-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {828AA538-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {828CAC24-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {828CDDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {828CEA9C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {828CFDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {828DA9B4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {828F8934-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8290CDDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8292A054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8293B054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8293CC44-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82979DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8297A504-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82981ADC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82982B5C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {829832E4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {829911CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8299243C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8299B324-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {829B82CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {829BAD0C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82A3A7AC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82A8531C-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82A9BCEC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {82B1ADDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FEACA474-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FF1695CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FF74C5CC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FFB68054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FFB722C4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FFB72DDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FFB7A9D4-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FFBB6054-FFA4-00DC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {FFBBADDC-FFA4-00DC-0D24-347CA8A3377C}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Pamela\Application Data\alot
c:\documents and settings\Pamela\Application Data\Dealio
c:\documents and settings\Pamela\Application Data\Dealio\res\widgets.xml
c:\documents and settings\Pamela\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\documents and settings\Rob Leach\Application Data\alot
c:\documents and settings\Rob Leach\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Rob Leach\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\Rob Leach\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\Rob Leach\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\Rob Leach\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\Rob Leach\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\Rob Leach\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\Rob Leach\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\Rob Leach\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\Rob Leach\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\Rob Leach\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\configurator\configurator.xml
c:\documents and settings\Rob Leach\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\Rob Leach\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\products\products.xml
c:\documents and settings\Rob Leach\Application Data\alot\products\products.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\Rob Leach\Application Data\alot\Resources\BrowserSearch\images\favicon.ico
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_2\images\default_1610_alot_weather_search.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_2\images\default_1610_alot_weather_search.png
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_3\images\default_1007_alot_weather_widget.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_3\images\default_1007_alot_weather_widget.png
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_4\images\default_1606_alot_new_newsrss.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_4\images\default_1606_alot_new_newsrss.png
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_5\images\default_1609_alot_wea_radar.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_5\images\default_1609_alot_wea_radar.png
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_6\images\default_1524_alot_wea_info.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_6\images\default_1524_alot_wea_info.png
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_7\images\1600_icon.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_7\images\1600_icon.png
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_7\images\default_1520_alot_par_tips.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_7\images\default_1520_alot_par_tips.png
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_8\images\default_1795_alot_configure.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Button_8\images\default_1795_alot_configure.png
c:\documents and settings\Rob Leach\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\contextMenu\images\alot_icon.png
c:\documents and settings\Rob Leach\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\Rob Leach\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\Rob Leach\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\Rob Leach\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\toolbar.xml
c:\documents and settings\Rob Leach\Application Data\alot\toolbar.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml
c:\documents and settings\Rob Leach\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\Rob Leach\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup
c:\documents and settings\Rob Leach\Application Data\alot\Updater\Updater.xml
c:\documents and settings\Rob Leach\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\Rob Leach\Application Data\Dealio
c:\documents and settings\Rob Leach\Application Data\Dealio\res\widgets.xml
c:\documents and settings\Rob Leach\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\IE\4.0.2\config.ini
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\windows\daemon.dll
c:\windows\desktop
c:\windows\desktop\directory scanner 1.8.lnk
c:\windows\ewuvudamumokek.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((((( Files Created from 2010-08-16 to 2010-09-16 )))))))))))))))))))))))))))))))
.
2010-09-15 20:19 . 2010-09-15 20:19 -------- d-----w- c:\windows\system32\MpEngineStore
2010-09-15 19:24 . 2010-09-15 19:24 -------- d-----w- c:\program files\Sophos
2010-09-15 19:11 . 2009-07-31 09:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-09-15 19:11 . 2008-04-13 21:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-09-15 19:11 . 2008-04-14 04:41 81920 ------w- c:\windows\system32\ieencode.dll
2010-09-15 17:47 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-09-15 17:46 . 2008-08-14 10:04 138496 -c----w- c:\windows\system32\dllcache\afd.sys
2010-09-15 17:46 . 2010-06-21 15:27 354304 -c----w- c:\windows\system32\dllcache\srv.sys
2010-09-15 17:46 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-15 17:46 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-09-15 17:46 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-15 17:44 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-09-15 17:43 . 2010-06-24 12:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-09-15 17:43 . 2010-06-24 12:21 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-09-15 17:43 . 2010-06-24 12:21 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-09-15 17:43 . 2010-06-24 12:21 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-09-15 17:43 . 2010-06-24 12:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-15 17:43 . 2010-06-24 12:21 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-09-15 17:43 . 2010-06-24 16:51 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-09-15 17:42 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-09-15 17:39 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-09-15 17:39 . 2010-06-14 07:41 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-09-15 17:38 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-09-15 16:48 . 2010-09-15 16:48 -------- d-----w- c:\windows\dell
2010-09-15 16:21 . 2004-08-12 14:09 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2010-09-15 16:21 . 2004-08-12 14:09 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-09-15 16:19 . 2004-08-12 13:59 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2010-09-15 16:18 . 2004-08-12 13:56 18944 -c--a-w- c:\windows\system32\dllcache\cprofile.exe
2010-09-15 16:16 . 2004-08-12 13:58 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-09-15 15:58 . 2004-08-12 13:58 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-09-15 15:58 . 2004-08-12 13:58 13312 ----a-w- c:\windows\system32\irclass.dll
2010-09-15 15:58 . 2004-08-12 14:06 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-09-15 15:58 . 2004-08-12 14:06 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-09-02 07:36 . 2010-09-02 07:36 -------- d-sh--w- c:\documents and settings\Pamela\IECompatCache
2010-08-26 08:47 . 2010-08-26 08:59 -------- d-----w- c:\program files\Game_Maker8
2010-08-25 16:11 . 2010-08-25 16:17 -------- d-----w- c:\documents and settings\Rob Leach\Application Data\Recolored
2010-08-22 18:03 . 2010-08-27 17:03 120 ----a-w- c:\windows\Kvaxurizevuladi.dat
2010-08-22 18:03 . 2010-08-27 09:37 0 ----a-w- c:\windows\Ijeko.bin
2010-08-22 18:03 . 2010-08-22 18:03 -------- d-----w- c:\documents and settings\Pamela\Local Settings\Application Data\{EE05DBD9-60A5-46A1-AB87-419928FDB750}
2010-08-22 14:07 . 2010-08-22 14:07 -------- d-----w- c:\documents and settings\Rob Leach\Application Data\Malwarebytes
2010-08-22 14:06 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-22 14:06 . 2010-08-22 14:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-22 14:06 . 2010-08-22 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-22 14:06 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-22 13:04 . 2010-08-22 13:04 -------- d-----w- c:\documents and settings\Rob Leach\Local Settings\Application Data\{FEEE23C1-C7F7-4ECC-BA99-B01CB8CF3A4D}
2010-08-22 13:03 . 2010-08-22 15:27 -------- d-----w- c:\documents and settings\Rob Leach\Local Settings\Application Data\puxjmjdvd
2010-08-22 13:03 . 2010-09-16 08:04 785408 ----a-w- c:\windows\system32\drivers\qbidwz.sys
2010-08-17 13:17 . 2010-08-17 13:17 58880 -c----w- c:\windows\system32\dllcache\spoolsv.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 08:01 . 2005-03-02 13:45 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2010-09-16 08:01 . 2005-03-02 13:45 288 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2010-09-16 05:51 . 2009-02-09 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-09-15 19:13 . 2004-08-10 13:13 79027 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-09-15 16:32 . 2005-03-05 15:25 113320 ----a-w- c:\documents and settings\Rob Leach\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-15 16:15 . 2004-08-10 13:02 23444 ----a-w- c:\windows\system32\emptyregdb.dat
2010-09-09 16:18 . 2010-04-27 06:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-04 12:07 . 2007-12-27 08:00 -------- d-----w- c:\documents and settings\Rob Leach\Application Data\BitTorrent
2010-09-02 15:53 . 2006-11-25 10:34 -------- d-----w- c:\program files\SpywareBlaster
2010-08-19 10:09 . 2009-09-04 06:17 -------- d-----w- c:\program files\Ken Rename
2010-08-17 13:17 . 2004-08-12 14:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-05 05:06 . 2008-01-19 15:28 -------- d-----w- c:\program files\Songbeat
2010-08-05 05:03 . 2005-03-02 13:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-05 04:58 . 2010-05-19 15:54 -------- d-----w- c:\program files\Red Chair Software
2010-07-29 06:57 . 2010-07-29 06:57 -------- d-----w- c:\documents and settings\Rob Leach\Application Data\Cycling '74
2010-07-29 06:48 . 2006-04-07 17:33 -------- d-----w- c:\program files\PhotoArtMaster Classic
2010-07-29 06:47 . 2007-08-20 20:52 -------- d-----w- c:\program files\Microsoft Digital Image 2006
2010-07-28 12:23 . 2010-07-28 12:18 -------- d-----w- c:\documents and settings\Rob Leach\Application Data\gtk-2.0
2010-07-28 11:54 . 2007-10-23 05:56 -------- d-----w- c:\documents and settings\Rob Leach\Application Data\AVS4YOU
2010-07-28 11:54 . 2010-07-09 13:31 -------- d-----w- c:\program files\AVS4YOU
2010-07-26 21:09 . 2009-06-19 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-26 20:04 . 2010-07-26 20:04 2605008 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-07-22 15:49 . 2004-08-12 14:04 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-18 13:49 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-16 16:42 . 2009-03-31 07:52 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 16:42 . 2010-07-16 16:42 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 16:41 . 2009-03-31 07:52 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-12 16:28 . 2006-05-14 17:26 112936 ----a-w- c:\documents and settings\Pamela\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-30 12:31 . 2004-08-12 14:04 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-12 14:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-12 14:09 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-12 14:06 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 17:45 . 2004-08-12 14:09 293376 ----a-w- c:\windows\system32\winsrv.dll
2009-03-05 19:32 . 2009-03-05 19:31 2788800 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2007-12-29 20:58 . 2007-12-29 20:58 33426015 ----a-w- c:\program files\Common Files\data.dpk
2006-05-03 09:06 . 2008-08-12 08:27 163328 --sha-r- c:\windows\SYSTEM32\flvDX.dll
2007-02-21 10:47 . 2008-08-12 08:27 31232 --sha-r- c:\windows\SYSTEM32\msfDX.dll
2008-03-16 12:30 . 2008-08-12 08:27 216064 --sha-r- c:\windows\SYSTEM32\nbDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-11 4583424]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 16:42 12536 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
backup=c:\windows\pss\DSLMON.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Rob Leach^Start Menu^Programs^Startup^Notmad Manager.lnk]
path=c:\documents and settings\Rob Leach\Start Menu\Programs\Startup\Notmad Manager.lnk
backup=c:\windows\pss\Notmad Manager.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataCaching
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
2003-02-20 16:27 110592 ----a-w- c:\windows\SYSTEM32\CTASIO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-06 20:07 323392 ----a-w- c:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-27 02:10 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-03-18 01:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
2002-09-30 01:00 45056 ----a-w- c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2003-02-20 16:45 28672 ----a-w- c:\windows\SYSTEM32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2002-10-29 09:18 49152 ----a-w- c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 16:05 81920 ----a-w- c:\program files\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-10-12 16:54 57344 ----a-w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2004-06-29 11:23 135168 ----a-w- c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
2003-09-03 20:12 221184 ----a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2005-12-12 10:23 2236416 ----a-w- c:\windows\kdx\KHost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2003-08-29 13:17 188416 ----a-w- c:\program files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2003-08-29 13:20 77824 ----a-w- c:\program files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-04-08 17:43 1953792 ----a-w- c:\program files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\SYSTEM32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-11-11 17:10 4583424 ----a-w- c:\windows\SYSTEM32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-10-25 18:58 282624 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 11:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-08 19:58 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-01-15 20:12 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2008-12-09 10:12 234856 ----a-w- c:\program files\TomTom HOME 2\HOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 01:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 01:00 90112 ----a-w- c:\windows\Updreg.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\NetMeeting\\CONF.EXE"=
"c:\\WINDOWS\\kdx\\KHost.exe"=
"c:\\Program Files\\KService\\KService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"c:\\Program Files\\Photo Story 3 for Windows\\PhotoStory3.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 d347bus;d347bus;c:\windows\SYSTEM32\DRIVERS\d347bus.sys [11/09/2005 10:20 155136]
R0 d347prt;d347prt;c:\windows\SYSTEM32\DRIVERS\d347prt.sys [11/09/2005 10:20 5248]
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [31/03/2009 07:45 64160]
R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [11/02/2009 21:10 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [31/03/2009 08:52 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [31/03/2009 08:52 243024]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08/01/2010 01:51 380928]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [16/07/2010 17:42 308136]
S1 clmhufow;clmhufow;\??\c:\windows\system32\drivers\clmhufow.sys --> c:\windows\system32\drivers\clmhufow.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19/05/2010 14:43 136176]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\SYSTEM32\DRIVERS\BUSB2902.sys [05/11/2007 11:54 110272]
S3 MAUSBML;Service for M-Audio Micro (WDM);c:\windows\SYSTEM32\DRIVERS\mausbmr.sys [16/02/2010 18:41 124800]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7.tmp --> c:\windows\system32\7.tmp [?]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\SYSTEM32\DRIVERS\LV532AV.SYS [21/04/2005 13:12 152576]
S3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\DRIVERS\ss.sys --> c:\windows\system32\DRIVERS\ss.sys [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - qbidwz
.
Contents of the 'Scheduled Tasks' folder
2010-09-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-30 19:44]
2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 13:43]
2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 13:43]
2010-09-15 c:\windows\Tasks\User_Feed_Synchronization-{AA2B31D1-1639-48B5-BD6F-841FB6A9896D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
2010-09-16 c:\windows\Tasks\User_Feed_Synchronization-{E7B292D1-9F90-4728-AB45-9512483DC2FB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
TCP: {D1678CC5-DC47-40D3-84CE-F00E0E69C957} = 192.168.0.1
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://magnet.2020.net/virtualplanner/C ... _Win32.cab
DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} - hxxp://webalbum.bonusprint.com/ukipc01/ ... oader6.cab
.
- - - - ORPHANS REMOVED - - - -
BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
Toolbar-Locked - (no file)
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-16 09:04
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\7.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qbidwz]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2473042307-2296272667-3059070584-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2473042307-2296272667-3059070584-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D90124BF-EFC2-E9ED-E1C0-275EB787C177}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaemodbinpkdimicdj"=hex:6b,61,6c,65,61,66,63,62,61,6d,61,63,70,63,62,70,69,61,
6c,67,61,6c,00,00
"haolhigcgnmjdgmc"=hex:6b,61,69,65,67,66,67,70,62,6f,66,66,6d,6e,65,67,6e,68,
6b,66,6c,6e,00,00
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2172)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTJBNS.DLL
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTIntrfc.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSHK.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSRES.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\KService\KService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\AVG\AVG9\avgnsx.exe
.
**************************************************************************
.
Completion time: 2010-09-16 09:11:53 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-16 08:11
Pre-Run: 50,445,377,536 bytes free
Post-Run: 50,849,857,536 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 91333C72FE686BDB2BE20C15BF0FF5C0