XP Security 2011 - Tried RKill, MBytes etc

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

XP Security 2011 - Tried RKill, MBytes etc Please find HKT log etc

#1 SentinelX

New Member

Group: Members
Posts: 9
Joined: 08-May 11

Posted 08 May 2011 - 04:25 AM

Hello
This started a week ago and Ikeep feeling it is nearly gone but it manages to re-establish itself.
Old machine (p4) running XP SP3.
I have run throught the recommended procedure (Rkill,Malware Bytes with all windows closed etc as well as Spybot, and virus scans (on-board and on-line)) but am still getting Diverts from intended IE pages and cannot acces Windows Updates (and automatic updates are permenantly shut down).

Current state before taking logs; the Shield has been removed from the system tray and I am receiving none of the fake virus messages or security panel blah. It's only evident something is run when using explorer with the diverts to ads etc and the inability to access Windows or Microsoft updates.

Here are my logs and many thanks in advance for any assistance you can give:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:55:03, on 08/05/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\myPhoneDesktop\bin\myPhoneDesktop.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by MSN & Bing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EPSON Stylus Photo RX700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9IE.EXE /P31 "EPSON Stylus Photo RX700 Series" /O6 "USB001" /M "Stylus Photo RX700"
O4 - HKLM\..\Run: [AS00_WN311B] C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [wmupdater] "C:\Program Files\updater.exe" -update
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [1IZW6X7C2A1J6V1EYTZX] C:\0filsys.bin\0filsys.bin.exe /q
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-3435812428-418490181-440653411-1006\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Karen Cochrane')
O4 - HKUS\S-1-5-21-3435812428-418490181-440653411-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Karen Cochrane')
O4 - HKUS\S-1-5-21-3435812428-418490181-440653411-1006\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Karen Cochrane')
O4 - HKUS\S-1-5-21-3435812428-418490181-440653411-1006\..\Run: [RIMDeviceManager] "C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer (User 'Karen Cochrane')
O4 - HKUS\S-1-5-21-3435812428-418490181-440653411-1006\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (User 'Karen Cochrane')
O4 - HKUS\S-1-5-21-3435812428-418490181-440653411-1008\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (User 'Lewis Cochrane')
O4 - HKUS\S-1-5-21-3435812428-418490181-440653411-1008\..\RunOnce: [Shockwave Updater] C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.4; (R1 1.5); .NET CLR 1.1.4322; Sky Broadband; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; Sky Broadband)" -"http://www.miniclip.com/games/on-the-run/en/" (User 'Lewis Cochrane')
O4 - HKUS\S-1-5-21-3435812428-418490181-440653411-1009\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Ellie Cochrane')
O4 - HKUS\S-1-5-21-3435812428-418490181-440653411-1010\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Beau Cochrane')
O4 - HKUS\S-1-5-21-3435812428-418490181-440653411-1010\..\RunOnce: [Shockwave Updater] C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.4; (R1 1.3); .NET CLR 1.1.4322; Sky Broadband; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; Sky Broadband)" -"http://www.miniclip.com/games/motocross-fever/en/" (User 'Beau Cochrane')
O4 - HKUS\S-1-5-21-3435812428-418490181-440653411-500\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Administrator')
O4 - HKUS\S-1-5-21-3435812428-418490181-440653411-501\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Guest')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: myPhoneDesktop.lnk = C:\Program Files\myPhoneDesktop\bin\myPhoneDesktop.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.photogize.com/bponet/ImageUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123535274015
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cochrane33.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9C3E8350-5873-4D8E-A1D4-DCB9E885E86D} -
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E33968CE-FF77-4DC3-A052-2921C0D60177} (LoaderOnline Class) - https://www.remotecontrol26.co.uk/DMS%20Website/Kiosk/Bootstrap270/2.7.1.151/BootstrapXP.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?316
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 16079 bytes

DDS File below:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Robert Cochrane at 9:50:35.26 on 08/05/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1594 [GMT 1:00]
.
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00D2-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00EB-0D24-347CA8A3377C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\myPhoneDesktop\bin\myPhoneDesktop.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Robert Cochrane\Local Settings\Temporary Internet Files\Content.IE5\C7DM6N3D\dds[1].scr
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uWindow Title = Windows Internet Explorer provided by MSN & Bing
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - No File
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [1IZW6X7C2A1J6V1EYTZX] c:\0filsys.bin\0filsys.bin.exe /q
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [EPSON Stylus Photo RX700 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9IE.EXE /P31 "EPSON Stylus Photo RX700 Series" /O6 "USB001" /M "Stylus Photo RX700"
mRun: [AS00_WN311B] c:\program files\netgear\wn311b\utility\WN311B.exe -hide
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [wmupdater] "c:\program files\updater.exe" -update
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\robert~1\startm~1\programs\startup\myphon~1.lnk - c:\program files\myphonedesktop\bin\myPhoneDesktop.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: lloydstsb.co.uk
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} - hxxp://protect.microsoft.com/security/protect/wsa/shared/CAB/x86/msSecAdv.cab?1095962120609
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://spaces.msn.com//PhotoUpload/MsnPUpld.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.photogize.com/bponet/ImageUploader5.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123535274015
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://housecall.trendmicro-europe.com/housecall/Xscan53.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://cochrane33.spaces.live.com/PhotoUpload/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab
DPF: {9C3E8350-5873-4D8E-A1D4-DCB9E885E86D}
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://crucial.com/controls/cpcScanner.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/msnmessengersetupdownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E33968CE-FF77-4DC3-A052-2921C0D60177} - hxxps://www.remotecontrol26.co.uk/DMS%20Website/Kiosk/Bootstrap270/2.7.1.151/BootstrapXP.cab
DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab31267.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?316
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\robert~1\applic~1\mozilla\firefox\profiles\9wc6du4m.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.msn.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-5 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-5 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-5 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-5 61960]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-5 54752]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2008-5-17 16194]
S1 SASKUTIL;SASKUTIL; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S2 HPFECP14;HPFECP14;c:\windows\system32\drivers\HPFecp14.sys [1998-9-25 52800]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2007-9-22 17149]
S3 dsreader;MaxDrive Driver (dsreader.sys);c:\windows\system32\drivers\dsreader.sys [2001-1-2 19677]
S3 efipsk;efipsk; [x]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-12-25 36608]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-5-2 16968]
S3 TNET1130;D-Link AirPlus XtremeG+ Wireless Adapter;c:\windows\system32\drivers\GPlus.sys [2004-12-12 162313]
S3 UKS11LDR;M-Audio USB Keystation Loader; [x]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-9-3 14336]
S4 SurfPass;SurfPass; [x]
.
=============== Created Last 30 ================
.
2011-05-07 14:44:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-07 14:40:24 -------- d-----w- c:\docume~1\robert~1\applic~1\Avira
2011-05-04 21:25:01 -------- d-----w- c:\docume~1\robert~1\locals~1\applic~1\Mozilla
2011-05-04 20:54:50 -------- dc-h--w- c:\windows\ie8
2011-05-02 21:20:38 -------- d-----w- c:\program files\ESET
2011-05-02 20:10:05 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-02 20:09:58 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-05-02 19:15:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2011-05-02 11:18:16 -------- d-----w- c:\docume~1\robert~1\applic~1\FixCleaner
2011-05-02 11:18:01 -------- d-----w- c:\program files\FixCleaner
2011-04-29 17:04:33 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-29 17:04:33 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-14 02:39:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2006-02-06 20:34:11 315624 ----a-w- c:\program files\dxwebsetup.exe
2003-09-14 07:31:44 5317584 ----a-w- c:\program files\DivX51Bundle.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3120026AS rev.8.05 -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-17
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8AD2E730]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8ad34a10]; MOV EAX, [0x8ad34a8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk1\DR1[0x8ADAAAB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x8AD919C8]
\Driver\atapi[0x8AD79B60] -> IRP_MJ_CREATE -> 0x8AD2E730
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8AD2E57B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 9:53:34.25 ===============
Here is my ARK File:
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-08 10:04:02
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdePort0 ST3120026AS rev.8.05
Running: pb17v9mo.exe; Driver: C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\pxtdypod.sys

---- System - GMER 1.0.15 ----

SSDT F7A8882E ZwCreateKey
SSDT F7A88824 ZwCreateThread
SSDT F7A88833 ZwDeleteKey
SSDT F7A8883D ZwDeleteValueKey
SSDT F7A88842 ZwLoadKey
SSDT F7A88810 ZwOpenProcess
SSDT F7A88815 ZwOpenThread
SSDT F7A8884C ZwReplaceKey
SSDT F7A88847 ZwRestoreKey
SSDT F7A88838 ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 120 804E278C 1 Byte [24]
? C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[324] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[324] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D6000A
.text C:\Program Files\Internet Explorer\iexplore.exe[324] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A3000C
.text C:\Program Files\Internet Explorer\iexplore.exe[324] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01209315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[324] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 012DDBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[324] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 012DDD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[324] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 012E4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[324] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01241CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[324] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 013FE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[324] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 013FDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[324] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 013FDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[324] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 013FDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[324] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 013FDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[324] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 013FE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[324] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 013FDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[324] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 012E488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\System32\svchost.exe[668] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EF000A
.text C:\WINDOWS\System32\svchost.exe[668] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F0000A
.text C:\WINDOWS\System32\svchost.exe[668] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00EE000C
.text C:\WINDOWS\System32\svchost.exe[668] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 008A000A
.text C:\WINDOWS\System32\svchost.exe[668] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 01D1000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1724] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1724] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D6000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1724] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A3000C
.text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01209315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 012E4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 013FE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 013FDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 013FDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 013FDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 013FDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 013FE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 013FDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[2728] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[2728] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\Explorer.EXE[2728] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C0000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8AD2E57B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-4 8AD2E57B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8AD2E57B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-c 8AD2E57B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-17 8AD2E57B
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs B037F400

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{7A508776-084A-5ECF-EC13-00D4894DA112}\Control@
Reg HKLM\SOFTWARE\Classes\CLSID\{7A508776-084A-5ECF-EC13-00D4894DA112}\InprocServer32@ C:\Program Files\Microsoft Office\Office\OUTLCTL.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7A508776-084A-5ECF-EC13-00D4894DA112}\InprocServer32@InprocServer32 3@6!!gxsf(Ng]qF`H{LsOUTLOOKNonBootFiles>'4E9*E}mf(y-A__qm]R2?
Reg HKLM\SOFTWARE\Classes\CLSID\{7A508776-084A-5ECF-EC13-00D4894DA112}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7A508776-084A-5ECF-EC13-00D4894DA112}\Insertable@
Reg HKLM\SOFTWARE\Classes\CLSID\{7A508776-084A-5ECF-EC13-00D4894DA112}\ProgID@ DataCtl.DataCtl.1
Reg HKLM\SOFTWARE\Classes\CLSID\{7A508776-084A-5ECF-EC13-00D4894DA112}\VersionIndependentProgID@ DataCtl.DataCtl

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk1\DR1 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

Thank you.

SentinelX

Attached File(s)

Attach.txt (18.53K)
Number of downloads: 0

This post has been edited by SentinelX: 08 May 2011 - 05:30 AM

#2 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 12 May 2011 - 03:47 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Posted Image

One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.

I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

NEXT:

Running TDSSKiller

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

NEXT:

Running OTL

We need to create an OTL Report

Please download OTL from one of the following mirrors:
- This is THE Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized

NEXT:

Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here

The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#3 SentinelX

New Member

Group: Members
Posts: 9
Joined: 08-May 11

Posted 12 May 2011 - 04:44 PM

Hi SweetTech and greetings from London!
First I would just like to say how grateful I am for you giving up your time to help me and all the other users here, it's very good of you.
So to things:
Here is my TDS Log, came up clean with no infections and no warnings:
2011/05/12 22:32:36.0250 4036 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/12 22:32:36.0546 4036 ================================================================================
2011/05/12 22:32:36.0546 4036 SystemInfo:
2011/05/12 22:32:36.0546 4036
2011/05/12 22:32:36.0546 4036 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/12 22:32:36.0546 4036 Product type: Workstation
2011/05/12 22:32:36.0546 4036 ComputerName: FAMILY
2011/05/12 22:32:36.0546 4036 UserName: Robert Cochrane
2011/05/12 22:32:36.0546 4036 Windows directory: C:\WINDOWS
2011/05/12 22:32:36.0546 4036 System windows directory: C:\WINDOWS
2011/05/12 22:32:36.0546 4036 Processor architecture: Intel x86
2011/05/12 22:32:36.0546 4036 Number of processors: 1
2011/05/12 22:32:36.0546 4036 Page size: 0x1000
2011/05/12 22:32:36.0546 4036 Boot type: Normal boot
2011/05/12 22:32:36.0546 4036 ================================================================================
2011/05/12 22:32:36.0875 4036 Initialize success
2011/05/12 22:32:51.0640 3616 ================================================================================
2011/05/12 22:32:51.0640 3616 Scan started
2011/05/12 22:32:51.0640 3616 Mode: Manual;
2011/05/12 22:32:51.0640 3616 ================================================================================
2011/05/12 22:32:52.0375 3616 a016bus (b021d0ae4605ce5df67f06e741278cdf) C:\WINDOWS\system32\DRIVERS\a016bus.sys
2011/05/12 22:32:52.0437 3616 a016mdfl (5b6bc2de851012906d4aae84c802e3f2) C:\WINDOWS\system32\DRIVERS\a016mdfl.sys
2011/05/12 22:32:52.0515 3616 a016mdm (c80cffb5819ccfc97f2b09e2259dfde6) C:\WINDOWS\system32\DRIVERS\a016mdm.sys
2011/05/12 22:32:52.0562 3616 a016mgmt (415243177ff67d3cfba44d931b809bf3) C:\WINDOWS\system32\DRIVERS\a016mgmt.sys
2011/05/12 22:32:52.0640 3616 a016obex (3a853f9b8b69541cde714a83a0a6434e) C:\WINDOWS\system32\DRIVERS\a016obex.sys
2011/05/12 22:32:52.0765 3616 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/05/12 22:32:52.0843 3616 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/12 22:32:52.0937 3616 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/12 22:32:53.0046 3616 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/05/12 22:32:53.0125 3616 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/05/12 22:32:53.0187 3616 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/12 22:32:53.0281 3616 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/05/12 22:32:53.0343 3616 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/12 22:32:53.0406 3616 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/12 22:32:53.0468 3616 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/05/12 22:32:53.0562 3616 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/05/12 22:32:53.0625 3616 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/05/12 22:32:53.0703 3616 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/05/12 22:32:53.0796 3616 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/05/12 22:32:53.0859 3616 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/05/12 22:32:53.0906 3616 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/05/12 22:32:53.0984 3616 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/05/12 22:32:54.0093 3616 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2011/05/12 22:32:54.0187 3616 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/05/12 22:32:54.0234 3616 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/05/12 22:32:54.0328 3616 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
2011/05/12 22:32:54.0390 3616 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/12 22:32:54.0453 3616 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/12 22:32:54.0546 3616 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/12 22:32:54.0609 3616 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/12 22:32:54.0703 3616 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/05/12 22:32:54.0828 3616 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/05/12 22:32:54.0906 3616 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/05/12 22:32:55.0000 3616 AWINDIS5 (f62b70d3209e38a6c19a03109a25b903) C:\WINDOWS\system32\AWINDIS5.SYS
2011/05/12 22:32:55.0171 3616 BCM43XX (7d0bd5c9e92a56775cfac768baba56ca) C:\WINDOWS\system32\DRIVERS\wn311b.sys
2011/05/12 22:32:55.0218 3616 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/12 22:32:55.0359 3616 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/05/12 22:32:55.0437 3616 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/12 22:32:55.0515 3616 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/12 22:32:55.0609 3616 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/05/12 22:32:55.0703 3616 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/12 22:32:55.0796 3616 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/12 22:32:55.0875 3616 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/05/12 22:32:55.0921 3616 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/05/12 22:32:56.0015 3616 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2011/05/12 22:32:56.0125 3616 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/12 22:32:56.0218 3616 cdudf_xp (cfd81f2140193fc7f1812e6d6eaf6795) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2011/05/12 22:32:56.0359 3616 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/05/12 22:32:56.0468 3616 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/05/12 22:32:56.0546 3616 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/05/12 22:32:56.0609 3616 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/05/12 22:32:56.0687 3616 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/12 22:32:56.0781 3616 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/12 22:32:56.0859 3616 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/12 22:32:56.0921 3616 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/12 22:32:57.0000 3616 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/12 22:32:57.0062 3616 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
2011/05/12 22:32:57.0140 3616 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/05/12 22:32:57.0203 3616 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/12 22:32:57.0281 3616 dsreader (05a74d2be6f493c65d7221d1d0e8a23c) C:\WINDOWS\system32\Drivers\dsreader.sys
2011/05/12 22:32:57.0390 3616 dvd_2K (677829f7010768eeeed8d0083e510dab) C:\WINDOWS\system32\drivers\dvd_2K.sys
2011/05/12 22:32:57.0468 3616 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/05/12 22:32:57.0656 3616 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/12 22:32:57.0703 3616 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/12 22:32:57.0765 3616 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/12 22:32:57.0828 3616 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/12 22:32:57.0890 3616 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/12 22:32:57.0984 3616 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/05/12 22:32:58.0078 3616 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
2011/05/12 22:32:58.0140 3616 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/12 22:32:58.0203 3616 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/12 22:32:58.0265 3616 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/05/12 22:32:58.0359 3616 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/12 22:32:58.0468 3616 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/12 22:32:58.0562 3616 hitmanpro35 (30b90793a568281bef70fa57dde305a2) C:\WINDOWS\system32\drivers\hitmanpro35.sys
2011/05/12 22:32:58.0671 3616 HPFECP14 (c47353fd62daa7d13438d5448a6285b1) C:\WINDOWS\System32\drivers\HPFECP14.SYS
2011/05/12 22:32:58.0750 3616 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/05/12 22:32:58.0828 3616 HSFHWBS2 (5bb6ce6c3fac28d4ef5c147e02c19e0b) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/05/12 22:32:58.0937 3616 HSF_DP (842b23035f8f68e79675efb436b6aa94) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/05/12 22:32:59.0046 3616 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/12 22:32:59.0140 3616 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/12 22:32:59.0203 3616 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/05/12 22:32:59.0265 3616 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/12 22:32:59.0328 3616 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2011/05/12 22:32:59.0390 3616 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2011/05/12 22:32:59.0453 3616 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2011/05/12 22:32:59.0500 3616 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2011/05/12 22:32:59.0562 3616 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2011/05/12 22:32:59.0671 3616 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2011/05/12 22:32:59.0750 3616 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2011/05/12 22:32:59.0843 3616 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2011/05/12 22:32:59.0968 3616 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2011/05/12 22:33:00.0062 3616 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2011/05/12 22:33:00.0187 3616 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/12 22:33:00.0265 3616 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/05/12 22:33:00.0359 3616 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2011/05/12 22:33:00.0453 3616 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/12 22:33:00.0531 3616 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/12 22:33:00.0625 3616 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/12 22:33:00.0687 3616 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/12 22:33:00.0765 3616 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/12 22:33:00.0828 3616 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/12 22:33:00.0890 3616 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/12 22:33:00.0984 3616 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/12 22:33:01.0031 3616 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/12 22:33:01.0093 3616 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/12 22:33:01.0171 3616 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/12 22:33:01.0265 3616 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys
2011/05/12 22:33:01.0343 3616 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/12 22:33:01.0562 3616 MaVctrl (1b467fb39d6ee0e7f1970eee5fc07121) C:\WINDOWS\system32\DRIVERS\MaVc2K.sys
2011/05/12 22:33:01.0656 3616 MA_CMIDI (6b5d093711eadd77c789b0150dc4879c) C:\WINDOWS\system32\drivers\ma_cmidi.sys
2011/05/12 22:33:01.0734 3616 mdmxsdk (aeb54ef22cb7c7e3f405f69f048d696c) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/12 22:33:01.0843 3616 mmc_2K (9b90303a9c9405a6ce1466ff4aa20fdd) C:\WINDOWS\system32\drivers\mmc_2K.sys
2011/05/12 22:33:01.0890 3616 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/12 22:33:01.0984 3616 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/12 22:33:02.0031 3616 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/05/12 22:33:02.0093 3616 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/12 22:33:02.0171 3616 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/12 22:33:02.0250 3616 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/12 22:33:02.0328 3616 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/05/12 22:33:02.0406 3616 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/12 22:33:02.0515 3616 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/12 22:33:02.0578 3616 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/12 22:33:02.0625 3616 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/12 22:33:02.0671 3616 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/12 22:33:02.0750 3616 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/12 22:33:02.0812 3616 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/12 22:33:02.0875 3616 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/12 22:33:02.0921 3616 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/12 22:33:03.0046 3616 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/12 22:33:03.0125 3616 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/12 22:33:03.0328 3616 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/12 22:33:03.0484 3616 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/12 22:33:03.0546 3616 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/12 22:33:03.0609 3616 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/12 22:33:03.0703 3616 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/12 22:33:03.0750 3616 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/12 22:33:03.0812 3616 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/12 22:33:03.0968 3616 nmwcd (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/05/12 22:33:04.0046 3616 nmwcdc (60ef5f5621d7832f00a3f190a0c905e2) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/05/12 22:33:04.0109 3616 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/12 22:33:04.0187 3616 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/12 22:33:04.0265 3616 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/12 22:33:04.0390 3616 nv (b93ee8e8ad859dd1890cd5177c49017d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/12 22:33:04.0484 3616 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/12 22:33:04.0546 3616 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/12 22:33:04.0656 3616 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/05/12 22:33:04.0703 3616 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/05/12 22:33:04.0765 3616 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/12 22:33:04.0812 3616 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/12 22:33:04.0890 3616 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/12 22:33:04.0968 3616 PCANDIS5 (58c5ea3de400fe1d08cfeca6d5c14ebd) C:\WINDOWS\system32\PCANDIS5.SYS
2011/05/12 22:33:05.0156 3616 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/05/12 22:33:05.0312 3616 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/12 22:33:05.0437 3616 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/12 22:33:05.0515 3616 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/12 22:33:05.0859 3616 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/05/12 22:33:05.0937 3616 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/05/12 22:33:06.0109 3616 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/12 22:33:06.0171 3616 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/12 22:33:06.0234 3616 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/12 22:33:06.0281 3616 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/12 22:33:06.0375 3616 pwd_2k (d8b90616a8bd53de281dbdb664c0984a) C:\WINDOWS\system32\drivers\pwd_2k.sys
2011/05/12 22:33:06.0468 3616 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/12 22:33:06.0546 3616 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/05/12 22:33:06.0609 3616 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/05/12 22:33:06.0671 3616 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/05/12 22:33:06.0734 3616 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/05/12 22:33:06.0796 3616 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/05/12 22:33:06.0859 3616 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/12 22:33:06.0937 3616 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/12 22:33:07.0000 3616 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/12 22:33:07.0062 3616 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/12 22:33:07.0140 3616 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/12 22:33:07.0203 3616 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/12 22:33:07.0296 3616 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/12 22:33:07.0375 3616 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/12 22:33:07.0437 3616 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/12 22:33:07.0546 3616 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/05/12 22:33:07.0640 3616 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/05/12 22:33:07.0812 3616 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/12 22:33:07.0875 3616 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/12 22:33:07.0937 3616 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/12 22:33:08.0031 3616 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/12 22:33:08.0156 3616 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/05/12 22:33:08.0234 3616 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/12 22:33:08.0312 3616 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys
2011/05/12 22:33:08.0406 3616 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
2011/05/12 22:33:08.0500 3616 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/05/12 22:33:08.0593 3616 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/05/12 22:33:08.0656 3616 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/12 22:33:08.0718 3616 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\System32\DRIVERS\sr.sys
2011/05/12 22:33:08.0812 3616 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/12 22:33:08.0906 3616 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/05/12 22:33:09.0015 3616 ss_bus (bbe84b6cde6771515c2b241a95771e51) C:\WINDOWS\system32\DRIVERS\ss_bus.sys
2011/05/12 22:33:09.0078 3616 ss_mdfl (99493ceb59d7e98aaf05c3b6c453bb73) C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
2011/05/12 22:33:09.0156 3616 ss_mdm (8a701b84bdad9d42f86f0d8658a7b6b6) C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
2011/05/12 22:33:09.0234 3616 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/05/12 22:33:09.0328 3616 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/12 22:33:09.0406 3616 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/12 22:33:09.0484 3616 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/12 22:33:09.0546 3616 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/05/12 22:33:09.0625 3616 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/05/12 22:33:09.0812 3616 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/05/12 22:33:09.0875 3616 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/05/12 22:33:09.0984 3616 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/12 22:33:10.0093 3616 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/12 22:33:10.0156 3616 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/12 22:33:10.0250 3616 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/12 22:33:10.0312 3616 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/12 22:33:10.0421 3616 TNET1130 (8b9942a2e1d3914a4c067aaaa7dae142) C:\WINDOWS\system32\DRIVERS\GPlus.sys
2011/05/12 22:33:10.0500 3616 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2011/05/12 22:33:10.0609 3616 UdfReadr_xp (4e75005b74be901c30f2636df40b0c15) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2011/05/12 22:33:10.0671 3616 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/12 22:33:10.0781 3616 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/05/12 22:33:10.0921 3616 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/12 22:33:11.0015 3616 upperdev (bb16932a4189e82d6c455042c11849b6) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/05/12 22:33:11.0109 3616 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/12 22:33:11.0171 3616 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/12 22:33:11.0281 3616 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/12 22:33:11.0375 3616 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/12 22:33:11.0437 3616 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/12 22:33:11.0531 3616 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/12 22:33:11.0593 3616 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/12 22:33:11.0671 3616 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2011/05/12 22:33:11.0750 3616 UsbserFilt (e748d50b3b2ec7f40a2ba67fb094cf01) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2011/05/12 22:33:11.0812 3616 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/12 22:33:11.0875 3616 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/12 22:33:11.0937 3616 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/12 22:33:12.0031 3616 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/05/12 22:33:12.0109 3616 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/05/12 22:33:12.0171 3616 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/12 22:33:12.0265 3616 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/12 22:33:12.0343 3616 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/05/12 22:33:12.0468 3616 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/05/12 22:33:12.0578 3616 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/12 22:33:12.0656 3616 winachsf (bcdcc21314add47e26f1dfa1605e11c9) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/05/12 22:33:12.0812 3616 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/05/12 22:33:12.0875 3616 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/12 22:33:12.0984 3616 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/12 22:33:13.0093 3616 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/12 22:33:13.0156 3616 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/12 22:33:13.0687 3616 ================================================================================
2011/05/12 22:33:13.0687 3616 Scan finished
2011/05/12 22:33:13.0687 3616 ================================================================================

Here is my OTL.txt Log:
OTL logfile created on: 12/05/2011 22:34:28 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Robert Cochrane\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 10.31 Gb Free Space | 9.23% Space Free | Partition Type: NTFS
Drive E: | 38.28 Gb Total Space | 5.18 Gb Free Space | 13.53% Space Free | Partition Type: NTFS

Computer Name: FAMILY | User Name: Robert Cochrane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/12 22:34:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert Cochrane\Desktop\OTL.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/07/22 11:51:34 | 000,181,248 | ---- | M] (jProductivity, LLC) -- C:\Program Files\myPhoneDesktop\bin\myPhoneDesktop.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/15 09:28:52 | 001,323,008 | ---- | M] ( ) -- C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2003/04/09 16:23:36 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe

========== Modules (SafeList) ==========

MOD - [2011/05/12 22:34:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert Cochrane\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (SurfPass)
SRV - File not found [On_Demand | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008/04/07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/02/13 17:21:38 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2003/04/09 16:23:36 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)

========== Driver Services (SafeList) ==========

DRV - [2011/05/02 21:42:19 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hitmanpro35.sys -- (hitmanpro35)
DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/10/11 14:58:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASPI32.SYS -- (Aspi32)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/03/31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/05/02 11:58:28 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/05/02 11:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/02 11:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ccdcmb.sys -- (nmwcd)
DRV - [2008/05/02 10:58:14 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/01/18 15:16:28 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\a016obex.sys -- (a016obex)
DRV - [2008/01/18 15:16:26 | 000,110,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\a016mdm.sys -- (a016mdm)
DRV - [2008/01/18 15:16:26 | 000,104,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\a016mgmt.sys -- (a016mgmt) Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM)
DRV - [2008/01/18 15:16:24 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\a016mdfl.sys -- (a016mdfl)
DRV - [2008/01/18 15:16:22 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\a016bus.sys -- (a016bus) Sony Ericsson Device A016 driver (WDM)
DRV - [2007/11/14 17:20:04 | 000,031,752 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ma_cmidi.sys -- (MA_CMIDI)
DRV - [2007/09/17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/06/13 14:55:18 | 000,816,896 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wn311b.sys -- (BCM43XX)
DRV - [2007/05/09 19:58:12 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007/02/02 03:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 03:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/08/18 11:44:44 | 000,011,473 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MaVc2K.sys -- (MaVctrl)
DRV - [2005/01/24 15:38:04 | 000,084,512 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ss_mdm.sys -- (ss_mdm)
DRV - [2005/01/24 15:38:04 | 000,006,064 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/01/24 15:38:00 | 000,052,384 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ss_bus.sys -- (ss_bus) Samsung Mobile USB Device 1.0 driver (WDM)
DRV - [2004/08/04 06:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 06:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 06:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 06:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 06:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 06:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 06:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 06:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 06:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 06:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/09/04 23:44:25 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2003/09/04 23:44:25 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2003/09/04 23:44:25 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2003/09/04 23:44:25 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2003/08/13 15:38:16 | 000,016,292 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2003/08/13 07:43:34 | 000,162,313 | R--- | M] (D-Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\GPlus.sys -- (TNET1130)
DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2003/04/09 16:07:18 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/12/17 12:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/10/29 16:38:10 | 000,170,499 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2002/10/29 16:37:36 | 001,175,536 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2002/10/29 16:31:28 | 000,604,240 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sonypvs1.sys -- (sonypvs1)
DRV - [2002/04/11 17:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\AWINDIS5.SYS -- (AWINDIS5)
DRV - [2001/01/02 23:53:00 | 000,019,677 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsreader.sys -- (dsreader) MaxDrive Driver (dsreader.sys)
DRV - [1998/09/25 09:54:28 | 000,052,800 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\HPFECP14.SYS -- (HPFECP14)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3435812428-418490181-440653411-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
IE - HKU\S-1-5-21-3435812428-418490181-440653411-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3435812428-418490181-440653411-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3435812428-418490181-440653411-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3435812428-418490181-440653411-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3435812428-418490181-440653411-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3435812428-418490181-440653411-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-3435812428-418490181-440653411-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3435812428-418490181-440653411-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://uk.msn.com/"
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/04 22:24:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/04 22:25:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert Cochrane\Application Data\Mozilla\Extensions
[2011/05/04 22:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2010/05/30 19:16:56 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/06/17 12:00:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 17:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-3435812428-418490181-440653411-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3435812428-418490181-440653411-1007\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3435812428-418490181-440653411-1007\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - No CLSID value found.
O3 - HKU\S-1-5-21-3435812428-418490181-440653411-1007\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AS00_WN311B] C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe ( )
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EPSON Stylus Photo RX700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9IE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [wmupdater] File not found
O4 - HKU\S-1-5-21-3435812428-418490181-440653411-1007..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Robert Cochrane\Start Menu\Programs\Startup\myPhoneDesktop.lnk = C:\Program Files\myPhoneDesktop\bin\myPhoneDesktop.exe (jProductivity, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3435812428-418490181-440653411-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3435812428-418490181-440653411-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - File not found
O15 - HKU\S-1-5-21-3435812428-418490181-440653411-1007\..Trusted Domains: lloydstsb.co.uk ([]https in Trusted sites)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zone.msn.com/binary/msgrchkr.cab (Checkers Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://protect.microsoft.com/security/protect/wsa/shared/CAB/x86/msSecAdv.cab?1095962120609 (MSSecurityAdvisor Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.photogize.com/bponet/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123535274015 (MUWebControl Class)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://housecall.trendmicro-europe.com/housecall/Xscan53.cab (HouseCall Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://cochrane33.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/MessengerStatsClient.cab (MessengerStatsClient Class)
O16 - DPF: {9C3E8350-5873-4D8E-A1D4-DCB9E885E86D} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/msnmessengersetupdownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab (ZoneIntro Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab (Java Plug-in 1.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E33968CE-FF77-4DC3-A052-2921C0D60177} https://www.remotecontrol26.co.uk/DMS%20Website/Kiosk/Bootstrap270/2.7.1.151/BootstrapXP.cab (LoaderOnline Class)
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} http://messenger.zone.msn.com/binary/Chess.cab31267.cab (ZoneChess Object)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?316 (QDiagHUpdateObj Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Documents and Settings\Robert Cochrane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robert Cochrane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/31 17:45:27 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/12 22:33:54 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert Cochrane\Desktop\OTL.exe
[2011/05/12 22:30:20 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Robert Cochrane\Desktop\TDSSKiller.exe
[2011/05/07 15:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/07 15:44:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/07 15:40:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert Cochrane\Application Data\Avira
[2011/05/06 14:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/05/04 22:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert Cochrane\Local Settings\Application Data\Mozilla
[2011/05/04 22:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert Cochrane\Application Data\Mozilla
[2011/05/04 22:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/05/04 21:54:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/05/04 21:43:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7
[2011/05/02 22:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/02 22:06:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2011/05/02 21:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/05/02 20:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/05/02 12:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert Cochrane\Application Data\FixCleaner
[2011/05/02 12:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\FixCleaner
[2011/05/02 08:22:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/04/29 18:41:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Robert Cochrane\Recent
[2011/04/29 10:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2011/04/29 01:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/04/29 00:33:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/29 00:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/28 23:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/28 23:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/28 23:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/25 18:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2010/07/22 08:45:46 | 003,981,080 | R--- | C] (Adobe Systems, Inc.) -- C:\Documents and Settings\Robert Cochrane\Application Data\flash.ocx
[2006/12/12 09:59:08 | 000,184,320 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.MSXML2.dll
[2006/02/06 21:33:49 | 000,315,624 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dxwebsetup.exe
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\Robert Cochrane\My Documents\*.tmp files -> C:\Documents and Settings\Robert Cochrane\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Robert Cochrane\*.tmp files -> C:\Documents and Settings\Robert Cochrane\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/12 22:38:00 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EAFCC4A3-5822-45E3-B2BB-8E8EE9FAD6CA}.job
[2011/05/12 22:35:00 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C659FFEB-C370-4656-B4FB-224F8453793D}.job
[2011/05/12 22:34:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert Cochrane\Desktop\OTL.exe
[2011/05/12 21:46:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/12 20:25:00 | 000,446,918 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/05/12 20:25:00 | 000,074,040 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/05/12 20:22:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/05/12 20:22:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/12 20:21:01 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/05/12 20:20:37 | 000,000,322 | -HS- | M] () -- C:\WINDOWS\tasks\ydclunt.job
[2011/05/12 20:20:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/05/11 19:27:06 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\Epson Printer Software Downloader.job
[2011/05/08 18:20:37 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Robert Cochrane\Desktop\Microsoft Office Word 2007.lnk
[2011/05/08 09:56:37 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\Robert Cochrane\Desktop\pb17v9mo.exe
[2011/05/07 23:41:05 | 000,002,052 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/05/07 15:44:32 | 000,000,985 | ---- | M] () -- C:\Documents and Settings\Robert Cochrane\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/05/07 15:44:32 | 000,000,967 | ---- | M] () -- C:\Documents and Settings\Robert Cochrane\Desktop\Spybot - Search & Destroy.lnk
[2011/05/07 14:08:15 | 000,011,648 | -HS- | M] () -- C:\Documents and Settings\Robert Cochrane\Local Settings\Application Data\gr7757b6xy6463mva7e6s03fer2q610
[2011/05/07 14:08:15 | 000,011,648 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\gr7757b6xy6463mva7e6s03fer2q610
[2011/05/06 21:05:32 | 000,001,134 | ---- | M] () -- C:\Documents and Settings\Robert Cochrane\Desktop\FixNCR.reg
[2011/05/06 16:13:30 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/04 22:24:57 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\Robert Cochrane\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/04 22:24:57 | 000,000,758 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/04 22:02:07 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\Robert Cochrane\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/03 16:02:55 | 000,001,503 | ---- | M] () -- C:\Documents and Settings\Robert Cochrane\Desktop\Paint.lnk
[2011/05/02 21:42:19 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/02 21:01:51 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\EbDiDB1c3.dat
[2011/05/02 09:01:36 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Robert Cochrane\Desktop\iExplore.exe
[2011/05/02 08:56:45 | 000,014,170 | -HS- | M] () -- C:\Documents and Settings\Robert Cochrane\Local Settings\Application Data\673qqgg3ox1a8yad3bh8vu5cyhlrxkumu52af7
[2011/05/02 08:56:45 | 000,014,170 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\673qqgg3ox1a8yad3bh8vu5cyhlrxkumu52af7
[2011/05/01 14:21:34 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Robert Cochrane\Desktop\TDSSKiller.exe
[2011/04/30 21:17:47 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/25 19:47:58 | 000,143,644 | ---- | M] () -- C:\Documents and Settings\Robert Cochrane\Desktop\George Gershwin-Someone To Watch Over Me-Sheetzbox.pdf
[2011/04/15 12:38:39 | 000,236,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\Robert Cochrane\My Documents\*.tmp files -> C:\Documents and Settings\Robert Cochrane\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Robert Cochrane\*.tmp files -> C:\Documents and Settings\Robert Cochrane\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/08 09:56:36 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\Robert Cochrane\Desktop\pb17v9mo.exe
[2011/05/07 23:41:05 | 000,002,052 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/05/07 15:44:32 | 000,000,985 | ---- | C] () -- C:\Documents and Settings\Robert Cochrane\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/05/07 15:44:32 | 000,000,967 | ---- | C] () -- C:\Documents and Settings\Robert Cochrane\Desktop\Spybot - Search & Destroy.lnk
[2011/05/07 13:59:11 | 000,011,648 | -HS- | C] () -- C:\Documents and Settings\Robert Cochrane\Local Settings\Application Data\gr7757b6xy6463mva7e6s03fer2q610
[2011/05/07 13:59:11 | 000,011,648 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\gr7757b6xy6463mva7e6s03fer2q610
[2011/05/06 21:04:32 | 000,001,134 | ---- | C] () -- C:\Documents and Settings\Robert Cochrane\Desktop\FixNCR.reg
[2011/05/04 22:24:57 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\Robert Cochrane\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/04 22:24:57 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/04 22:24:57 | 000,000,758 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/02 21:10:05 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/02 16:33:01 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\EbDiDB1c3.dat
[2011/05/02 09:04:07 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Robert Cochrane\Desktop\iExplore.exe
[2011/05/02 07:09:13 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/05/02 07:02:57 | 000,014,170 | -HS- | C] () -- C:\Documents and Settings\Robert Cochrane\Local Settings\Application Data\673qqgg3ox1a8yad3bh8vu5cyhlrxkumu52af7
[2011/05/02 07:02:57 | 000,014,170 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\673qqgg3ox1a8yad3bh8vu5cyhlrxkumu52af7
[2011/04/30 21:17:34 | 000,001,917 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/04/29 08:09:42 | 000,000,322 | -HS- | C] () -- C:\WINDOWS\tasks\ydclunt.job
[2011/04/25 19:47:56 | 000,143,644 | ---- | C] () -- C:\Documents and Settings\Robert Cochrane\Desktop\George Gershwin-Someone To Watch Over Me-Sheetzbox.pdf
[2010/10/15 12:25:14 | 000,190,880 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/16 12:28:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/09/15 19:19:13 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/09/15 19:19:13 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/09/15 19:19:13 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/09/15 19:19:13 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/06/02 22:28:25 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Robert Cochrane\Application Data\$_hpcst$.hpc
[2009/12/25 10:33:27 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/12/25 10:33:27 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/10/20 20:39:00 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/19 20:32:34 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI
[2008/10/14 19:52:36 | 000,000,008 | ---- | C] () -- C:\WINDOWS\SAGE.INI
[2008/05/17 18:54:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\ASupplicant.dll
[2008/05/06 20:41:09 | 000,001,088 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/04/04 19:33:04 | 000,047,956 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/03/13 08:14:20 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\SgEData.dll
[2008/03/13 08:14:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SgELauncher.dll
[2008/03/13 08:14:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SgEEncrypt.dll
[2008/02/16 15:49:16 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/02/01 20:08:21 | 000,000,440 | ---- | C] () -- C:\WINDOWS\BeatBox.INI
[2008/02/01 19:04:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2008/02/01 19:03:08 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2008/02/01 19:01:13 | 000,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2007/12/27 19:56:17 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/12/27 19:51:10 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/12/27 19:51:10 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/12/27 19:51:10 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2007/12/27 19:51:10 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2007/12/27 19:51:10 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/12/27 19:51:10 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/12/27 19:51:09 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/12/27 19:51:09 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/12/27 19:51:09 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/12/27 19:51:09 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/12/27 19:51:09 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2007/12/27 19:51:09 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/12/27 19:51:09 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/12/27 19:51:09 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/12/27 19:51:09 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/12/27 19:48:25 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE RX700E.ini
[2007/12/04 14:22:58 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2007/12/04 14:20:38 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\SGSTDREG.dll
[2007/12/04 14:20:32 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\SGRegister.dll
[2007/09/22 10:35:03 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/09/22 10:35:03 | 000,192,512 | R--- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2007/09/22 10:35:03 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/08/10 12:05:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2007/05/17 18:29:35 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Multimedia manager.INI
[2007/05/09 19:59:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2007/05/09 19:58:49 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2006/11/20 14:44:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\SgDate.dll
[2006/10/09 07:05:47 | 000,001,112 | ---- | C] () -- C:\Documents and Settings\Robert Cochrane\Application Data\ViewerApp.dat
[2006/09/28 23:00:00 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2006/08/05 12:03:50 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Abac Karaoke.INI
[2006/04/20 16:50:56 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/02/18 09:18:01 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/02/05 19:35:30 | 000,001,928 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Real Audio Codec.dat
[2006/02/05 19:32:37 | 000,002,995 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBPowerAMP Real Audio Encoder R3.dat
[2006/02/05 19:17:53 | 000,002,515 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP DirectShow Decoder Codec.dat
[2006/02/05 19:14:15 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2005/08/31 17:41:56 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/06/05 14:45:06 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\impborl.dll
[2005/03/21 15:43:14 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\Install.exe
[2005/02/12 16:11:23 | 000,000,094 | -H-- | C] () -- C:\WINDOWS\System32\tlr_WAasw.ini
[2005/02/06 19:04:12 | 000,000,040 | ---- | C] () -- C:\WINDOWS\RSoftInfo.dat
[2004/12/12 12:38:35 | 000,062,772 | R--- | C] () -- C:\WINDOWS\System32\drivers\GPlus.bin
[2004/09/30 14:44:31 | 000,016,686 | ---- | C] () -- C:\WINDOWS\System32\popfil.dll
[2004/09/30 14:44:31 | 000,014,712 | ---- | C] () -- C:\WINDOWS\System32\tafil.dll
[2004/09/30 14:44:31 | 000,012,730 | ---- | C] () -- C:\WINDOWS\System32\psyfil.dll
[2004/09/30 14:44:31 | 000,012,240 | ---- | C] () -- C:\WINDOWS\System32\sporfil.dll
[2004/09/30 14:44:31 | 000,009,404 | ---- | C] () -- C:\WINDOWS\System32\pkmon.dll
[2004/09/30 14:44:31 | 000,006,810 | ---- | C] () -- C:\WINDOWS\System32\swfil.dll
[2004/09/30 14:44:31 | 000,006,050 | ---- | C] () -- C:\WINDOWS\System32\wrestfil.dll
[2004/09/30 14:44:31 | 000,002,246 | ---- | C] () -- C:\WINDOWS\System32\wzfil.dll
[2004/09/30 14:44:31 | 000,001,462 | ---- | C] () -- C:\WINDOWS\System32\tapfil.dll
[2004/09/30 14:44:31 | 000,000,724 | ---- | C] () -- C:\WINDOWS\System32\spmfil.dll
[2004/09/30 14:44:31 | 000,000,540 | ---- | C] () -- C:\WINDOWS\System32\srchfrgn.dll
[2004/09/30 14:44:30 | 000,020,678 | ---- | C] () -- C:\WINDOWS\System32\perfil.dll
[2004/09/30 14:44:30 | 000,017,370 | ---- | C] () -- C:\WINDOWS\System32\nvgamfil.dll
[2004/09/30 14:44:30 | 000,009,770 | ---- | C] () -- C:\WINDOWS\System32\gnfil.dll
[2004/09/30 14:44:30 | 000,008,652 | ---- | C] () -- C:\WINDOWS\System32\jbfil.dll
[2004/09/30 14:44:30 | 000,007,778 | ---- | C] () -- C:\WINDOWS\System32\movfil.dll
[2004/09/30 14:44:30 | 000,000,670 | ---- | C] () -- C:\WINDOWS\System32\mp3fil.dll
[2004/09/30 14:44:30 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\igefil.dll
[2004/09/30 14:44:30 | 000,000,116 | ---- | C] () -- C:\WINDOWS\System32\nfil.dll
[2004/09/30 14:44:30 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\macfil.dll
[2004/09/30 14:44:29 | 000,013,154 | ---- | C] () -- C:\WINDOWS\System32\finfil.dll
[2004/09/30 14:44:29 | 000,012,422 | ---- | C] () -- C:\WINDOWS\System32\entfil.dll
[2004/09/30 14:44:29 | 000,011,248 | ---- | C] () -- C:\WINDOWS\System32\fmfil.dll
[2004/09/30 14:44:29 | 000,007,642 | ---- | C] () -- C:\WINDOWS\System32\auctfil.dll
[2004/09/30 14:44:29 | 000,001,790 | ---- | C] () -- C:\WINDOWS\System32\csnews.dll
[2004/09/30 14:44:29 | 000,001,208 | ---- | C] () -- C:\WINDOWS\System32\fshrfil.dll
[2004/09/30 14:44:29 | 000,000,400 | ---- | C] () -- C:\WINDOWS\System32\bsnlst.dll
[2004/09/30 14:44:29 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\bnrfil.dll
[2004/09/30 14:29:18 | 000,056,464 | ---- | C] () -- C:\WINDOWS\System32\adwfil.dll
[2004/09/30 14:29:18 | 000,013,036 | ---- | C] () -- C:\WINDOWS\System32\gblfil.dll
[2004/09/30 14:29:18 | 000,010,644 | ---- | C] () -- C:\WINDOWS\System32\chtfil.dll
[2004/09/30 14:29:18 | 000,005,782 | ---- | C] () -- C:\WINDOWS\System32\vgamfil.dll
[2004/09/30 14:29:18 | 000,005,160 | ---- | C] () -- C:\WINDOWS\System32\wfileu.drv
[2004/09/30 14:29:18 | 000,004,572 | ---- | C] () -- C:\WINDOWS\System32\iawfil.dll
[2004/09/30 14:29:18 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\hatfil.dll
[2004/09/30 14:29:18 | 000,004,084 | ---- | C] () -- C:\WINDOWS\System32\viofil.dll
[2004/09/30 14:29:18 | 000,003,444 | ---- | C] () -- C:\WINDOWS\System32\srchin.dll
[2004/09/30 14:29:18 | 000,002,706 | ---- | C] () -- C:\WINDOWS\System32\lgwfil.dll
[2004/09/30 14:29:18 | 000,001,830 | ---- | C] () -- C:\WINDOWS\System32\cultfil.dll
[2004/09/30 14:29:18 | 000,001,482 | ---- | C] () -- C:\WINDOWS\System32\gdwfil.dll
[2004/09/30 14:29:18 | 000,000,496 | ---- | C] () -- C:\WINDOWS\System32\imgfil.dll
[2004/09/30 14:29:18 | 000,000,400 | ---- | C] () -- C:\WINDOWS\bsnlst.dll
[2004/09/30 14:29:18 | 000,000,306 | ---- | C] () -- C:\WINDOWS\System32\picsfil.dll
[2004/09/30 14:29:18 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\srchout.dll
[2004/09/30 14:29:10 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\mslspc.exe
[2004/09/30 14:29:10 | 000,000,027 | ---- | C] () -- C:\WINDOWS\liccyval.dat
[2004/09/23 19:33:27 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/22 19:22:01 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2004/09/22 18:49:15 | 000,000,194 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2004/09/06 20:52:34 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/08/04 08:56:42 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 08:56:42 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 08:56:42 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 08:56:42 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 08:56:42 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/05/26 07:31:33 | 001,152,060 | ---- | C] () -- C:\WINDOWS\kwv2.dat
[2004/05/25 18:10:22 | 000,000,699 | ---- | C] () -- C:\WINDOWS\E-REGTLC.INI
[2004/05/25 17:59:46 | 000,000,110 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2004/05/23 17:24:41 | 002,886,514 | -H-- | C] () -- C:\WINDOWS\kyf.dat.old
[2004/05/07 14:21:39 | 000,000,827 | ---- | C] () -- C:\WINDOWS\SGREP32.INI
[2004/05/05 13:42:02 | 000,002,621 | ---- | C] () -- C:\WINDOWS\Payroll.INI
[2004/05/05 08:04:19 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\SGList32.dll
[2004/05/05 08:04:19 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\SGTool32.dll
[2004/05/05 08:04:19 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\SGCDlg32.dll
[2004/05/05 08:04:19 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\SGLch32.dll
[2004/05/05 08:04:19 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeManager.dll
[2004/05/05 08:04:19 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\SGTBar32.dll
[2004/05/05 08:04:19 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHelp32.dll
[2004/05/05 08:04:19 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll
[2004/05/05 08:04:19 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\SGCom32.dll
[2004/05/05 08:04:19 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGIntl32.dll
[2004/05/05 08:04:19 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDt32.dll
[2004/05/05 08:04:19 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAppBar.dll
[2004/05/05 08:04:19 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.dll
[2004/05/05 08:04:19 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SgStat32.dll
[2004/05/05 08:04:19 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLogo32.dll
[2004/05/05 08:04:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\RepDes32.exe
[2004/05/05 08:04:18 | 001,716,224 | ---- | C] () -- C:\WINDOWS\System32\SGRep32.dll
[2004/04/12 10:33:00 | 000,000,242 | ---- | C] () -- C:\WINDOWS\HPFTBX14.INI
[2004/04/12 08:30:11 | 000,000,196 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/03/23 20:35:31 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/03/06 16:14:51 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/02/10 20:55:25 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/02/10 20:55:24 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2003/12/30 15:01:50 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2003/12/20 18:45:34 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2003/12/20 18:45:26 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/12/20 18:44:34 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/12/20 11:52:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/11/04 19:09:24 | 000,122,880 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2003/09/22 22:10:00 | 000,000,098 | ---- | C] () -- C:\WINDOWS\7thlevel.ini
[2003/09/14 08:31:44 | 005,317,584 | ---- | C] () -- C:\Program Files\DivX51Bundle.exe
[2003/09/14 08:17:52 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Robert Cochrane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/09/13 18:16:08 | 000,048,954 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/09/11 11:24:10 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\SDOApp.dll
[2003/09/10 17:32:06 | 000,000,511 | ---- | C] () -- C:\WINDOWS\qtw.ini
[2003/09/10 15:24:43 | 000,000,585 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/09/04 23:46:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/09/04 23:43:31 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/09/04 23:38:57 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/09/04 23:29:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2003/09/04 23:27:30 | 000,446,918 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2003/09/04 23:27:30 | 000,074,040 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2003/09/04 23:14:54 | 000,000,477 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/08/19 07:53:52 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXP.dll
[2003/08/19 07:53:46 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeDefault.dll
[2003/08/19 07:51:52 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2003/07/22 11:09:05 | 000,034,864 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2003/07/22 07:37:06 | 000,000,015 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2003/07/22 04:03:04 | 000,149,504 | ---- | C] () -- C:\WINDOWS\System32\CETNUASM.DLL
[2003/07/22 03:53:19 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2002/11/01 17:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/10/06 22:42:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggds.dll
[2002/09/03 18:17:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 18:16:59 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/09/03 17:52:01 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/03 17:51:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/03 17:41:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/03 17:41:43 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/03 17:32:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/09/03 17:30:33 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/09/03 09:05:08 | 000,236,760 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 08:59:14 | 000,004,317 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 08:56:30 | 000,022,776 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/08/29 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/07/04 16:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/04/16 11:27:54 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\CdI5T.drv
[2001/12/14 14:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2000/07/27 02:13:02 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1998/09/25 10:42:04 | 000,126,464 | ---- | C] () -- C:\WINDOWS\System32\HPFcfg14.exe
[1998/09/25 10:41:34 | 000,004,404 | ---- | C] () -- C:\WINDOWS\System32\HPFlnk14.ini
[1998/09/25 10:41:32 | 000,119,808 | ---- | C] () -- C:\WINDOWS\System32\HPFlnk14.exe
[1998/09/25 10:39:30 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\HPFtbx14.exe
[1998/09/25 10:36:00 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\HPFhid14.exe
[1998/09/25 10:34:28 | 000,152,064 | ---- | C] () -- C:\WINDOWS\System32\HPFdat14.dll
[1998/09/25 10:32:22 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\HPFscp14.dll
[1998/09/25 10:21:26 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\HPFhrl14.dll
[1998/09/25 10:21:22 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\HPFsrl14.dll
[1998/09/25 10:21:18 | 000,297,472 | ---- | C] () -- C:\WINDOWS\System32\HPFmrl14.dll
[1998/09/25 10:21:12 | 001,080,320 | ---- | C] () -- C:\WINDOWS\System32\HPFtrl14.dll
[1998/09/25 10:16:28 | 000,194,048 | ---- | C] () -- C:\WINDOWS\System32\HPFcps14.dll
[1998/09/25 10:16:00 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\HPF24r14.dll
[1998/09/25 10:14:48 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\HPFtst14.dll
[1998/09/25 10:07:30 | 000,395,264 | ---- | C] () -- C:\WINDOWS\System32\HPFui14.dll
[1998/09/25 10:02:00 | 000,187,904 | ---- | C] () -- C:\WINDOWS\System32\HPFwin14.dll
[1998/09/25 09:58:46 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\HPFmon14.dll
[1998/09/25 09:58:08 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\HPFcbl14.dll
[1998/09/25 09:56:00 | 000,033,384 | ---- | C] () -- C:\WINDOWS\System32\HPFiop14.dll
[1998/09/25 09:55:48 | 000,069,284 | ---- | C] () -- C:\WINDOWS\System32\HPFpml14.dll
[1998/09/25 09:55:42 | 000,137,232 | ---- | C] () -- C:\WINDOWS\System32\HPFmlc14.dll
[1998/09/25 09:55:36 | 000,057,240 | ---- | C] () -- C:\WINDOWS\System32\HPFmem14.dll
[1998/09/25 09:55:30 | 000,048,292 | ---- | C] () -- C:\WINDOWS\System32\HPFlpm14.dll
[1998/09/25 09:55:20 | 000,072,368 | ---- | C] () -- C:\WINDOWS\System32\HPFcom14.dll
[1998/09/25 09:54:28 | 000,052,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\HPFecp14.sys
[1998/09/25 09:53:40 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\HPFrsu14.dll
[1998/09/25 09:53:10 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\HPFrsa14.dll
[1998/09/25 09:48:44 | 001,777,664 | ---- | C] () -- C:\WINDOWS\System32\HPFimg14.dll
[1998/09/25 09:45:34 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\HPFcnt14.dll
[1998/09/23 22:42:40 | 000,035,328 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[1998/03/26 01:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SgHmZLib.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1980/01/01 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

And finally, my Extras.txt :

OTL Extras logfile created on: 12/05/2011 22:34:28 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Robert Cochrane\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 10.31 Gb Free Space | 9.23% Space Free | Partition Type: NTFS
Drive E: | 38.28 Gb Total Space | 5.18 Gb Free Space | 13.53% Space Free | Partition Type: NTFS

Computer Name: FAMILY | User Name: Robert Cochrane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-3435812428-418490181-440653411-1007\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" /S
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\Cyb2k.exe" = C:\WINDOWS\Cyb2k.exe:*:Enabled:CYBERsitter Control Panel
"C:\Program Files\Kazaa Lite K++\KazaaLite.kpp" = C:\Program Files\Kazaa Lite K++\KazaaLite.kpp:*:Enabled:KazaaLite
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealOne Player -- (RealNetworks, Inc.)
"C:\Program Files\BAMZOOKi Zook Kit\Bonsai.exe" = C:\Program Files\BAMZOOKi Zook Kit\Bonsai.exe:*:Enabled:Bonsai
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Documents and Settings\Karen Cochrane\Local Settings\Temp\Rar$EX01.562\dplaysvr.exe" = C:\Documents and Settings\Karen Cochrane\Local Settings\Temp\Rar$EX01.562\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Server
"C:\WINDOWS\SYSTEM32\dpvsetup.exe" = C:\WINDOWS\SYSTEM32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
"C:\Program Files\CyberBuddy\CyberBud.exe" = C:\Program Files\CyberBuddy\CyberBud.exe:*:Enabled:CyberBuddy
"C:\Documents and Settings\Karen Cochrane\Desktop\Phone\Skype.exe" = C:\Documents and Settings\Karen Cochrane\Desktop\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service
"C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe" = C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe:*:Disabled:svchost
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Documents and Settings\Lewis Cochrane\Desktop\SSttuuff\spotify.exe" = C:\Documents and Settings\Lewis Cochrane\Desktop\SSttuuff\spotify.exe:*:Enabled:Spotify
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server
"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\SAGENT4.EXE" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\SAGENT4.EXE:*:Enabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"C:\Program Files\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe" = C:\Program Files\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe:*:Enabled:EpsonNet Setup -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Standard
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{1047106F-3AED-4661-B919-6D377BF641CF}" = RangeMax™ NEXT Wireless Adapter WN311B
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1E460998-5C2C-4ACF-A9AA-3629BD9C06C2}" = Samsung PC Studio
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = Series II MIDI
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{401442B8-3186-4453-B223-A3519DBA33D2}" = Payroll for Windows
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}" = EPSON Easy Photo Print
"{5F82271E-DFBE-405B-9C10-1B4E66C6E12E}" = iPod 2 iPod
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}" = Microsoft Outlook Web Access S/MIME
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EE72D39-DE32-4069-9E72-C1974546EFDD}" = RuneScape Launcher 1.0.2
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_BASICR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2F67EA3-0721-4E0D-A7B9-AE8F321303AF}" = D-Link AirPlus XtremeG+ Wireless LAN Adapter
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C797EAF2-707A-4239-BDF3-F2672314A734}" = First Step Guide
"{C7DD90E2-61F6-47F7-ADB3-8A61088F1F12}" = Sibelius Scorch (ActiveX Only)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD0159C9-17FB-11D6-A76A-00B0D079AF64}" = Java 2 Runtime Environment, SE v1.4.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D3AA158A-9421-4883-8767-E771B0964A1D}" = ImageMixer VCD for FinePix
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}" = ImageMixer VCD2
"{FD04987D-96A6-4FE1-813B-82B77B8B809C}" = EPSON PRINT Image Framer Tool
"{FDB696BE-F637-4435-B48E-3623D4521B8E}" = Payroll for Windows
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"4142-5230-3826-1062" = myPhoneDesktop 1.4.1
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Ad-aware 6 Personal" = Ad-aware 6 Personal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"America Online uk" = AOL UK
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BASICR" = Microsoft Office Basic 2007
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702" = Conexant SmartHSFi V92 56K Speakerphone PCI Modem
"dBpowerAMP DirectShow Decoder Codec" = dBpowerAMP DirectShow Decoder Codec
"dBpowerAMP Real Audio Codec" = dBpowerAMP Real Audio Codec
"dBPowerAMP Real Audio Encoder R3" = dBPowerAMP Real Audio Encoder R3
"DivX Codec" = DivX Codec
"DivX Player" = DivX Player
"EPSON Printer and Utilities" = EPSON Printer Software
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"EPSON PX710W Series" = EPSON PX710W Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW User’s Guide" = Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Manual
"ESET Online Scanner" = ESET Online Scanner v3
"ESPRX700 User's Guide" = ESPRX700 User's Guide
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.81
"Fuji Internet Printing" = Fuji Internet Printing
"Getting Ready for School" = Getting Ready for School
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP DeskJet 720C Series" = HP DeskJet 720C Series (Remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IKEA Home Planner Office" = IKEA Home Planner Office
"IL Download Manager" = IL Download Manager
"InnoUninst" = i-Sound WMA MP3 Recorder
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InterActual Player" = InterActual Player
"Java Web Start" = Java Web Start
"Joboshare DVD to MP4 Converter" = Joboshare DVD to MP4 Converter
"Learning Ladder Years 1 & 2" = Learning Ladder Years 1 & 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network Play System (Patching)" = Network Play System (Patching)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"PoiZone" = PoiZone
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer
"RM to MP3 Converter_is1" = RM to MP3 Converter 1.48
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Sawer" = Sawer
"Shockwave" = Shockwave
"Spotify" = Spotify
"Tansee iPod Transfer_is1" = Tansee iPod Transfer v5.0
"The Three Little Pigs" = The Three Little Pigs
"TightVNC_is1" = TightVNC 1.2.9
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/05/2011 20:04:32 | Computer Name = FAMILY | Source = MSDTC | ID = 4163
Description = MS DTC log file not found. After ensuring that all Resource Managers
coordinated by MS DTC have no indoubt transactions, please run msdtc -resetlog
to create the log fil

Error - 11/05/2011 20:04:32 | Computer Name = FAMILY | Source = MSDTC | ID = 4185
Description = MS DTC Transaction Manager start failed. LogInit returned error 0x

Error - 11/05/2011 20:04:32 | Computer Name = FAMILY | Source = MSDTC | ID = 4112
Description = Could not start the MS DTC Transaction Manage

Error - 11/05/2011 21:46:44 | Computer Name = FAMILY | Source = MSDTC | ID = 4163
Description = MS DTC log file not found. After ensuring that all Resource Managers
coordinated by MS DTC have no indoubt transactions, please run msdtc -resetlog
to create the log fil

Error - 11/05/2011 21:46:44 | Computer Name = FAMILY | Source = MSDTC | ID = 4185
Description = MS DTC Transaction Manager start failed. LogInit returned error 0x

Error - 11/05/2011 21:46:44 | Computer Name = FAMILY | Source = MSDTC | ID = 4112
Description = Could not start the MS DTC Transaction Manage

Error - 11/05/2011 23:11:14 | Computer Name = FAMILY | Source = MSDTC | ID = 4163
Description = MS DTC log file not found. After ensuring that all Resource Managers
coordinated by MS DTC have no indoubt transactions, please run msdtc -resetlog
to create the log fil

Error - 11/05/2011 23:11:14 | Computer Name = FAMILY | Source = MSDTC | ID = 4185
Description = MS DTC Transaction Manager start failed. LogInit returned error 0x

Error - 11/05/2011 23:11:14 | Computer Name = FAMILY | Source = MSDTC | ID = 4112
Description = Could not start the MS DTC Transaction Manage

Error - 12/05/2011 12:51:20 | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 02/04/2011 02:31:12 | Computer Name = FAMILY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 22/04/2011 04:24:32 | Computer Name = FAMILY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/05/2011 21:46:44 | Computer Name = FAMILY | Source = Service Control Manager | ID = 7024
Description = The Distributed Transaction Coordinator service terminated with service-specific
error 3221229584 (0xC0001010).

Error - 11/05/2011 23:11:14 | Computer Name = FAMILY | Source = Service Control Manager | ID = 7024
Description = The Distributed Transaction Coordinator service terminated with service-specific
error 3221229584 (0xC0001010).

Error - 12/05/2011 14:15:02 | Computer Name = FAMILY | Source = Service Control Manager | ID = 7000
Description = The SYMTDI service failed to start due to the following error: %%2

Error - 12/05/2011 14:15:16 | Computer Name = FAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error - 12/05/2011 14:17:55 | Computer Name = FAMILY | Source = EventLog | ID = 6004
Description = A driver packet received from the I/O subsystem was invalid. The
data is the packet.

Error - 12/05/2011 14:17:54 | Computer Name = FAMILY | Source = EventLog | ID = 6004
Description = A driver packet received from the I/O subsystem was invalid. The
data is the packet.

Error - 12/05/2011 14:32:51 | Computer Name = FAMILY | Source = Service Control Manager | ID = 7000
Description = The SYMTDI service failed to start due to the following error: %%2

Error - 12/05/2011 14:33:02 | Computer Name = FAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error - 12/05/2011 15:21:06 | Computer Name = FAMILY | Source = Service Control Manager | ID = 7000
Description = The SYMTDI service failed to start due to the following error: %%2

Error - 12/05/2011 15:21:19 | Computer Name = FAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

< End of report >

Machine is running as it has been ie a bit sluggish, Windows updates are still disabled (so security shield is red with a cross in bottom right corner). Let me know what you recommend and thanks again

SentinelX

#4 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 12 May 2011 - 04:57 PM

Hi SentinelX!

Quote

Hi SweetTech and greetings from London!

Greetings! How do you like living in London? What's the best thing about living there?

____________________________________________________

Disable SpyBot TeaTimer
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.

Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
If prompted with a legal dialog, accept the warning.
Click and then on "Advanced Mode"
You may be presented with a warning dialog. If so, press
Click on
Click on
Uncheck this checkbox:
Close/Exit Spybot Search and Destroy

NEXT:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:OTL
SRV - File not found [Disabled | Stopped] -- -- (SurfPass)
SRV - File not found [On_Demand | Stopped] -- -- (RoxLiveShare9)
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - No CLSID value found.
O3 - HKU\S-1-5-21-3435812428-418490181-440653411-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3435812428-418490181-440653411-1007\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3435812428-418490181-440653411-1007\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - No CLSID value found.
O4 - HKLM..\Run: [wmupdater] File not found
O12 - Plugin for: .spop - File not found
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {9C3E8350-5873-4D8E-A1D4-DCB9E885E86D} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab (Java Plug-in 1.4.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\Robert Cochrane\My Documents\*.tmp files -> C:\Documents and Settings\Robert Cochrane\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Robert Cochrane\*.tmp files -> C:\Documents and Settings\Robert Cochrane\*.tmp -> ]
[2011/05/12 20:20:37 | 000,000,322 | -HS- | M] () -- C:\WINDOWS\tasks\ydclunt.job
[2011/05/07 14:08:15 | 000,011,648 | -HS- | M] () -- C:\Documents and Settings\Robert Cochrane\Local Settings\Application Data\gr7757b6xy6463mva7e6s03fer2q610
[2011/05/07 14:08:15 | 000,011,648 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\gr7757b6xy6463mva7e6s03fer2q610
[2011/05/02 21:01:51 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\EbDiDB1c3.dat
[2011/05/02 08:56:45 | 000,014,170 | -HS- | M] () -- C:\Documents and Settings\Robert Cochrane\Local Settings\Application Data\673qqgg3ox1a8yad3bh8vu5cyhlrxkumu52af7
[2011/05/02 08:56:45 | 000,014,170 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\673qqgg3ox1a8yad3bh8vu5cyhlrxkumu52af7
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\Robert Cochrane\My Documents\*.tmp files -> C:\Documents and Settings\Robert Cochrane\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Robert Cochrane\*.tmp files -> C:\Documents and Settings\Robert Cochrane\*.tmp -> ]
[2011/05/08 09:56:36 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\Robert Cochrane\Desktop\pb17v9mo.exe
[2011/05/07 13:59:11 | 000,011,648 | -HS- | C] () -- C:\Documents and Settings\Robert Cochrane\Local Settings\Application Data\gr7757b6xy6463mva7e6s03fer2q610
[2011/05/07 13:59:11 | 000,011,648 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\gr7757b6xy6463mva7e6s03fer2q610
[2011/05/02 16:33:01 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\EbDiDB1c3.dat
[2011/05/02 07:02:57 | 000,014,170 | -HS- | C] () -- C:\Documents and Settings\Robert Cochrane\Local Settings\Application Data\673qqgg3ox1a8yad3bh8vu5cyhlrxkumu52af7
[2011/05/02 07:02:57 | 000,014,170 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\673qqgg3ox1a8yad3bh8vu5cyhlrxkumu52af7
[2011/04/29 08:09:42 | 000,000,322 | -HS- | C] () -- C:\WINDOWS\tasks\ydclunt.job

:Reg

:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

Running aswMBR.exe

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it.

Click the "Scan" button to start scan.

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply.

Posted Image

NEXT:

What issues are you currently experiencing with your computer?

#5 SentinelX

New Member

Group: Members
Posts: 9
Joined: 08-May 11

Posted 13 May 2011 - 03:03 PM

Hi there
Sorry for the slow response, went to bed and just got back from work again. London is great, we're on the outskirts now (schools, kids etc) but I still go into the City a lot. You?

Here's those logs:

========== SERVICES/DRIVERS ==========
========== OTL ==========
Service SurfPass stopped successfully!
Service SurfPass deleted successfully!
Service RoxLiveShare9 stopped successfully!
Service RoxLiveShare9 deleted successfully!
Prefs.js: "localhost,127.0.0.1" removed from network.proxy.no_proxies_on
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D}\ not found.
Registry value HKEY_USERS\S-1-5-21-3435812428-418490181-440653411-1007\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-3435812428-418490181-440653411-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-3435812428-418490181-440653411-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wmupdater deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\.spop\ deleted successfully.
Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {9C3E8350-5873-4D8E-A1D4-DCB9E885E86D}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9C3E8350-5873-4D8E-A1D4-DCB9E885E86D}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9C3E8350-5873-4D8E-A1D4-DCB9E885E86D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C3E8350-5873-4D8E-A1D4-DCB9E885E86D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9C3E8350-5873-4D8E-A1D4-DCB9E885E86D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C3E8350-5873-4D8E-A1D4-DCB9E885E86D}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\CDBurn deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\ not found.
C:\WINDOWS\002384_.tmp deleted successfully.
C:\WINDOWS\005627_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET6C.tmp deleted successfully.
C:\WINDOWS\SET77.tmp deleted successfully.
C:\WINDOWS\SET81.tmp deleted successfully.
C:\WINDOWS\SET8C.tmp deleted successfully.
C:\WINDOWS\SET9F.tmp deleted successfully.
C:\WINDOWS\SETAA.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET59.tmp deleted successfully.
C:\WINDOWS\System32\SET65.tmp deleted successfully.
C:\Documents and Settings\Robert Cochrane\My Documents\~WRL0003.tmp deleted successfully.
C:\Documents and Settings\Robert Cochrane\My Documents\~WRL1153.tmp deleted successfully.
C:\Documents and Settings\Robert Cochrane\My Documents\~WRL1319.tmp deleted successfully.
C:\Documents and Settings\Robert Cochrane\ntuser.tmp deleted successfully.
C:\WINDOWS\tasks\ydclunt.job moved successfully.
C:\Documents and Settings\Robert Cochrane\Local Settings\Application Data\gr7757b6xy6463mva7e6s03fer2q610 moved successfully.
C:\Documents and Settings\All Users\Application Data\gr7757b6xy6463mva7e6s03fer2q610 moved successfully.
C:\Documents and Settings\All Users\Application Data\EbDiDB1c3.dat moved successfully.
C:\Documents and Settings\Robert Cochrane\Local Settings\Application Data\673qqgg3ox1a8yad3bh8vu5cyhlrxkumu52af7 moved successfully.
C:\Documents and Settings\All Users\Application Data\673qqgg3ox1a8yad3bh8vu5cyhlrxkumu52af7 moved successfully.
C:\Documents and Settings\Robert Cochrane\Desktop\pb17v9mo.exe moved successfully.
File C:\Documents and Settings\Robert Cochrane\Local Settings\Application Data\gr7757b6xy6463mva7e6s03fer2q610 not found.
File C:\Documents and Settings\All Users\Application Data\gr7757b6xy6463mva7e6s03fer2q610 not found.
File C:\Documents and Settings\All Users\Application Data\EbDiDB1c3.dat not found.
File C:\Documents and Settings\Robert Cochrane\Local Settings\Application Data\673qqgg3ox1a8yad3bh8vu5cyhlrxkumu52af7 not found.
File C:\Documents and Settings\All Users\Application Data\673qqgg3ox1a8yad3bh8vu5cyhlrxkumu52af7 not found.
File C:\WINDOWS\tasks\ydclunt.job not found.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Robert Cochrane\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Robert Cochrane\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
Unable to start service SrService!

[EMPTYFLASH]

User: Administrator

User: All Users

User: Beau Cochrane
->Flash cache emptied: 7880 bytes

User: Default User
->Flash cache emptied: 41703 bytes

User: Ellie Cochrane
->Flash cache emptied: 54878 bytes

User: Guest
->Flash cache emptied: 300 bytes

User: Karen Cochrane
->Flash cache emptied: 6751 bytes

User: Lewis Cochrane

User: LocalService
->Flash cache emptied: 59731 bytes

User: NetworkService
->Flash cache emptied: 40942 bytes

User: Robert Cochrane
->Flash cache emptied: 1983 bytes

User: TEMP

User: TEMP.FAMILY

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 05132011_185752

aswMBR Log
aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-13 20:56:52
-----------------------------
20:56:52.812 OS Version: Windows 5.1.2600 Service Pack 3
20:56:52.812 Number of processors: 1 586 0x209
20:56:52.812 ComputerName: FAMILY UserName:
20:56:54.640 Initialize success
20:57:11.046 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
20:57:11.046 Disk 0 Vendor: Maxtor_6E040L0 NAR61EA0 Size: 39205MB BusType: 3
20:57:11.046 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-17
20:57:11.046 Disk 1 Vendor: ST3120026AS 8.05 Size: 114440MB BusType: 3
20:57:13.046 Disk 1 MBR read successfully
20:57:13.046 Disk 1 MBR scan
20:57:13.046 Disk 1 Windows XP default MBR code
20:57:15.046 Disk 1 scanning sectors +234372285
20:57:15.062 Disk 1 scanning C:\WINDOWS\system32\drivers
20:57:27.437 Service scanning
20:57:30.796 Disk 1 trace - called modules:
20:57:30.812 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
20:57:30.812 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8ad76ab8]
20:57:30.812 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8add3d98]
20:57:30.812 Scan finished successfully
20:57:58.406 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Robert Cochrane\Desktop\MBR.dat"
20:57:58.406 The log file has been saved successfully to "C:\Documents and Settings\Robert Cochrane\Desktop\aswMBR.txt"

Machine still apparantly running the same, although haven't rebooted as it wasn't required. Hasn't slowed down. "seems" fine except for ever-present red MX shield in the bottom right.

over to you

#6 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 13 May 2011 - 03:22 PM

Hi!

That sounds like a nice place to live! Things in the United States are boring.

Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

#7 SentinelX

New Member

Group: Members
Posts: 9
Joined: 08-May 11

Posted 13 May 2011 - 04:26 PM

OK that was a little interesting. CF was convinced that AntiVir was running and listed the services, even tho I had disabled it. So I rebooted and tries again. Same message. Right then, I unstalled AntiVir, restarted. Nope CF thought I still had it running. Er, ok, go ahead at my own risk then...
So, it ran and here is the log, hope it's ok!

and the US - Boring? Maybe you need to move ;-)

ComboFix 11-05-13.01 - Robert Cochrane 13/05/2011 22:08:17.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2097 [GMT 1:00]
Running from: c:\documents and settings\Robert Cochrane\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00D2-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00EB-0D24-347CA8A3377C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\asfd23f.BIN
c:\asfd23f.bin\config.bin
c:\documents and settings\Ellie Cochrane\WINDOWS
c:\documents and settings\Karen Cochrane\WINDOWS
c:\documents and settings\Lewis Cochrane\WINDOWS
c:\documents and settings\Robert Cochrane\WINDOWS
C:\test.txt
c:\windows\patch.exe
c:\windows\system\oeminfo.ini
c:\windows\system32\install.exe
c:\windows\system32\Install.txt
c:\windows\system32\logs
.
.
((((((((((((((((((((((((( Files Created from 2011-04-13 to 2011-05-13 )))))))))))))))))))))))))))))))
.
.
2011-05-13 17:57 . 2011-05-13 17:57 -------- d-----w- C:\_OTL
2011-05-11 15:52 . 2011-05-11 15:52 -------- d-----w- c:\documents and settings\Beau Cochrane\Application Data\Malwarebytes
2011-05-07 14:44 . 2011-05-07 14:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-05 18:17 . 2011-05-05 18:17 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-05-04 21:25 . 2011-05-04 21:25 -------- d-----w- c:\documents and settings\Robert Cochrane\Local Settings\Application Data\Mozilla
2011-05-04 20:54 . 2011-05-04 20:56 -------- dc-h--w- c:\windows\ie8
2011-05-02 21:20 . 2011-05-02 21:20 -------- d-----w- c:\program files\ESET
2011-05-02 21:06 . 2011-05-02 21:16 -------- d-----w- c:\windows\BDOSCAN8
2011-05-02 20:10 . 2011-05-02 20:42 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-02 20:09 . 2011-05-02 20:09 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-05-02 19:15 . 2011-05-02 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-05-02 11:18 . 2011-05-02 19:18 -------- d-----w- c:\documents and settings\Robert Cochrane\Application Data\FixCleaner
2011-05-02 11:18 . 2011-05-03 05:26 -------- d-----w- c:\program files\FixCleaner
2011-04-29 17:04 . 2011-04-29 17:04 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-29 00:57 . 2011-04-29 00:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-04-28 22:07 . 2011-04-28 22:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-04-25 17:03 . 2011-04-25 17:03 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-04-14 02:39 . 2011-04-14 02:39 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2004-06-07 13:19 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 13:21 . 2002-09-03 17:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 13:18 . 2002-09-03 16:42 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2002-09-03 17:04 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-16 07:00 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2002-09-03 16:27 290432 ----a-w- c:\windows\system32\atmfd.dll
2006-02-06 20:34 . 2006-02-06 20:33 315624 ----a-w- c:\program files\dxwebsetup.exe
2003-09-14 07:31 . 2003-09-14 07:31 5317584 ----a-w- c:\program files\DivX51Bundle.exe
2011-04-14 16:26 . 2011-05-04 21:24 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-08 68856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-04-24 4616192]
"EPSON Stylus Photo RX700 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9IE.EXE" [2004-11-10 98304]
"AS00_WN311B"="c:\program files\NETGEAR\WN311B\Utility\WN311B.exe" [2007-06-15 1323008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Robert Cochrane\Start Menu\Programs\Startup\
myPhoneDesktop.lnk - c:\program files\myPhoneDesktop\bin\myPhoneDesktop.exe [2010-7-26 181248]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool09\\ENEasyApp.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\SYSTEM32\AWINDIS5.SYS [17/05/2008 18:54 16194]
S1 SASKUTIL;SASKUTIL; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/01/2010 20:13 135664]
S2 HPFECP14;HPFECP14;c:\windows\SYSTEM32\DRIVERS\HPFecp14.sys [25/09/1998 09:54 52800]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\SYSTEM32\DNINDIS5.sys [22/09/2007 10:35 17149]
S3 dsreader;MaxDrive Driver (dsreader.sys);c:\windows\SYSTEM32\DRIVERS\dsreader.sys [02/01/2001 23:53 19677]
S3 efipsk;efipsk; [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\SYSTEM32\FsUsbExDisk.Sys [25/12/2009 10:33 36608]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [30/01/2010 20:13 135664]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\SYSTEM32\DRIVERS\hitmanpro35.sys [02/05/2011 21:10 16968]
S3 TNET1130;D-Link AirPlus XtremeG+ Wireless Adapter;c:\windows\SYSTEM32\DRIVERS\GPlus.sys [12/12/2004 12:38 162313]
S3 UKS11LDR;M-Audio USB Keystation Loader; [x]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [03/09/2002 18:05 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-13 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 10:43]
.
2011-05-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-04 13:15]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 19:13]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 19:13]
.
2011-05-13 c:\windows\Tasks\User_Feed_Synchronization-{C659FFEB-C370-4656-B4FB-224F8453793D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
2011-05-13 c:\windows\Tasks\User_Feed_Synchronization-{EAFCC4A3-5822-45E3-B2BB-8E8EE9FAD6CA}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: lloydstsb.co.uk
DPF: {E33968CE-FF77-4DC3-A052-2921C0D60177} - hxxps://www.remotecontrol26.co.uk/DMS%20Website/Kiosk/Bootstrap270/2.7.1.151/BootstrapXP.cab
FF - ProfilePath - c:\documents and settings\Robert Cochrane\Application Data\Mozilla\Firefox\Profiles\9wc6du4m.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.msn.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Photoshop 7.0 - c:\program files\Adobe\Photoshop 7.0\Uninst.isu
AddRemove-SAMSUNG Mobile Modem - c:\windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
AddRemove-Samsung Mobile Modem Device - c:\windows\system32\Samsung_USB_Drivers\7\SSECUninstall.exe
AddRemove-Samsung Mobile phone USB driver - c:\windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
AddRemove-SAMSUNG Mobile USB Modem - c:\windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
AddRemove-SAMSUNG Mobile USB Modem 1.0 - c:\windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
AddRemove-Spotify - c:\documents and settings\Lewis Cochrane\Desktop\SSttuuff\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-13 22:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-05-13 22:20:37
ComboFix-quarantined-files.txt 2011-05-13 21:20
.
Pre-Run: 11,067,879,424 bytes free
Post-Run: 12,290,560,000 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - A55C4F49AFD4C00E159F84E7704D4F95

#8 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 13 May 2011 - 05:45 PM

Hi!

Quote

Yeah, that's fine. Sometimes AV programs don't get removed all the way. I'm going to have you run a script that should remove the leftovers from Avira.

Quote

and the US - Boring? Maybe you need to move ;-)

Would you suggest living in London?

ComboFix Script

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
SecCenter::
{00000000-0000-0000-0000-000000000000}
{804E5358-FFA4-00D2-0D24-347CA8A3377C}
{804E5358-FFA4-00DA-0D24-347CA8A3377C}
{804E5358-FFA4-00EB-0D24-347CA8A3377C}

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you.
Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT:

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform quick scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT:

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
- Enable Anti-Stealth technology
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

NEXT:

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

#9 SentinelX

New Member

Group: Members
Posts: 9
Joined: 08-May 11

Posted 14 May 2011 - 04:56 AM

Hello!

Combo fix was still complaining about the AntiVir being open after running the script... :-/

ComboFix 11-05-13.02 - Robert Cochrane 14/05/2011 7:42.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2104 [GMT 1:00]
Running from: c:\documents and settings\Robert Cochrane\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Robert Cochrane\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-04-14 to 2011-05-14 )))))))))))))))))))))))))))))))
.
.
2011-05-13 17:57 . 2011-05-13 17:57 -------- d-----w- C:\_OTL
2011-05-11 15:52 . 2011-05-11 15:52 -------- d-----w- c:\documents and settings\Beau Cochrane\Application Data\Malwarebytes
2011-05-07 14:44 . 2011-05-07 14:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-05 18:17 . 2011-05-05 18:17 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-05-04 21:25 . 2011-05-04 21:25 -------- d-----w- c:\documents and settings\Robert Cochrane\Local Settings\Application Data\Mozilla
2011-05-04 20:54 . 2011-05-04 20:56 -------- dc-h--w- c:\windows\ie8
2011-05-02 21:20 . 2011-05-02 21:20 -------- d-----w- c:\program files\ESET
2011-05-02 21:06 . 2011-05-02 21:16 -------- d-----w- c:\windows\BDOSCAN8
2011-05-02 20:10 . 2011-05-02 20:42 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-02 20:09 . 2011-05-02 20:09 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-05-02 19:15 . 2011-05-02 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-05-02 11:18 . 2011-05-02 19:18 -------- d-----w- c:\documents and settings\Robert Cochrane\Application Data\FixCleaner
2011-05-02 11:18 . 2011-05-03 05:26 -------- d-----w- c:\program files\FixCleaner
2011-04-29 17:04 . 2011-04-29 17:04 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-29 00:57 . 2011-04-29 00:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-04-28 22:07 . 2011-04-28 22:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-04-25 17:03 . 2011-04-25 17:03 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2004-06-07 13:19 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 13:21 . 2002-09-03 17:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 13:18 . 2002-09-03 16:42 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2002-09-03 17:04 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-16 07:00 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2002-09-03 16:27 290432 ----a-w- c:\windows\system32\atmfd.dll
2006-02-06 20:34 . 2006-02-06 20:33 315624 ----a-w- c:\program files\dxwebsetup.exe
2003-09-14 07:31 . 2003-09-14 07:31 5317584 ----a-w- c:\program files\DivX51Bundle.exe
2011-04-14 16:26 . 2011-05-04 21:24 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-08 68856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-04-24 4616192]
"EPSON Stylus Photo RX700 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9IE.EXE" [2004-11-10 98304]
"AS00_WN311B"="c:\program files\NETGEAR\WN311B\Utility\WN311B.exe" [2007-06-15 1323008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Robert Cochrane\Start Menu\Programs\Startup\
myPhoneDesktop.lnk - c:\program files\myPhoneDesktop\bin\myPhoneDesktop.exe [2010-7-26 181248]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool09\\ENEasyApp.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\SYSTEM32\AWINDIS5.SYS [17/05/2008 18:54 16194]
S1 SASKUTIL;SASKUTIL; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/01/2010 20:13 135664]
S2 HPFECP14;HPFECP14;c:\windows\SYSTEM32\DRIVERS\HPFecp14.sys [25/09/1998 09:54 52800]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\SYSTEM32\DNINDIS5.sys [22/09/2007 10:35 17149]
S3 dsreader;MaxDrive Driver (dsreader.sys);c:\windows\SYSTEM32\DRIVERS\dsreader.sys [02/01/2001 23:53 19677]
S3 efipsk;efipsk; [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\SYSTEM32\FsUsbExDisk.Sys [25/12/2009 10:33 36608]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [30/01/2010 20:13 135664]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\SYSTEM32\DRIVERS\hitmanpro35.sys [02/05/2011 21:10 16968]
S3 TNET1130;D-Link AirPlus XtremeG+ Wireless Adapter;c:\windows\SYSTEM32\DRIVERS\GPlus.sys [12/12/2004 12:38 162313]
S3 UKS11LDR;M-Audio USB Keystation Loader; [x]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [03/09/2002 18:05 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-13 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 10:43]
.
2011-05-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-04 13:15]
.
2011-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 19:13]
.
2011-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 19:13]
.
2011-05-14 c:\windows\Tasks\User_Feed_Synchronization-{C659FFEB-C370-4656-B4FB-224F8453793D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
2011-05-14 c:\windows\Tasks\User_Feed_Synchronization-{EAFCC4A3-5822-45E3-B2BB-8E8EE9FAD6CA}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------

Ran MBAM without a detection:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 6572

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

14/05/2011 08:25:06
mbam-log-2011-05-14 (08-25-06).txt

Scan type: Quick scan
Objects scanned: 260933
Time elapsed: 8 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: lloydstsb.co.uk
DPF: {E33968CE-FF77-4DC3-A052-2921C0D60177} - hxxps://www.remotecontrol26.co.uk/DMS%20Website/Kiosk/Bootstrap270/2.7.1.151/BootstrapXP.cab
FF - ProfilePath - c:\documents and settings\Robert Cochrane\Application Data\Mozilla\Firefox\Profiles\9wc6du4m.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.msn.com/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-14 07:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3884)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-05-14 08:04:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-14 07:04
ComboFix2.txt 2011-05-13 21:20
.
Pre-Run: 12,314,636,288 bytes free
Post-Run: 12,462,354,432 bytes free
.
- - End Of File - - D9FD0450AAD5D21FA0C2129B0B87C6B3

And

The online scanner didn't pick up anything so there was no report to insert here.

Security check gave the following log:

Results of screen317's Security Check version 0.99.11
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
Java Web Start
Java™ 6 Update 20
Java 2 Runtime Environment, SE v1.4.1
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.4.4
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes' Anti-Malware mbam.exe
ESET ESET Online Scanner OnlineCmdLineScanner.exe
``````````End of Log````````````

London is great if you can afford it so not bad if you have lived there all your life but tricky if you are moving from abroad as you need to get a job fast to pay the crazy rent and prices. A lot of people come from South Africa and Australia and work hard for a few years, live in basic accomodation then go back home with enough money to buy a farm ;-) People come across from Paris and work in London during the week an dshoot back to Paris for the weekend because they make so much more in London then in France (they still don't like us tho'

)
Where abouts do you live?

#10 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 14 May 2011 - 10:29 AM

Hi!

No Anti-Virus Present

Looking over your log it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect cleans and erase harmful virus files on a computer
Web server or network. Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors

Avira AntiVir Personal - Free anti-virus software for Windows. Detects and removes more than 50000 viruses. Free support.
avast! 6 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer then only one of them should be active in memory at a time.

NEXT:

Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy

Go to Start > Control Panel > Add/Remove Programs
Remove ALL instances of Adobe Reader
Re-boot your computer as required.
Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader

Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.

NEXT:

Java Outdated
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to remove older version Java components and update:

Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
Look for "Java Platform, Standard Edition".
Click the "Download JRE" button to the right.
Read the License Agreement, and then check the box that says: "Accept License Agreement".
From the list, select your OS and Platform.
- 32-bit Select: Windows x86 Offline.
- 64-bit Select: Windows x64.
If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
Close any programs you may have running - especially your web browser.

Go to

> Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u25-windows-i586.exe to install the newest version.
If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
When the Java Setup - Welcome window opens, click the Install > button.
If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:

Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
Click Ok and reboot your computer.

NEXT

OTL Custom Scan

We need to run an OTL Custom Scan

Please reopen on your desktop.
Copy and Paste the following code into the textbox.

netsvcs
drivers32
hklm\software\clients\startmenuinternet|command /rs
%USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Push the button.
A report will open. Copy and Paste that report in your next reply.

NEXT:

What outstanding issues (if any) are you still experiencing with your computer?

#11 SentinelX

New Member

Group: Members
Posts: 9
Joined: 08-May 11

Posted 14 May 2011 - 11:49 AM

Hello there!
OK - AntiVir re-installed, Adobe and Java removed and updated versions installed and here's the log.
All seems well (although haven't done any browsing yet) but updates appear to be working (ie red shield gone).
Fingers crossed!
OTL logfile created on: 14/05/2011 17:41:20 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Robert Cochrane\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 10.67 Gb Free Space | 9.56% Space Free | Partition Type: NTFS
Drive E: | 38.28 Gb Total Space | 5.18 Gb Free Space | 13.53% Space Free | Partition Type: NTFS

Computer Name: FAMILY | User Name: Robert Cochrane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/12 22:34:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert Cochrane\Desktop\OTL.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/07/22 11:51:34 | 000,181,248 | ---- | M] (jProductivity, LLC) -- C:\Program Files\myPhoneDesktop\bin\myPhoneDesktop.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/15 09:28:52 | 001,323,008 | ---- | M] ( ) -- C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2003/04/09 16:23:36 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe

========== Modules (SafeList) ==========

MOD - [2011/05/12 22:34:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert Cochrane\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/29 15:41:46 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008/04/07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/02/13 17:21:38 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2003/04/09 16:23:36 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)

========== Driver Services (SafeList) ==========

DRV - [2011/05/02 21:42:19 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hitmanpro35.sys -- (hitmanpro35)
DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/10/11 14:58:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASPI32.SYS -- (Aspi32)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/03/31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/05/02 11:58:28 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/05/02 11:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/02 11:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ccdcmb.sys -- (nmwcd)
DRV - [2008/05/02 10:58:14 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/01/18 15:16:28 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\a016obex.sys -- (a016obex)
DRV - [2008/01/18 15:16:26 | 000,110,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\a016mdm.sys -- (a016mdm)
DRV - [2008/01/18 15:16:26 | 000,104,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\a016mgmt.sys -- (a016mgmt) Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM)
DRV - [2008/01/18 15:16:24 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\a016mdfl.sys -- (a016mdfl)
DRV - [2008/01/18 15:16:22 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\a016bus.sys -- (a016bus) Sony Ericsson Device A016 driver (WDM)
DRV - [2007/11/14 17:20:04 | 000,031,752 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ma_cmidi.sys -- (MA_CMIDI)
DRV - [2007/09/17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/06/13 14:55:18 | 000,816,896 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wn311b.sys -- (BCM43XX)
DRV - [2007/05/09 19:58:12 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007/02/02 03:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 03:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/08/18 11:44:44 | 000,011,473 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MaVc2K.sys -- (MaVctrl)
DRV - [2005/01/24 15:38:04 | 000,084,512 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ss_mdm.sys -- (ss_mdm)
DRV - [2005/01/24 15:38:04 | 000,006,064 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/01/24 15:38:00 | 000,052,384 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ss_bus.sys -- (ss_bus) Samsung Mobile USB Device 1.0 driver (WDM)
DRV - [2004/08/04 06:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 06:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 06:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 06:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 06:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 06:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 06:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 06:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 06:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 06:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/09/04 23:44:25 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2003/09/04 23:44:25 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2003/09/04 23:44:25 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2003/09/04 23:44:25 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2003/08/13 15:38:16 | 000,016,292 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2003/08/13 07:43:34 | 000,162,313 | R--- | M] (D-Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\GPlus.sys -- (TNET1130)
DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2003/04/09 16:07:18 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/12/17 12:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/10/29 16:38:10 | 000,170,499 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2002/10/29 16:37:36 | 001,175,536 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2002/10/29 16:31:28 | 000,604,240 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sonypvs1.sys -- (sonypvs1)
DRV - [2002/04/11 17:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\AWINDIS5.SYS -- (AWINDIS5)
DRV - [2001/01/02 23:53:00 | 000,019,677 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsreader.sys -- (dsreader) MaxDrive Driver (dsreader.sys)
DRV - [1998/09/25 09:54:28 | 000,052,800 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\HPFECP14.SYS -- (HPFECP14)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://uk.msn.com/"
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/04 22:24:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/04 22:25:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert Cochrane\Application Data\Mozilla\Extensions
[2011/05/14 17:38:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/14 17:38:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/14 17:38:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/06/17 12:00:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 17:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/14 07:56:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AS00_WN311B] C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe ( )
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EPSON Stylus Photo RX700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9IE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe (NOS Microsystems Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Robert Cochrane\Start Menu\Programs\Startup\myPhoneDesktop.lnk = C:\Program Files\myPhoneDesktop\bin\myPhoneDesktop.exe (jProductivity, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: lloydstsb.co.uk ([]https in Trusted sites)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zone.msn.com/binary/msgrchkr.cab (Checkers Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://protect.microsoft.com/security/protect/wsa/shared/CAB/x86/msSecAdv.cab?1095962120609 (MSSecurityAdvisor Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.photogize.com/bponet/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123535274015 (MUWebControl Class)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://housecall.trendmicro-europe.com/housecall/Xscan53.cab (HouseCall Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://cochrane33.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/MessengerStatsClient.cab (MessengerStatsClient Class)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/msnmessengersetupdownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab (ZoneIntro Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.4.1/jinstall-1_4_1-windows-i586.cab (Java Plug-in 1.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E33968CE-FF77-4DC3-A052-2921C0D60177} https://www.remotecontrol26.co.uk/DMS%20Website/Kiosk/Bootstrap270/2.7.1.151/BootstrapXP.cab (LoaderOnline Class)
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} http://messenger.zone.msn.com/binary/Chess.cab31267.cab (ZoneChess Object)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?316 (QDiagHUpdateObj Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Robert Cochrane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robert Cochrane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/31 17:45:27 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi1 - C:\WINDOWS\System32\ma_cmidn.dll (M-Audio)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.aasc - C:\WINDOWS\System32\aasc32.dll (Autodesk, Inc.)
Drivers32: vidc.aflc - C:\WINDOWS\System32\flccodec32.dll (Autodesk, Inc.)
Drivers32: vidc.afli - C:\WINDOWS\System32\flccodec32.dll (Autodesk, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - lvcodec2.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\SYSTEM32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\SYSTEM32\vp6vfw.dll (On2.com)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.xvid - xvid.dll File not found
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/14 17:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/14 17:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/05/14 17:19:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/05/14 17:18:51 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/05/14 17:18:51 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/05/14 17:18:51 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/05/14 17:18:51 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/05/14 17:18:50 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/05/14 17:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/05/14 07:47:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/13 22:05:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/13 21:34:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/13 21:34:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/13 21:34:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/13 21:34:58 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/13 21:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/13 21:26:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/13 20:56:42 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Robert Cochrane\Desktop\aswMBR.exe
[2011/05/13 18:57:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/12 22:33:54 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert Cochrane\Desktop\OTL.exe
[2011/05/12 22:30:20 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Robert Cochrane\Desktop\TDSSKiller.exe
[2011/05/07 15:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/07 15:44:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/06 14:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/05/04 22:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert Cochrane\Local Settings\Application Data\Mozilla
[2011/05/04 22:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert Cochrane\Application Data\Mozilla
[2011/05/04 22:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/05/04 21:54:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/05/04 21:43:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7
[2011/05/02 22:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/02 22:06:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2011/05/02 21:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/05/02 20:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/05/02 12:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert Cochrane\Application Data\FixCleaner
[2011/05/02 12:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\FixCleaner
[2011/05/02 08:22:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/04/29 18:41:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Robert Cochrane\Recent
[2011/04/29 10:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2011/04/29 01:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/04/29 00:33:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/29 00:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/28 23:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/28 23:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/28 23:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/25 18:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2010/07/22 08:45:46 | 003,981,080 | R--- | C] (Adobe Systems, Inc.) -- C:\Documents and Settings\Robert Cochrane\Application Data\flash.ocx
[2006/12/12 09:59:08 | 000,184,320 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.MSXML2.dll
[2006/02/06 21:33:49 | 000,315,624 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dxwebsetup.exe

========== Files - Modified Within 30 Days ==========

[2011/05/14 17:45:00 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C659FFEB-C370-4656-B4FB-224F8453793D}.job
[2011/05/14 17:43:00 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EAFCC4A3-5822-45E3-B2BB-8E8EE9FAD6CA}.job
[2011/05/14 17:32:36 | 000,001,768 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/05/14 17:29:33 | 000,446,918 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/05/14 17:29:33 | 000,074,040 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/05/14 17:27:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/05/14 17:25:23 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/05/14 17:25:13 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/14 17:24:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/05/14 17:19:09 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/05/14 16:46:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/14 12:02:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/14 10:50:37 | 000,879,035 | ---- | M] () -- C:\Documents and Settings\Robert Cochrane\Desktop\SecurityCheck.exe
[2011/05/14 07:56:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/05/14 07:40:05 | 004,347,800 | R--- | M] () -- C:\Documents and Settings\Robert Cochrane\Desktop\ComboFix.exe
[2011/05/13 22:05:56 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/13 20:57:58 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Robert Cochrane\Desktop\MBR.dat
[2011/05/13 20:56:52 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Robert Cochrane\Desktop\aswMBR.exe
[2011/05/13 19:27:12 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\Epson Printer Software Downloader.job
[2011/05/12 22:34:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert Cochrane\Desktop\OTL.exe
[2011/05/08 18:20:37 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Robert Cochrane\Desktop\Microsoft Office Word 2007.lnk
[2011/05/07 23:41:05 | 000,002,052 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/05/07 15:44:32 | 000,000,985 | ---- | M] () -- C:\Documents and Settings\Robert Cochrane\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/05/07 15:44:32 | 000,000,967 | ---- | M] () -- C:\Documents and Settings\Robert Cochrane\Desktop\Spybot - Search & Destroy.lnk
[2011/05/06 21:05:32 | 000,001,134 | ---- | M] () -- C:\Documents and Settings\Robert Cochrane\Desktop\FixNCR.reg
[2011/05/06 16:13:30 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/04 22:24:57 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\Robert Cochrane\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/04 22:24:57 | 000,000,758 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/04 22:02:07 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\Robert Cochrane\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/03 16:02:55 | 000,001,503 | ---- | M] () -- C:\Documents and Settings\Robert Cochrane\Desktop\Paint.lnk
[2011/05/02 21:42:19 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/02 09:01:36 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Robert Cochrane\Desktop\iExplore.exe
[2011/05/01 14:21:34 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Robert Cochrane\Desktop\TDSSKiller.exe
[2011/04/25 19:47:58 | 000,143,644 | ---- | M] () -- C:\Documents and Settings\Robert Cochrane\Desktop\George Gershwin-Someone To Watch Over Me-Sheetzbox.pdf
[2011/04/15 12:38:39 | 000,236,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/05/14 17:32:36 | 000,001,768 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/05/14 17:32:35 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/14 17:19:08 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/05/14 10:42:52 | 000,879,035 | ---- | C] () -- C:\Documents and Settings\Robert Cochrane\Desktop\SecurityCheck.exe
[2011/05/13 22:05:56 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/13 22:05:53 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/13 21:34:58 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/13 21:34:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/13 21:34:58 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/13 21:34:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/13 21:34:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/13 21:26:18 | 004,347,800 | R--- | C] () -- C:\Documents and Settings\Robert Cochrane\Desktop\ComboFix.exe
[2011/05/13 20:57:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Robert Cochrane\Desktop\MBR.dat
[2011/05/07 23:41:05 | 000,002,052 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/05/07 15:44:32 | 000,000,985 | ---- | C] () -- C:\Documents and Settings\Robert Cochrane\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/05/07 15:44:32 | 000,000,967 | ---- | C] () -- C:\Documents and Settings\Robert Cochrane\Desktop\Spybot - Search & Destroy.lnk
[2011/05/06 21:04:32 | 000,001,134 | ---- | C] () -- C:\Documents and Settings\Robert Cochrane\Desktop\FixNCR.reg
[2011/05/04 22:24:57 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\Robert Cochrane\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/04 22:24:57 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/04 22:24:57 | 000,000,758 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/02 21:10:05 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/02 09:04:07 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Robert Cochrane\Desktop\iExplore.exe
[2011/04/30 21:17:34 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/04/25 19:47:56 | 000,143,644 | ---- | C] () -- C:\Documents and Settings\Robert Cochrane\Desktop\George Gershwin-Someone To Watch Over Me-Sheetzbox.pdf
[2010/10/15 12:25:14 | 000,190,880 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/16 12:28:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/09/15 19:19:13 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/09/15 19:19:13 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/09/15 19:19:13 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/09/15 19:19:13 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/06/02 22:28:25 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Robert Cochrane\Application Data\$_hpcst$.hpc
[2009/12/25 10:33:27 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/12/25 10:33:27 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/10/20 20:39:00 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/19 20:32:34 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI
[2008/10/14 19:52:36 | 000,000,008 | ---- | C] () -- C:\WINDOWS\SAGE.INI
[2008/05/17 18:54:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\ASupplicant.dll
[2008/05/06 20:41:09 | 000,001,088 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/04/04 19:33:04 | 000,047,956 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/03/13 08:14:20 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\SgEData.dll
[2008/03/13 08:14:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SgELauncher.dll
[2008/03/13 08:14:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SgEEncrypt.dll
[2008/02/16 15:49:16 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/02/01 20:08:21 | 000,000,440 | ---- | C] () -- C:\WINDOWS\BeatBox.INI
[2008/02/01 19:04:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2008/02/01 19:03:08 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2008/02/01 19:01:13 | 000,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2007/12/27 19:56:17 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/12/27 19:51:10 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/12/27 19:51:10 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/12/27 19:51:10 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2007/12/27 19:51:10 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2007/12/27 19:51:10 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/12/27 19:51:10 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/12/27 19:51:09 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/12/27 19:51:09 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/12/27 19:51:09 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/12/27 19:51:09 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/12/27 19:51:09 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2007/12/27 19:51:09 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/12/27 19:51:09 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/12/27 19:51:09 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/12/27 19:51:09 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/12/27 19:48:25 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE RX700E.ini
[2007/12/04 14:22:58 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2007/12/04 14:20:38 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\SGSTDREG.dll
[2007/12/04 14:20:32 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\SGRegister.dll
[2007/09/22 10:35:03 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/09/22 10:35:03 | 000,192,512 | R--- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2007/09/22 10:35:03 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/08/10 12:05:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2007/05/17 18:29:35 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Multimedia manager.INI
[2007/05/09 19:59:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2007/05/09 19:58:49 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2006/11/20 14:44:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\SgDate.dll
[2006/10/09 07:05:47 | 000,001,112 | ---- | C] () -- C:\Documents and Settings\Robert Cochrane\Application Data\ViewerApp.dat
[2006/09/28 23:00:00 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2006/08/05 12:03:50 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Abac Karaoke.INI
[2006/04/20 16:50:56 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/02/18 09:18:01 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/02/05 19:35:30 | 000,001,928 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Real Audio Codec.dat
[2006/02/05 19:32:37 | 000,002,995 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBPowerAMP Real Audio Encoder R3.dat
[2006/02/05 19:17:53 | 000,002,515 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP DirectShow Decoder Codec.dat
[2006/02/05 19:14:15 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2005/08/31 17:41:56 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/06/05 14:45:06 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\impborl.dll
[2005/02/12 16:11:23 | 000,000,094 | -H-- | C] () -- C:\WINDOWS\System32\tlr_WAasw.ini
[2005/02/06 19:04:12 | 000,000,040 | ---- | C] () -- C:\WINDOWS\RSoftInfo.dat
[2004/12/12 12:38:35 | 000,062,772 | R--- | C] () -- C:\WINDOWS\System32\drivers\GPlus.bin
[2004/09/30 14:44:31 | 000,016,686 | ---- | C] () -- C:\WINDOWS\System32\popfil.dll
[2004/09/30 14:44:31 | 000,014,712 | ---- | C] () -- C:\WINDOWS\System32\tafil.dll
[2004/09/30 14:44:31 | 000,012,730 | ---- | C] () -- C:\WINDOWS\System32\psyfil.dll
[2004/09/30 14:44:31 | 000,012,240 | ---- | C] () -- C:\WINDOWS\System32\sporfil.dll
[2004/09/30 14:44:31 | 000,009,404 | ---- | C] () -- C:\WINDOWS\System32\pkmon.dll
[2004/09/30 14:44:31 | 000,006,810 | ---- | C] () -- C:\WINDOWS\System32\swfil.dll
[2004/09/30 14:44:31 | 000,006,050 | ---- | C] () -- C:\WINDOWS\System32\wrestfil.dll
[2004/09/30 14:44:31 | 000,002,246 | ---- | C] () -- C:\WINDOWS\System32\wzfil.dll
[2004/09/30 14:44:31 | 000,001,462 | ---- | C] () -- C:\WINDOWS\System32\tapfil.dll
[2004/09/30 14:44:31 | 000,000,724 | ---- | C] () -- C:\WINDOWS\System32\spmfil.dll
[2004/09/30 14:44:31 | 000,000,540 | ---- | C] () -- C:\WINDOWS\System32\srchfrgn.dll
[2004/09/30 14:44:30 | 000,020,678 | ---- | C] () -- C:\WINDOWS\System32\perfil.dll
[2004/09/30 14:44:30 | 000,017,370 | ---- | C] () -- C:\WINDOWS\System32\nvgamfil.dll
[2004/09/30 14:44:30 | 000,009,770 | ---- | C] () -- C:\WINDOWS\System32\gnfil.dll
[2004/09/30 14:44:30 | 000,008,652 | ---- | C] () -- C:\WINDOWS\System32\jbfil.dll
[2004/09/30 14:44:30 | 000,007,778 | ---- | C] () -- C:\WINDOWS\System32\movfil.dll
[2004/09/30 14:44:30 | 000,000,670 | ---- | C] () -- C:\WINDOWS\System32\mp3fil.dll
[2004/09/30 14:44:30 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\igefil.dll
[2004/09/30 14:44:30 | 000,000,116 | ---- | C] () -- C:\WINDOWS\System32\nfil.dll
[2004/09/30 14:44:30 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\macfil.dll
[2004/09/30 14:44:29 | 000,013,154 | ---- | C] () -- C:\WINDOWS\System32\finfil.dll
[2004/09/30 14:44:29 | 000,012,422 | ---- | C] () -- C:\WINDOWS\System32\entfil.dll
[2004/09/30 14:44:29 | 000,011,248 | ---- | C] () -- C:\WINDOWS\System32\fmfil.dll
[2004/09/30 14:44:29 | 000,007,642 | ---- | C] () -- C:\WINDOWS\System32\auctfil.dll
[2004/09/30 14:44:29 | 000,001,790 | ---- | C] () -- C:\WINDOWS\System32\csnews.dll
[2004/09/30 14:44:29 | 000,001,208 | ---- | C] () -- C:\WINDOWS\System32\fshrfil.dll
[2004/09/30 14:44:29 | 000,000,400 | ---- | C] () -- C:\WINDOWS\System32\bsnlst.dll
[2004/09/30 14:44:29 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\bnrfil.dll
[2004/09/30 14:29:18 | 000,056,464 | ---- | C] () -- C:\WINDOWS\System32\adwfil.dll
[2004/09/30 14:29:18 | 000,013,036 | ---- | C] () -- C:\WINDOWS\System32\gblfil.dll
[2004/09/30 14:29:18 | 000,010,644 | ---- | C] () -- C:\WINDOWS\System32\chtfil.dll
[2004/09/30 14:29:18 | 000,005,782 | ---- | C] () -- C:\WINDOWS\System32\vgamfil.dll
[2004/09/30 14:29:18 | 000,005,160 | ---- | C] () -- C:\WINDOWS\System32\wfileu.drv
[2004/09/30 14:29:18 | 000,004,572 | ---- | C] () -- C:\WINDOWS\System32\iawfil.dll
[2004/09/30 14:29:18 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\hatfil.dll
[2004/09/30 14:29:18 | 000,004,084 | ---- | C] () -- C:\WINDOWS\System32\viofil.dll
[2004/09/30 14:29:18 | 000,003,444 | ---- | C] () -- C:\WINDOWS\System32\srchin.dll
[2004/09/30 14:29:18 | 000,002,706 | ---- | C] () -- C:\WINDOWS\System32\lgwfil.dll
[2004/09/30 14:29:18 | 000,001,830 | ---- | C] () -- C:\WINDOWS\System32\cultfil.dll
[2004/09/30 14:29:18 | 000,001,482 | ---- | C] () -- C:\WINDOWS\System32\gdwfil.dll
[2004/09/30 14:29:18 | 000,000,496 | ---- | C] () -- C:\WINDOWS\System32\imgfil.dll
[2004/09/30 14:29:18 | 000,000,400 | ---- | C] () -- C:\WINDOWS\bsnlst.dll
[2004/09/30 14:29:18 | 000,000,306 | ---- | C] () -- C:\WINDOWS\System32\picsfil.dll
[2004/09/30 14:29:18 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\srchout.dll
[2004/09/30 14:29:10 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\mslspc.exe
[2004/09/30 14:29:10 | 000,000,027 | ---- | C] () -- C:\WINDOWS\liccyval.dat
[2004/09/23 19:33:27 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/22 19:22:01 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2004/09/22 18:49:15 | 000,000,194 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2004/09/06 20:52:34 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/05/26 07:31:33 | 001,152,060 | ---- | C] () -- C:\WINDOWS\kwv2.dat
[2004/05/25 18:10:22 | 000,000,699 | ---- | C] () -- C:\WINDOWS\E-REGTLC.INI
[2004/05/25 17:59:46 | 000,000,110 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2004/05/23 17:24:41 | 002,886,514 | -H-- | C] () -- C:\WINDOWS\kyf.dat.old
[2004/05/07 14:21:39 | 000,000,827 | ---- | C] () -- C:\WINDOWS\SGREP32.INI
[2004/05/05 13:42:02 | 000,002,621 | ---- | C] () -- C:\WINDOWS\Payroll.INI
[2004/05/05 08:04:19 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\SGList32.dll
[2004/05/05 08:04:19 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\SGTool32.dll
[2004/05/05 08:04:19 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\SGCDlg32.dll
[2004/05/05 08:04:19 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\SGLch32.dll
[2004/05/05 08:04:19 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeManager.dll
[2004/05/05 08:04:19 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\SGTBar32.dll
[2004/05/05 08:04:19 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHelp32.dll
[2004/05/05 08:04:19 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll
[2004/05/05 08:04:19 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\SGCom32.dll
[2004/05/05 08:04:19 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGIntl32.dll
[2004/05/05 08:04:19 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDt32.dll
[2004/05/05 08:04:19 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAppBar.dll
[2004/05/05 08:04:19 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.dll
[2004/05/05 08:04:19 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SgStat32.dll
[2004/05/05 08:04:19 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLogo32.dll
[2004/05/05 08:04:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\RepDes32.exe
[2004/05/05 08:04:18 | 001,716,224 | ---- | C] () -- C:\WINDOWS\System32\SGRep32.dll
[2004/04/12 10:33:00 | 000,000,242 | ---- | C] () -- C:\WINDOWS\HPFTBX14.INI
[2004/04/12 08:30:11 | 000,000,196 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/03/23 20:35:31 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/03/06 16:14:51 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/02/10 20:55:25 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/02/10 20:55:24 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2003/12/30 15:01:50 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2003/12/20 18:45:34 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2003/12/20 18:45:26 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/12/20 18:44:34 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/12/20 11:52:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/11/04 19:09:24 | 000,122,880 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2003/09/22 22:10:00 | 000,000,098 | ---- | C] () -- C:\WINDOWS\7thlevel.ini
[2003/09/14 08:31:44 | 005,317,584 | ---- | C] () -- C:\Program Files\DivX51Bundle.exe
[2003/09/14 08:17:52 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Robert Cochrane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/09/13 18:16:08 | 000,048,954 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/09/11 11:24:10 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\SDOApp.dll
[2003/09/10 17:32:06 | 000,000,511 | ---- | C] () -- C:\WINDOWS\qtw.ini
[2003/09/10 15:24:43 | 000,000,585 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/09/04 23:46:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/09/04 23:43:31 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/09/04 23:38:57 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/09/04 23:29:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2003/09/04 23:27:30 | 000,446,918 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2003/09/04 23:27:30 | 000,074,040 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2003/09/04 23:14:54 | 000,000,477 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/08/19 07:53:52 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXP.dll
[2003/08/19 07:53:46 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeDefault.dll
[2003/08/19 07:51:52 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2003/07/22 11:09:05 | 000,034,864 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2003/07/22 07:37:06 | 000,000,015 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2003/07/22 04:03:04 | 000,149,504 | ---- | C] () -- C:\WINDOWS\System32\CETNUASM.DLL
[2003/07/22 03:53:19 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2002/11/01 17:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/10/06 22:42:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggds.dll
[2002/09/03 18:17:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 18:16:59 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/09/03 17:52:01 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/03 17:51:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/03 17:41:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/03 17:41:43 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/03 17:32:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/09/03 17:30:33 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/09/03 09:05:08 | 000,236,760 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 08:59:14 | 000,004,317 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 08:56:30 | 000,022,776 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/08/29 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/07/04 16:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/04/16 11:27:54 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\CdI5T.drv
[2001/12/14 14:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2000/07/27 02:13:02 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1998/09/25 10:42:04 | 000,126,464 | ---- | C] () -- C:\WINDOWS\System32\HPFcfg14.exe
[1998/09/25 10:41:34 | 000,004,404 | ---- | C] () -- C:\WINDOWS\System32\HPFlnk14.ini
[1998/09/25 10:41:32 | 000,119,808 | ---- | C] () -- C:\WINDOWS\System32\HPFlnk14.exe
[1998/09/25 10:39:30 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\HPFtbx14.exe
[1998/09/25 10:36:00 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\HPFhid14.exe
[1998/09/25 10:34:28 | 000,152,064 | ---- | C] () -- C:\WINDOWS\System32\HPFdat14.dll
[1998/09/25 10:32:22 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\HPFscp14.dll
[1998/09/25 10:21:26 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\HPFhrl14.dll
[1998/09/25 10:21:22 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\HPFsrl14.dll
[1998/09/25 10:21:18 | 000,297,472 | ---- | C] () -- C:\WINDOWS\System32\HPFmrl14.dll
[1998/09/25 10:21:12 | 001,080,320 | ---- | C] () -- C:\WINDOWS\System32\HPFtrl14.dll
[1998/09/25 10:16:28 | 000,194,048 | ---- | C] () -- C:\WINDOWS\System32\HPFcps14.dll
[1998/09/25 10:16:00 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\HPF24r14.dll
[1998/09/25 10:14:48 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\HPFtst14.dll
[1998/09/25 10:07:30 | 000,395,264 | ---- | C] () -- C:\WINDOWS\System32\HPFui14.dll
[1998/09/25 10:02:00 | 000,187,904 | ---- | C] () -- C:\WINDOWS\System32\HPFwin14.dll
[1998/09/25 09:58:46 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\HPFmon14.dll
[1998/09/25 09:58:08 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\HPFcbl14.dll
[1998/09/25 09:56:00 | 000,033,384 | ---- | C] () -- C:\WINDOWS\System32\HPFiop14.dll
[1998/09/25 09:55:48 | 000,069,284 | ---- | C] () -- C:\WINDOWS\System32\HPFpml14.dll
[1998/09/25 09:55:42 | 000,137,232 | ---- | C] () -- C:\WINDOWS\System32\HPFmlc14.dll
[1998/09/25 09:55:36 | 000,057,240 | ---- | C] () -- C:\WINDOWS\System32\HPFmem14.dll
[1998/09/25 09:55:30 | 000,048,292 | ---- | C] () -- C:\WINDOWS\System32\HPFlpm14.dll
[1998/09/25 09:55:20 | 000,072,368 | ---- | C] () -- C:\WINDOWS\System32\HPFcom14.dll
[1998/09/25 09:54:28 | 000,052,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\HPFecp14.sys
[1998/09/25 09:53:40 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\HPFrsu14.dll
[1998/09/25 09:53:10 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\HPFrsa14.dll
[1998/09/25 09:48:44 | 001,777,664 | ---- | C] () -- C:\WINDOWS\System32\HPFimg14.dll
[1998/09/25 09:45:34 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\HPFcnt14.dll
[1998/09/23 22:42:40 | 000,035,328 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[1998/03/26 01:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SgHmZLib.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1980/01/01 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2006/12/17 15:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2009/10/19 19:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/09/15 23:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/02/13 17:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2011/05/02 20:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2008/10/11 20:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2010/08/10 19:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2008/02/01 19:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Magix Shared
[2008/10/20 18:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/12/25 11:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008/10/13 06:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\szojyxcd
[2009/04/26 09:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/15 19:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2007/12/30 21:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/23 19:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/08/11 20:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/12 10:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/13 19:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/11/06 10:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Cochrane\Application Data\EPSON
[2011/05/02 20:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Cochrane\Application Data\FixCleaner
[2004/05/08 00:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Cochrane\Application Data\FUJIFILM
[2009/12/25 12:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Cochrane\Application Data\LG Electronics
[2005/08/08 22:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Cochrane\Application Data\Lycos
[2010/08/10 19:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Cochrane\Application Data\MAGIX
[2009/12/25 12:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Cochrane\Application Data\PC Suite
[2011/04/30 06:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Cochrane\Application Data\Spotify
[2003/09/10 15:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Cochrane\Application Data\Template
[2010/03/04 20:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Cochrane\Application Data\Windows Live Writer
[2010/07/22 08:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Cochrane\Application Data\Worksimaging
[2011/05/13 19:27:12 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\Epson Printer Software Downloader.job
[2011/05/14 17:45:00 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C659FFEB-C370-4656-B4FB-224F8453793D}.job
[2011/05/14 17:43:00 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EAFCC4A3-5822-45E3-B2BB-8E8EE9FAD6CA}.job

========== Purity Check ==========

========== Custom Scans ==========

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AOL8~1.0\accdef.exe -rb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AOL8~1.0\accdef.exe -hb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AOL8~1.0\accdef.exe -sb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AOL8~1.0\aol.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 17:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 17:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 17:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 17:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2002/08/29 05:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-14 11:06:39

< >

< >

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

#12 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 14 May 2011 - 12:01 PM

Please do the following:

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

cmd /c dir /a /s "C:\Documents and Settings\All Users\Application Data\szojyxcd">"%userprofile%\desktop\look.txt"

A file called look.txt should appear on your Desktop. Please post the contents of this file.

#13 SentinelX

New Member

Group: Members
Posts: 9
Joined: 08-May 11

Posted 14 May 2011 - 12:41 PM

Volume in drive C has no label.
Volume Serial Number is E009-AB72

Directory of C:\Documents and Settings\All Users\Application Data\szojyxcd

13/10/2008 06:28 <DIR> .
13/10/2008 06:28 <DIR> ..
0 File(s) 0 bytes

Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 11,536,519,168 bytes free

There you go - how are we looking ?

#14 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 14 May 2011 - 12:49 PM

Hiya!

We are looking pretty good! We should be able to proceed with cleaning up our tools very shortly.

Please browse to this folder: C:\Documents and Settings\All Users\Application Data\szojyxcd

and confirm that it is empty, if that's in fact the case, please go ahead and run this below:

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

cmd /c del /f/a/q "C:\Documents and Settings\All Users\Application Data\szojyxcd"

Post back once you've done the above.

#15 SentinelX

New Member

Group: Members
Posts: 9
Joined: 08-May 11

Posted 14 May 2011 - 01:21 PM

Yep, it's empty and I've typed that into cmd...

Share this topic:

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

BleepingComputer.com: XP Security 2011 - Tried RKill, MBytes etc

Forum Guidelines

XP Security 2011 - Tried RKill, MBytes etc Please find HKT log etc

#1 SentinelX

Attached File(s)

#2 SweetTech

#3 SentinelX

#4 SweetTech

#5 SentinelX

#6 SweetTech

#7 SentinelX

#8 SweetTech

#9 SentinelX

#10 SweetTech

#11 SentinelX

#12 SweetTech

#13 SentinelX

#14 SweetTech

#15 SentinelX

Share this topic:

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

Delete Post

Skin and Language

Execution Stats

BleepingComputer.com: XP Security 2011 - Tried RKill, MBytes etc

Forum Guidelines

XP Security 2011 - Tried RKill, MBytes etc Please find HKT log etc

Attached File(s)

Share this topic:

1 User(s) are reading this topic 0 members, 1 guests, 0 anonymous users

Delete Post

Skin and Language

Execution Stats

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users