Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBR Rootkit detected


  • This topic is locked This topic is locked
17 replies to this topic

#1 freedie

freedie

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:33 PM

Posted 17 December 2009 - 04:53 AM

Please find below and attached the requested files:

All help gratefully received. I do use internet banking etc and am a tad worried about whether my security is compromised or not?


DDS (Ver_09-12-01.01) - NTFSx86
Run by ME at 22:28:02.25 on 16/12/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1175 [GMT 0:00]

AV: avast! antivirus 4.8.1368 [VPS 091216-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Multimedia Keyboard\KbdAp32A.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ME\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;<local>
mWinlogon: UIHost=c:\documents and settings\all users\application data\tuneup software\tuneup utilities\winstyler\tu_logonui.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No File
TB: {B24BA06E-FB7B-4757-95C2-DC01125F750E} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [FLMK08KB] c:\program files\multimedia keyboard\KbdAp32A.exe
mRun: [FLMOFFICE4DMOUSE] c:\program files\browser mouse\mouse32a.exe
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll
LSP: c:\windows\system32\INetHTTPFilter.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
Hosts: 127.255.255.255 serial.alcohol-soft.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\me\applic~1\mozilla\firefox\profiles\f1n1asyi.default\
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\me\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-13 64288]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-12-16 30280]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-13 114768]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-12-12 186128]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-13 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-13 138680]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2009-12-16 47152]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-13 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-13 352920]
R3 FIXUSTOR;FIXUSTOR;c:\windows\system32\drivers\fixustor.sys [2006-1-4 11136]
R3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [2007-10-12 220079]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2009-12-16 24496]
R3 rxpvbus;Reality XP Avionics Bus Driver;c:\windows\system32\drivers\rxpvbus.sys [2005-8-28 44032]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408]
R3 ZT6688;ZT6688 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\ZT6688.sys [2008-3-10 21376]
S1 ensqio;ensqio;c:\windows\system32\drivers\ensqio.sys --> c:\windows\system32\drivers\ensqio.sys [?]
S1 sbpcint4;SB AudioPCI 128;c:\windows\system32\drivers\sbpcint4.sys --> c:\windows\system32\drivers\sbpcint4.sys [?]
S2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-12-16 6221824]
S3 cpuz128;cpuz128;\??\c:\docume~1\me\locals~1\temp\cpuz_x32.sys --> c:\docume~1\me\locals~1\temp\cpuz_x32.sys [?]
S3 huadio;huadio;\??\c:\huadio.tmp --> c:\huadio.tmp [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912]
S3 LV506AV;Logitech QuickCam Cordless(PID_0430);c:\windows\system32\drivers\LV506AV.SYS [2006-2-18 259584]
S3 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\siteadvisor\mcsacore.exe --> c:\progra~1\mcafee\siteadvisor\mcsacore.exe [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2.tmp --> c:\windows\system32\2.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SaiH0486;SaiH0486;c:\windows\system32\drivers\SaiH0486.sys [2006-1-17 132232]
S3 Tileproxy;Tileproxy;c:\windows\system32\drivers\tileproxy.sys [2008-3-9 31616]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys --> c:\windows\system32\drivers\vaxscsi.sys [?]
S3 ZeppelinService;plasservice;c:\program files\common files\paretologic\plas\plasservice.exe [2009-2-18 587216]
S4 gupdate1c985f05e04b7a4;Google Update Service (gupdate1c985f05e04b7a4);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2100-02-16 16:09:06 62 -c--a-w- c:\windows\system32\LXBOUSCI.INI
2009-12-16 19:07:56 53136 ----a-w- c:\windows\system32\PxSecure.dll
2009-12-16 19:07:53 47152 ----a-w- c:\windows\system32\drivers\pxrts.sys
2009-12-16 19:07:53 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-12-16 19:07:51 24496 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2009-12-16 19:07:49 0 d-----w- c:\program files\Prevx
2009-12-16 19:07:29 0 d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI
2009-12-15 16:42:51 0 d-----w- c:\docume~1\me\applic~1\Tific
2009-12-15 16:42:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2009-12-15 16:42:30 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-12-13 16:21:36 0 d-----w- c:\program files\Enigma Software Group
2009-12-13 15:14:26 0 d-----w- c:\program files\Sophos
2009-12-13 09:30:41 1941 ----a-w- C:\rollback.ini
2009-12-12 20:54:22 538400 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-12-12 20:54:22 44708 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-12-12 20:54:22 168800 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-12 20:54:22 13002784 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-12 20:41:54 0 d-----w- c:\program files\common files\ParetoLogic
2009-12-12 20:41:54 0 d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic Anti-Virus PLUS
2009-12-12 20:41:53 0 d-----w- c:\program files\ParetoLogic
2009-12-12 20:41:53 0 d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-12-11 16:38:55 0 d-----w- c:\program files\Spybot - Search & Destroy

==================== Find3M ====================

2009-12-03 16:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 16:13:56 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-11-02 20:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-28 18:17:50 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-28 18:17:49 15880 -c--a-w- c:\windows\system32\lsdelete.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-08 14:57:02 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 14:57:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 14:56:56 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-07-17 11:42:53 4820 -c--a-w- c:\program files\qexdb.txt
2006-03-29 14:50:37 61 -csh--w- c:\windows\cnerolf.dat
2008-08-09 12:14:18 80 -csh--r- c:\windows\system32\A09E64B1A5.dll
2009-02-27 17:57:53 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009022720090228\index.dat

============= FINISH: 22:28:37.76 ===============

Thank you in advance
Eddie

Attached Files

  • Attached File  ark.txt   37.46KB   5 downloads


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:33 PM

Posted 29 December 2009 - 11:09 AM

Hi,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.


We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    CREATERESTOREPOINT

  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Then please post back here with the following logs:
  • OTL.txt
  • Extra.txt
Thanks

unite.jpg


#3 freedie

freedie
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:33 PM

Posted 31 December 2009 - 09:41 AM

Hi Syler,

Thank you for offering to help me. I may have already removed the rootkit but my computer is still "up the spout". If you are still willing to help me after all the fiddling I have done I would be most grateful. If you decide not to I will understand.

The files you asked for are as follows:

OTL logfile created on: 31/12/2009 14:06:42 - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\ME\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 93.23 Gb Free Space | 62.55% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 60.22 Gb Free Space | 40.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ME
Current User Name: ME
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/31 14:06:12 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\OTL.exe
PRC - [2009/12/22 17:33:45 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/12/22 17:33:45 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/12/22 15:33:03 | 06,222,312 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe
PRC - [2009/11/24 23:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 23:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 23:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 23:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 23:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/06/03 03:09:36 | 00,552,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2008/04/14 00:12:28 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/03/28 10:13:35 | 00,380,928 | ---- | M] () -- C:\Program Files\Multimedia Keyboard\KBDAP32A.EXE
PRC - [2006/03/25 11:35:58 | 00,360,448 | ---- | M] () -- C:\Program Files\Browser Mouse\mouse32a.exe
PRC - [2004/02/03 13:42:54 | 00,401,491 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe


========== Modules (SafeList) ==========

MOD - [2009/12/31 14:06:12 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\OTL.exe
MOD - [2006/03/25 11:35:58 | 00,057,344 | ---- | M] () -- C:\Program Files\Browser Mouse\mouDL32A.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (McAfee SiteAdvisor Service)
SRV - [2009/12/22 17:33:45 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/12/22 15:33:03 | 06,222,312 | ---- | M] (Prevx) [Auto | Running] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV - [2009/11/24 23:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 23:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 23:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 23:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/04/26 14:29:24 | 00,090,352 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/03/16 19:37:00 | 02,849,844 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/02/27 17:02:08 | 00,355,584 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/02/03 11:12:48 | 00,133,104 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c985f05e04b7a4) Google Update Service (gupdate1c985f05e04b7a4)
SRV - [2008/06/03 03:09:36 | 00,552,960 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2008/06/02 20:05:00 | 00,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2008/05/29 09:28:54 | 00,028,416 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/02/27 16:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) [On_Demand | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/11/30 16:30:39 | 00,295,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\termsrv32.dll -- (TermService)
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/12/22 15:33:04 | 00,047,408 | ---- | M] (Prevx) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pxrts.sys -- (pxrts)
DRV - [2009/12/22 15:33:04 | 00,030,280 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\pxscan.sys -- (pxscan)
DRV - [2009/12/22 15:33:04 | 00,024,496 | ---- | M] (Prevx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pxkbf.sys -- (pxkbf)
DRV - [2009/11/24 23:50:59 | 00,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 23:50:12 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 23:50:00 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 23:49:07 | 00,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 23:48:57 | 00,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 23:47:54 | 00,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/11/23 08:43:30 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/23 08:43:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/23 08:43:28 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/09/09 17:07:36 | 04,813,824 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/06/03 06:20:54 | 03,100,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 18:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 18:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 18:40:58 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer)
DRV - [2008/04/13 18:40:26 | 00,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008/04/13 16:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/09 14:38:30 | 00,031,616 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tileproxy.sys -- (Tileproxy)
DRV - [2007/11/16 10:55:00 | 00,165,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/05 10:19:26 | 00,035,200 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2007/10/05 10:19:26 | 00,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2007/05/01 16:04:28 | 00,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH0486.sys -- (SaiH0486)
DRV - [2007/03/08 22:18:00 | 00,008,320 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\grmnusb.sys -- (grmnusb)
DRV - [2007/03/07 23:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/10/21 12:05:56 | 00,021,376 | ---- | M] (DAVICOM Semiconductor, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZT6688.sys -- (ZT6688)
DRV - [2006/10/12 13:49:51 | 00,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2006/09/06 06:12:34 | 00,006,784 | ---- | M] (Micro Innovations) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/01/04 17:46:10 | 00,011,136 | ---- | M] (Genesys Logic) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fixustor.sys -- (FIXUSTOR)
DRV - [2005/10/05 15:57:08 | 00,012,544 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/09/29 17:01:51 | 00,066,048 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005/08/28 21:04:04 | 00,044,032 | ---- | M] (Reality XP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rxpvbus.sys -- (rxpvbus)
DRV - [2005/08/10 14:06:28 | 00,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005/08/10 12:44:04 | 00,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/07/22 11:02:12 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 11:01:10 | 00,231,168 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/07/22 11:01:00 | 00,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/05/16 13:20:39 | 00,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/01/31 10:20:04 | 00,211,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005/01/07 16:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/12/22 09:28:20 | 00,104,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2003/11/13 17:17:00 | 01,042,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/12/10 17:56:52 | 00,259,584 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV506AV.SYS -- (LV506AV) Logitech QuickCam Cordless(PID_0430)
DRV - [2002/12/10 17:52:02 | 00,035,328 | ---- | M] (Logitech Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\LVSound2.sys -- (lusbaudio)
DRV - [2002/11/18 15:51:40 | 00,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2002/06/10 14:21:02 | 00,010,254 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVBULK.sys -- (LVBulk)
DRV - [2002/06/10 07:24:38 | 00,220,079 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV551AV.sys -- (PID_0900_V) Logitech ClickSmart 310(PID_0900_V)
DRV - [2002/06/10 07:20:12 | 00,012,112 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:02:32 | 00,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3069503073-2611073265-3339622535-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
IE - HKU\S-1-5-21-3069503073-2611073265-3339622535-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKU\S-1-5-21-3069503073-2611073265-3339622535-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3069503073-2611073265-3339622535-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3069503073-2611073265-3339622535-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3069503073-2611073265-3339622535-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3069503073-2611073265-3339622535-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC C3 3F 12 11 7C CA 01 [binary data]
IE - HKU\S-1-5-21-3069503073-2611073265-3339622535-1007\S-1-5-21-3069503073-2611073265-3339622535-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3069503073-2611073265-3339622535-1007\S-1-5-21-3069503073-2611073265-3339622535-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.order.2: "Google"
FF - prefs.js..browser.startup.homepage: "http://uk.foxstart.com/?rls=en:uk:mb"
FF - prefs.js..extensions.enabledItems: updater@foxstart.com:1.1.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/22 17:36:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/22 17:36:04 | 00,000,000 | ---D | M]

[2009/12/22 17:36:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Mozilla\Extensions
[2009/07/02 17:10:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2009/12/29 10:27:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Mozilla\Firefox\Profiles\z0dxo51i.default\extensions
[2009/12/22 17:36:04 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/22 17:36:04 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\updater@foxstart.com
[2009/12/18 19:27:46 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/12/18 19:27:46 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/12/18 19:27:46 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/12/18 19:27:46 | 00,002,014 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\foxstart.xml
[2009/12/18 19:27:46 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (801 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 q4master.idsoftware.com #block q4server
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-3069503073-2611073265-3339622535-1007\..\Toolbar\WebBrowser: (no name) - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - No CLSID value found.
O3 - HKU\S-1-5-21-3069503073-2611073265-3339622535-1007\..\Toolbar\WebBrowser: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found.
O3 - HKU\S-1-5-21-3069503073-2611073265-3339622535-1007\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [FLMK08KB] C:\Program Files\Multimedia Keyboard\KBDAP32A.EXE ()
O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe ()
O4 - HKLM..\Run: [PC Pitstop Optimize Reminder] C:\Program Files\PCPitstop\Optimize3\Reminder-Optimize3.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-3069503073-2611073265-3339622535-1007..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3069503073-2611073265-3339622535-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3069503073-2611073265-3339622535-1007\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3069503073-2611073265-3339622535-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3069503073-2611073265-3339622535-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-3069503073-2611073265-3339622535-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = EF FF FF 03 [binary data]
O7 - HKU\S-1-5-21-3069503073-2611073265-3339622535-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-21-3069503073-2611073265-3339622535-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKU\S-1-5-21-3069503073-2611073265-3339622535-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-21-3069503073-2611073265-3339622535-1007_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3069503073-2611073265-3339622535-1007_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 92 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 92 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 93 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 93 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3069503073-2611073265-3339622535-1007\..Trusted Domains: 4818 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://129.210.52.139/activex/AMC.cab (AxisMediaControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Documents) - File not found
O20 - HKLM Winlogon: UIHost - (and) - File not found
O20 - HKLM Winlogon: UIHost - (Settings\All) - File not found
O20 - HKLM Winlogon: UIHost - (Users\Application) - File not found
O20 - HKLM Winlogon: UIHost - (Data\TuneUp) - File not found
O20 - HKLM Winlogon: UIHost - (Software\TuneUp) - File not found
O20 - HKLM Winlogon: UIHost - (Utilities\WinStyler\tu_logonui.exe) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\System32\ZWebAuth.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/30 16:33:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{dce672c2-67bc-11dc-b1f7-009096300101}\Shell - "" = AutoRun
O33 - MountPoints2\{dce672c2-67bc-11dc-b1f7-009096300101}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173478272663552)

========== Files/Folders - Created Within 30 Days ==========

[2009/12/31 14:06:11 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\OTL.exe
[2009/12/30 14:14:00 | 00,490,064 | ---- | C] (PC Pitstop ) -- C:\Documents and Settings\ME\Desktop\optimize3-setup-0002.exe
[2009/12/26 17:22:20 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/12/24 10:16:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2009/12/22 17:33:56 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/12/22 17:33:56 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/22 17:33:56 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/12/22 17:33:56 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/12/22 17:33:56 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/12/22 15:27:43 | 00,053,136 | ---- | C] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll
[2009/12/22 15:27:42 | 00,047,408 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2009/12/22 15:27:42 | 00,030,280 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2009/12/22 15:27:41 | 00,024,496 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2009/12/22 15:27:41 | 00,000,000 | ---D | C] -- C:\Program Files\Prevx
[2009/12/22 15:27:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2009/12/22 14:25:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Desktop\RootkitBuster_2.80.1077
[2009/12/22 14:22:53 | 00,532,480 | ---- | C] (Trend Micro Incorporated) -- C:\Documents and Settings\ME\Desktop\cwshredder.exe
[2009/12/22 14:19:49 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2009/12/21 10:57:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Desktop\PCI-8738-090401-8.17.34(XP3264-LO-01)
[2009/12/18 18:05:41 | 19,666,944 | ---- | C] (Macrovision Corporation) -- C:\Documents and Settings\ME\Desktop\AirshowPilotDemo.exe
[2009/12/17 18:16:31 | 00,765,952 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System\crlds3d.dll
[2009/12/17 18:16:31 | 00,712,704 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\Audio3D.dll
[2009/12/17 18:16:31 | 00,377,358 | ---- | C] (C-Media Inc) -- C:\WINDOWS\System32\drivers\cmaudio.sys
[2009/12/17 18:16:31 | 00,032,768 | ---- | C] (C-Media Corporation) -- C:\WINDOWS\System32\cmnprop.dll
[2009/12/17 18:16:19 | 01,818,624 | ---- | C] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe
[2009/12/17 18:16:16 | 00,139,264 | ---- | C] (C-Media Electronics Inc.) -- C:\WINDOWS\cmuninst.exe
[2009/12/16 17:42:39 | 00,343,040 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\TFC.exe
[2009/12/15 16:42:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Application Data\Tific
[2009/12/15 16:42:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/12/15 16:42:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/12/13 16:53:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/12/13 16:53:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/13 16:41:54 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/12/13 16:41:53 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/12/13 16:41:52 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/12/13 16:41:51 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/12/13 16:41:50 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/12/13 16:41:50 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/12/13 16:41:50 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/12/13 16:41:50 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/12/13 16:41:32 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/12/13 16:41:30 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/12/13 16:21:36 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2009/12/13 15:14:26 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2009/12/13 14:37:39 | 00,407,680 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\ME\Desktop\aswclnr.exe
[2009/12/13 14:16:15 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/13 14:16:15 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/13 09:55:59 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/12/11 16:38:55 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/12/09 19:01:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\My Documents\Downloads
[2009/12/06 15:31:54 | 01,839,496 | ---- | C] (Trend Micro) -- C:\Documents and Settings\ME\Desktop\HousecallLauncher.exe
[2009/11/11 10:19:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/09/16 08:32:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2009/08/02 00:00:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/04/11 12:03:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/02/08 15:15:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/02/03 11:13:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2007/02/17 00:01:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2006/03/01 14:54:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/03/01 14:53:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2006/03/01 14:53:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help

========== Files - Modified Within 30 Days ==========

[2009/12/31 14:06:12 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\OTL.exe
[2009/12/31 08:33:53 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/12/31 08:31:03 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/31 08:30:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/31 08:30:43 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/30 21:51:47 | 15,466,496 | ---- | M] () -- C:\Documents and Settings\ME\ntuser.dat
[2009/12/30 21:51:47 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\ME\ntuser.ini
[2009/12/30 21:51:42 | 16,072,516 | -H-- | M] () -- C:\Documents and Settings\ME\Local Settings\Application Data\IconCache.db
[2009/12/30 18:19:10 | 00,239,144 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/30 14:14:02 | 00,490,064 | ---- | M] (PC Pitstop ) -- C:\Documents and Settings\ME\Desktop\optimize3-setup-0002.exe
[2009/12/26 17:24:50 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/23 20:50:23 | 00,042,767 | ---- | M] () -- C:\Documents and Settings\ME\Desktop\jadwiga.jpg
[2009/12/23 16:45:37 | 03,282,260 | ---- | M] () -- C:\Documents and Settings\ME\Desktop\Tomos 061.jpg
[2009/12/22 17:33:44 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/12/22 17:33:44 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/22 17:33:44 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/12/22 17:33:44 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/12/22 17:33:44 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/12/22 15:33:05 | 00,053,136 | ---- | M] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll
[2009/12/22 15:33:04 | 00,047,408 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2009/12/22 15:33:04 | 00,030,280 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2009/12/22 15:33:04 | 00,024,496 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2009/12/22 15:32:55 | 00,000,161 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/12/22 14:22:53 | 00,532,480 | ---- | M] (Trend Micro Incorporated) -- C:\Documents and Settings\ME\Desktop\cwshredder.exe
[2009/12/18 18:05:43 | 19,666,944 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\ME\Desktop\AirshowPilotDemo.exe
[2009/12/18 17:14:33 | 01,340,416 | ---- | M] () -- C:\Documents and Settings\ME\Desktop\Scrap.shs
[2009/12/18 09:28:30 | 00,000,101 | ---- | M] () -- C:\WINDOWS\CMMIXER.INI
[2009/12/18 09:18:30 | 00,000,025 | ---- | M] () -- C:\WINDOWS\mixerdef.ini
[2009/12/17 18:20:50 | 00,000,092 | ---- | M] () -- C:\WINDOWS\CMISETUP.INI
[2009/12/17 18:20:50 | 00,000,026 | ---- | M] () -- C:\WINDOWS\CMCDPLAY.INI
[2009/12/17 18:19:34 | 14,298,400 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/12/17 18:19:34 | 00,706,080 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/12/17 18:19:34 | 00,193,568 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/12/17 18:19:34 | 00,067,244 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/12/17 13:02:04 | 00,007,433 | ---- | M] () -- C:\Documents and Settings\ME\Desktop\message.png
[2009/12/16 17:42:39 | 00,343,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\TFC.exe
[2009/12/13 16:41:50 | 00,002,639 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/12/13 14:37:45 | 00,407,680 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\ME\Desktop\aswclnr.exe
[2009/12/13 12:13:22 | 00,001,941 | ---- | M] () -- C:\rollback.ini
[2009/12/09 10:23:57 | 00,523,844 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/09 10:23:57 | 00,442,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/09 10:23:57 | 00,071,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/06 15:32:27 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\ME\Local Settings\Application Data\housecall.guid.cache
[2009/12/06 15:32:00 | 01,839,496 | ---- | M] (Trend Micro) -- C:\Documents and Settings\ME\Desktop\HousecallLauncher.exe
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/03 14:30:16 | 00,000,194 | ---- | M] () -- C:\WINDOWS\X84-X85_DS.ini

========== Files Created - No Company Name ==========

[2100/02/16 16:09:06 | 00,000,062 | ---- | C] () -- C:\WINDOWS\System32\LXBOUSCI.INI
[2009/12/23 20:50:17 | 00,042,767 | ---- | C] () -- C:\Documents and Settings\ME\Desktop\jadwiga.jpg
[2009/12/23 16:45:36 | 03,282,260 | ---- | C] () -- C:\Documents and Settings\ME\Desktop\Tomos 061.jpg
[2009/12/17 18:26:21 | 00,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2009/12/17 18:16:20 | 00,039,104 | ---- | C] () -- C:\WINDOWS\cmijack.dat
[2009/12/17 18:16:20 | 00,022,178 | ---- | C] () -- C:\WINDOWS\cmaudio.dat
[2009/12/17 13:02:04 | 00,007,433 | ---- | C] () -- C:\Documents and Settings\ME\Desktop\message.png
[2009/12/13 16:41:32 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/12/13 14:21:35 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/12/13 09:30:41 | 00,001,941 | ---- | C] () -- C:\rollback.ini
[2009/12/12 20:54:22 | 14,298,400 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/12/12 20:54:22 | 00,706,080 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/12/12 20:54:22 | 00,193,568 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/12/12 20:54:22 | 00,067,244 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/12/06 15:32:27 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\ME\Local Settings\Application Data\housecall.guid.cache
[2009/11/11 22:20:02 | 00,130,400 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/27 15:42:29 | 00,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/07/17 11:42:53 | 00,004,820 | ---- | C] () -- C:\Program Files\qexdb.txt
[2009/06/26 14:20:31 | 00,000,048 | ---- | C] () -- C:\Documents and Settings\ME\Local Settings\Application Data\mm-device-08.ini
[2009/06/26 14:20:12 | 00,000,597 | ---- | C] () -- C:\WINDOWS\{A7A59CB1-5FAE-42A1-B335-17B1C942B43E}_WiseFW.ini
[2008/12/20 10:00:14 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/12/10 10:15:04 | 00,000,038 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\3dsignal_Winter Train_cfg
[2008/12/02 11:25:10 | 00,000,230 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2008/11/10 13:40:41 | 00,001,205 | ---- | C] () -- C:\WINDOWS\tbs_bna.ini
[2008/11/10 13:40:26 | 00,000,009 | ---- | C] () -- C:\WINDOWS\tbs_job.ini
[2008/11/10 13:40:24 | 00,002,324 | ---- | C] () -- C:\WINDOWS\tbs_quiz.ini
[2008/11/10 13:40:24 | 00,001,033 | ---- | C] () -- C:\WINDOWS\tbs_juke.ini
[2008/11/10 13:40:24 | 00,000,009 | ---- | C] () -- C:\WINDOWS\tbs_tbh.ini
[2008/11/10 13:40:22 | 00,000,801 | ---- | C] () -- C:\WINDOWS\tbs_bows.ini
[2008/11/10 13:40:19 | 00,000,744 | ---- | C] () -- C:\WINDOWS\tbs_ss.ini
[2008/11/10 13:40:15 | 00,000,040 | ---- | C] () -- C:\WINDOWS\tbs_menu.ini
[2008/08/24 15:13:32 | 01,380,403 | ---- | C] () -- C:\WINDOWS\System32\avgsdk.dll
[2008/08/09 12:13:12 | 00,000,080 | RHS- | C] () -- C:\WINDOWS\System32\A09E64B1A5.dll
[2008/07/04 18:16:43 | 00,001,346 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2008/04/24 09:45:44 | 00,000,144 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2008/04/23 13:28:32 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\ME\Application Data\SAS7_000.DAT
[2008/04/21 14:12:02 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/04/05 15:35:00 | 00,000,027 | ---- | C] () -- C:\WINDOWS\SonySNCP1.ini
[2008/04/05 09:46:32 | 00,004,810 | ---- | C] () -- C:\WINDOWS\System32\Mapx16w6.dll
[2008/03/10 18:10:31 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/03/09 14:27:57 | 00,012,800 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Svclog.log
[2008/03/01 20:41:49 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/02/04 17:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/20 21:26:46 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/01/20 21:26:46 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2008/01/20 21:26:14 | 00,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/01/20 21:21:06 | 03,109,376 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/01/20 21:21:06 | 00,662,016 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/20 21:21:04 | 00,507,392 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/01/20 21:21:04 | 00,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2008/01/20 21:21:04 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2008/01/20 21:21:04 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/01/20 21:21:04 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2008/01/20 21:21:04 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2008/01/20 21:21:04 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/01/20 21:21:04 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2008/01/20 21:21:04 | 00,081,408 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2008/01/20 21:21:04 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2008/01/20 21:21:04 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2008/01/20 21:21:04 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/01/20 21:21:04 | 00,008,192 | ---- | C] () -- C:\WINDOWS\System32\FLT_ffdshow.dll
[2008/01/20 21:07:00 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/01/01 00:00:00 | 00,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2008/01/01 00:00:00 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/12/31 18:19:27 | 00,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2007/12/31 18:17:18 | 00,028,179 | ---- | C] () -- C:\WINDOWS\cmijack.ini
[2007/12/31 18:17:18 | 00,003,360 | R--- | C] () -- C:\WINDOWS\cmiainfo.sys
[2007/12/31 18:17:17 | 00,018,287 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2007/12/31 18:17:10 | 00,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2007/12/31 18:17:10 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2007/12/29 00:04:02 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2007/12/29 00:04:00 | 00,245,248 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2007/12/29 00:03:56 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2007/12/29 00:03:48 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2007/12/29 00:03:48 | 00,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2007/12/29 00:03:46 | 00,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2007/12/29 00:03:46 | 00,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2007/12/29 00:03:40 | 00,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2007/12/29 00:03:38 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2007/12/29 00:03:34 | 00,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2007/12/29 00:03:34 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2007/07/23 11:40:54 | 00,000,051 | ---- | C] () -- C:\Documents and Settings\ME\Local Settings\Application Data\setup.txt
[2007/06/28 18:54:10 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/05/01 16:04:28 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiC0486_11.dll
[2007/02/26 15:13:34 | 06,963,712 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll
[2007/02/26 15:13:34 | 00,452,608 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll
[2007/02/26 15:13:32 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\videocore.dll
[2006/12/07 18:43:58 | 00,000,161 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/06 21:30:55 | 00,000,403 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/12/06 15:23:12 | 00,000,282 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2006/11/06 14:30:38 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/10/26 15:56:00 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/10/26 15:55:59 | 00,000,116 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/08/02 16:50:59 | 00,000,352 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/06/07 08:23:18 | 00,356,352 | ---- | C] () -- C:\WINDOWS\System32\GPLPatchDLL.dll
[2006/03/28 10:51:48 | 00,000,535 | ---- | C] () -- C:\WINDOWS\SGREP32.INI
[2006/03/28 10:48:36 | 00,001,630 | ---- | C] () -- C:\WINDOWS\Payroll.INI
[2006/03/28 10:41:55 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2006/03/28 10:41:39 | 00,270,336 | ---- | C] () -- C:\WINDOWS\System32\SGLIST32.DLL
[2006/03/28 10:41:39 | 00,233,472 | ---- | C] () -- C:\WINDOWS\System32\SGLCH32.DLL
[2006/03/28 10:41:39 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHELP32.DLL
[2006/03/28 10:41:39 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGINTL32.DLL
[2006/03/28 10:41:39 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAPPBAR.DLL
[2006/03/28 10:41:39 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.DLL
[2006/03/28 10:41:39 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLOGO32.DLL
[2006/03/28 10:41:38 | 01,572,864 | ---- | C] () -- C:\WINDOWS\System32\SGREP32.DLL
[2006/03/28 10:41:38 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\SGTOOL32.DLL
[2006/03/28 10:41:38 | 00,241,664 | ---- | C] () -- C:\WINDOWS\System32\SGCDLG32.DLL
[2006/03/28 10:41:38 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\SGTBAR32.DLL
[2006/03/28 10:41:38 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\SGCOM32.DLL
[2006/03/28 10:41:38 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDT32.DLL
[2006/03/28 10:41:38 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGSTAT32.DLL
[2006/03/04 20:18:41 | 00,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2006/02/24 14:22:22 | 00,004,672 | ---- | C] () -- C:\WINDOWS\System32\LXBOUSCI.DLL
[2006/02/21 22:16:01 | 00,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/02/19 17:55:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/02/19 11:05:35 | 00,159,232 | ---- | C] () -- C:\Documents and Settings\ME\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/18 00:00:45 | 00,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2006/02/17 23:59:49 | 00,294,912 | ---- | C] () -- C:\WINDOWS\System32\liplW7.dll
[2006/02/17 23:59:49 | 00,290,816 | ---- | C] () -- C:\WINDOWS\System32\liplA6.dll
[2006/02/17 23:59:49 | 00,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplPX.dll
[2006/02/17 23:59:49 | 00,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplP6.dll
[2006/02/17 23:59:49 | 00,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplM6.dll
[2006/02/17 23:59:49 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\lipl.dll
[2006/02/17 22:25:04 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2006/02/17 21:29:11 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/02/17 21:10:23 | 00,005,187 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/02/17 21:06:57 | 00,000,125 | ---- | C] () -- C:\Documents and Settings\ME\Local Settings\Application Data\fusioncache.dat
[2006/01/17 18:08:10 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiC0486_0402.dll
[2006/01/17 18:08:08 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiC0486_0C.dll
[2006/01/17 18:08:08 | 00,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0486_10.dll
[2006/01/17 18:08:06 | 00,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0486_0A.dll
[2006/01/17 18:08:06 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiC0486_09.dll
[2006/01/17 18:08:04 | 00,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0486_07.dll
[2006/01/17 18:01:14 | 01,925,120 | ---- | C] () -- C:\WINDOWS\System32\SaiC0486.Dll
[2005/11/30 17:23:36 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/30 17:12:36 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/30 17:12:36 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/30 17:12:36 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/30 17:12:36 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/30 17:12:36 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/30 17:12:36 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/30 17:12:24 | 00,000,484 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/30 17:02:14 | 00,000,826 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/30 16:35:24 | 00,000,828 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/30 01:04:01 | 00,056,880 | ---- | C] () -- C:\WINDOWS\System32\scvideo.dll
[2005/08/31 07:42:24 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\dfltchk2.dll
[2005/08/28 21:04:04 | 00,001,257 | ---- | C] () -- C:\WINDOWS\GARMINWT.INI
[2005/02/05 19:46:00 | 00,004,608 | ---- | C] () -- C:\WINDOWS\fgexec.dll
[2004/08/18 13:00:00 | 00,035,328 | -H-- | C] () -- C:\WINDOWS\System32\msls50.dll
[2004/03/26 21:49:10 | 04,055,040 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll
[2003/07/15 00:57:20 | 00,031,744 | ---- | C] () -- C:\WINDOWS\System32\flt1chk2.dll
[2002/09/19 03:40:16 | 00,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2002/09/19 03:13:13 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\lxboBCE.DLL
[2002/09/19 03:13:11 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\lxboICO.DLL
[2002/09/10 15:10:05 | 00,495,616 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002/06/11 08:34:09 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\lxbo2kui.dll
[2002/06/11 08:33:54 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\lxbo2kpm.dll
[2002/06/07 12:59:15 | 00,000,194 | ---- | C] () -- C:\WINDOWS\X84-X85_DS.ini
[2001/08/24 19:17:59 | 00,001,369 | ---- | C] () -- C:\WINDOWS\Lexmark_ICM.ini
[2000/10/24 09:08:36 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/10/24 09:08:33 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1999/03/22 01:00:00 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1999/01/27 13:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1998/08/16 05:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1997/06/13 07:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/31 15:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe


< MD5 for: AGP440.SYS >
[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\recover\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\recover\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 12:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\recover\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\recover\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 12:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 12:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\recover\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 12:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\recover\WINDOWS\system32\eventlog.dll
[2004/08/04 12:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\recover\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\recover\WINDOWS\system32\netlogon.dll
[2004/08/04 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 12:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\recover\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 12:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\recover\WINDOWS\system32\scecli.dll
[2004/08/04 12:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:562E6495
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:861A898F
< End of report >


OTL Extras logfile created on: 31/12/2009 14:06:42 - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\ME\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 93.23 Gb Free Space | 62.55% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 60.22 Gb Free Space | 40.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ME
Current User Name: ME
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3069503073-2611073265-3339622535-1007\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"SerialNumber" = A109A-K13-3ZXD-BAP5-TE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"2275:TCP" = 2275:TCP:*:Enabled:Services
"8478:TCP" = 8478:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"8000:UDP" = 8000:UDP:*:Disabled:Express Talk RTP Incoming Audio (UDP)
"8001:UDP" = 8001:UDP:*:Disabled:Express Talk RTP Incoming Audio (UDP)
"8002:UDP" = 8002:UDP:*:Disabled:Express Talk RTP Incoming Audio (UDP)
"8003:UDP" = 8003:UDP:*:Disabled:Express Talk RTP Incoming Audio (UDP)
"3389:TCP" = 3389:TCP:*:Disabled:Remote Desktop

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Outlook Express\msimn.exe" = C:\Program Files\Outlook Express\msimn.exe:*:Enabled:Outlook Express -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Disabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\Bridge Base Online\NetBridgeVu.exe" = C:\Bridge Base Online\NetBridgeVu.exe:*:Enabled:Bridge Base Online -- ()
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Disabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\GPL 2004 DEMO\gpl.exe" = C:\Program Files\GPL 2004 DEMO\gpl.exe:*:Disabled:Grand Prix Legends -- (Sierra On-Line Inc.
Bellevue, WA 98007)
"C:\Program Files\Tesco internet phone\TescoIP.exe" = C:\Program Files\Tesco internet phone\TescoIP.exe:*:Disabled:TescoIP -- ()
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player -- ()
"C:\Program Files\GPL 2004 DEMO\gplc66.exe" = C:\Program Files\GPL 2004 DEMO\gplc66.exe:*:Disabled:Grand Prix Legends -- (Sierra On-Line Inc.
Bellevue, WA 98007)
"C:\Program Files\GPLSecrets\iGOR\iGOR.exe" = C:\Program Files\GPLSecrets\iGOR\iGOR.exe:*:Disabled:iGOR -- ()
"C:\Documents and Settings\ME\Desktop\RarSFX0\iGOR\iGOR.exe" = C:\Documents and Settings\ME\Desktop\RarSFX0\iGOR\iGOR.exe:*:Disabled:iGOR -- ()
"C:\Program Files\VROC\WinVROC\WinVROC.exe" = C:\Program Files\VROC\WinVROC\WinVROC.exe:*:Disabled:Main WinVROC Module -- (Lawrence L. Holbert)
"C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe" = C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe:*:Disabled:Microsoft Flight Simulator -- (Microsoft Corp.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Disabled:Delivery Manager Service -- (Kontiki Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Disabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\Memory-Map\OS-5\showmmcrypt.exe" = C:\Program Files\Memory-Map\OS-5\showmmcrypt.exe:*:Disabled:License-Managed Data Viewer -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- (Lime Wire, LLC)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Disabled:Logitech Vid -- (Logitech Inc.)
"C:\Program Files\Memory-Map\OS-5\MMNav.exe" = C:\Program Files\Memory-Map\OS-5\MMNav.exe:*:Disabled:Memory-Map -- (Memory-Map, Inc)
"C:\Program Files\Memory-Map\OS-5\mm3d.exe" = C:\Program Files\Memory-Map\OS-5\mm3d.exe:*:Disabled:Memory-Map 3D -- (Memory-Map, Inc)
"C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" = C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:*:Disabled:VoipBuster -- (VoipBuster)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Disabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08E4AE58-748D-4983-9B8A-495E2341769F}" = Garmin POI Loader
"{1116FD69-3C49-BE9A-C206-E8BA26CCA10F}" = CCC Help English
"{16FE2579-06B2-3E32-58F2-4B70B69A3070}" = ccc-core-preinstall
"{1EB21F28-E3AF-A317-4658-6C0C455C2F61}" = Catalyst Control Center Core Implementation
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2F4AF40B-433A-494E-BB41-816D113F32BA}" = aerosoft's - Mega Airport London Heathrow X
"{2FD177C0-A752-11DC-8314-0800200C9A66}" = Windows Live SkyDrive Upload Tool
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46D9C523-FABB-FFF1-321D-F493A68E2C3E}" = Catalyst Control Center Graphics Previews Common
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{57D32909-FCA8-A78B-2AD2-2A50F5E11858}" = ccc-core-static
"{57EA735B-4F1D-9FC5-6A36-B0C0F1D704FE}" = Catalyst Control Center Graphics Light
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{62369F2F77534556AEF4C58152E3BDE5}" =
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{784E6B0F-00EC-4950-95A2-BBA64F44EC48}" = Camtasia Studio 5
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{888D0F50-FF0A-4808-966E-23D63277BF2A}" = Intel® Network Connections 12.4.38.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C4EADB1-43EC-44CE-8C06-897785D5B9DF}" = VFR Real Scenery vol3 demo
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{98FDC595-92B3-48D5-80D6-FE7AABD9191B}_is1" = Weather Watcher Live
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A7894110-9C15-43EF-89E9-060363290188}" = Samsung PC Studio
"{A7A59CB1-5FAE-42A1-B335-17B1C942B43E}" = Memory-Map OS Edition Version 5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B56D25A0-1316-4255-AB45-1147C9D01C5E}" = Aerosoft's - MonacoX
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEA18030-8B42-1286-EF64-CDA6BD083888}" = BBC iPlayer Desktop
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{C82185E8-C27B-4EF4-2007-3333BC2C2B6D}" = Microsoft AutoRoute 2007
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{D52B286A-BB3A-436B-A41A-8E1475DE5E06}" = Abacus Fighter Pilot 2 for FSX
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8320DD6-FE47-41DE-B116-4158B7AE3F37}" = ACDSee for PENTAX 2.0
"{D88857C8-B36B-42CE-AC26-9FFFEEDB181A}" = RssReader
"{DA46AA5F-4934-4DAC-94E4-7D84AD9A4090}" = Project Canarias 2006
"{DC6CD4F8-6AF8-4B47-A25A-9D9560D3845E}" = Saitek SD6 Programming Software 6.0.10.7
"{DE31F8AA-B12D-3A38-E561-C657EED45465}" = Catalyst Control Center Graphics Full Existing
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E54F101A-F272-4ADE-B095-296121486D68}" = Quo v2
"{E6EB53D4-5AD0-07F0-2DAC-0A2D624DF39D}" = ccc-utility
"{E74CC47C-28D3-25E1-14D2-68EBC87C31BA}" = Skins
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" =
"{EF32F291-8B08-43EF-8BAA-58B9F8C9540F}" = aerosoft's - Lukla X - Mount Everest
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1608947-B8A4-4D65-A7B8-8B1D669C0E2C}" = SnagIt 7
"{F251B61F-9D18-13C4-02EE-71A36343D442}" = Catalyst Control Center Graphics Full New
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCDB7BCC-FD7D-43DF-8AA2-6A58EE775B58}" = Platinum Collection Piaggio Avanti for FSX
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"22ea8256-5069-404e-8b08-af0c3889380e_is1" = Tesco Internet Phone
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Alarm_is1" = Alarm 2.0.4
"All ATI Software" = ATI - Software Uninstall Utility
"Ashampoo Photo Optimizer 2_is1" = Ashampoo Photo Optimizer 2.00
"ATI Display Driver" = ATI Display Driver
"AutoSizer" = AutoSizer
"avast!" = avast! Antivirus
"AXIS Media Control" = AXIS Media Control
"BBC iPlayer Download Manager" = BBC iPlayer Download Manager
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"Bink and Smacker" = Bink and Smacker
"Branding" =
"Bridge Squeezes Complete" = Bridge Squeezes Complete
"Bridge_Base_Online" = Bridge Base Online
"Bridge_Base_Online_Update_-_November_2008" = Bridge Base Online Update - November 2008
"Browser Mouse" = Browser Mouse
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"Connection Manager" =
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"ExpressBurn" = Express Burn
"ExpressRip" = Express Rip
"FLAC" = FLAC Installer 1.1.2a (remove only)
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"FLVPlayer" = FLV Player 1.3.3
"FS2004 EGNL Walney Island Airfield" = FS2004 EGNL Walney Island Airfield
"Game Booster_is1" = Game Booster
"GPL 2004 DEMO" = GPL 2004 DEMO
"GTK 2.0" = GTK+ Runtime 2.12.1 rev b (remove only)
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield Uninstall Information" =
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"Jeff's Birding Database v3.2" = Jeff's Birding Database v3.2
"Kantar's Test Your Play" = Kantar's Test Your Play
"LFRD2004 St-Malo Dinard Pleurtuit" = LFRD2004 St-Malo Dinard Pleurtuit
"LimeWire" = LimeWire PRO 4.14.10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maps2Bgl_X_is1" = Maps2Bgl 2.6 Beta FSX-Version
"Media Player - Codec Pack" = Media Player Codec Pack 2.1.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Interactive Training" =
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"Multimedia Keyboard" = Multimedia Keyboard
"My_Favorite_52_Demo_Version_By_Larry_Cohen" = My Favorite 52 Demo Version By Larry Cohen
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroVision!UninstallKey" = Nero Digital
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVEContent!UninstallKey" = NeroVision Express Content
"OpenAL" = OpenAL
"PC Pitstop Optimize3_is1" = PC Pitstop Optimize3 3.0
"PCHealth" =
"PCI Audio Driver" = PCI Audio Driver
"PCSI" = Prevx
"Project Canarias 2006" =
"QcDrv" = Logitech Camera Driver
"RadarSync" = RadarSync
"RealAlt_is1" = Real Alternative 1.52
"Recordpad" = Recordpad
"rFactor" = rFactor (remove only)
"Songbird-release-1146" = Songbird 1.2.0 (Build 1146)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"Spotify" = Spotify
"ST6UNST #1" = GPL Race Engineer
"Switch" = Switch Sound File Converter
"SystemRequirementsLab" = System Requirements Lab
"Talk" = Express Talk
"Tesco internet phone_is1" = Tesco internet phone
"The Tracker! Ver. 3.0" = The Tracker! Ver. 3.0
"TileProxy" = The TileProxy Project for Microsoft FSX/2004/2002
"ToolBox" = NCH Toolbox
"Valex AC3-DTS codec" = Valex AC3-DTS codec (remove only)
"VLC media player" = VLC media player 0.9.8
"VoipBuster_is1" = VoipBuster
"WavePad" = WavePad Sound Editor
"WIC" = Windows Imaging Component
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPatrol" = WinPatrol 2008
"WinRAR archiver" = WinRAR archiver
"WinVROC" = WinVROC
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD" = XviD MPEG-4 Codec
"Xvid_is1" = Xvid 1.1.2 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3069503073-2611073265-3339622535-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"EGCW Welshpool" = EGCW Welshpool
"EGNL Barrow - Walney Island" = EGNL Barrow - Walney Island
"EGSC Cambridge" = EGSC Cambridge
"EGSH Norwich Airport" = EGSH Norwich Airport
"RAF Shawbury, Ternhill and EGCV Sleap" = RAF Shawbury, Ternhill and EGCV Sleap

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29/12/2009 17:28:34 | Computer Name = ME | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0xc63130a7.

Error - 30/12/2009 06:25:52 | Computer Name = ME | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 30/12/2009 06:41:56 | Computer Name = ME | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0xc5e730a7.

Error - 30/12/2009 06:45:11 | Computer Name = ME | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0xc60130a7.

Error - 30/12/2009 13:00:40 | Computer Name = ME | Source = Application Error | ID = 1000
Description = Faulting application iobitupdate.exe, version 1.0.0.257, faulting
module rtl70.bpl, version 7.0.4.453, fault address 0x00008e2e.

Error - 30/12/2009 13:00:46 | Computer Name = ME | Source = Application Error | ID = 1000
Description = Faulting application iobitupdate.exe, version 1.0.0.257, faulting
module rtl70.bpl, version 7.0.4.453, fault address 0x00008e2e.

Error - 30/12/2009 13:00:50 | Computer Name = ME | Source = Application Error | ID = 1000
Description = Faulting application iobitupdate.exe, version 1.0.0.257, faulting
module rtl70.bpl, version 7.0.4.453, fault address 0x00008e2e.

Error - 30/12/2009 13:00:53 | Computer Name = ME | Source = Application Error | ID = 1000
Description = Faulting application iobitupdate.exe, version 1.0.0.257, faulting
module rtl70.bpl, version 7.0.4.453, fault address 0x00008e2e.

Error - 30/12/2009 13:00:56 | Computer Name = ME | Source = Application Error | ID = 1000
Description = Faulting application iobitupdate.exe, version 1.0.0.257, faulting
module rtl70.bpl, version 7.0.4.453, fault address 0x00008e2e.

Error - 30/12/2009 13:01:12 | Computer Name = ME | Source = Application Error | ID = 1000
Description = Faulting application iobitupdate.exe, version 1.0.0.257, faulting
module rtl70.bpl, version 7.0.4.453, fault address 0x00008e2e.

[ System Events ]
Error - 30/12/2009 05:41:02 | Computer Name = ME | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 001AEE0048E2 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 30/12/2009 05:41:18 | Computer Name = ME | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%1058

Error - 30/12/2009 05:41:19 | Computer Name = ME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd sptd

Error - 30/12/2009 06:46:50 | Computer Name = ME | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%1058

Error - 30/12/2009 06:46:52 | Computer Name = ME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd sptd

Error - 30/12/2009 14:19:31 | Computer Name = ME | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%1058

Error - 30/12/2009 14:19:34 | Computer Name = ME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd sptd

Error - 31/12/2009 04:30:44 | Computer Name = ME | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 001AEE0048E2 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 31/12/2009 04:31:00 | Computer Name = ME | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%1058

Error - 31/12/2009 04:31:02 | Computer Name = ME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd sptd


< End of report >

Good luck and Happy New Year.

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:33 PM

Posted 31 December 2009 - 01:07 PM

Hi freedie,
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Show All
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

unite.jpg


#5 freedie

freedie
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:33 PM

Posted 02 January 2010 - 11:01 AM

Thank you syler; and Happy New Year.

I have had to stop the gmer prog. from running on through files, as it crashes every time (?).

This is the extract I got. I watched it running for hours through files; but it never had any more entires on the log. I noticed that D drive (which I have got) was unticked ... is that important?

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-02 15:54:32
Windows 5.1.2600 Service Pack 3
Running: sr49g1z3.exe; Driver: C:\DOCUME~1\ME\LOCALS~1\Temp\fgldypow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB867A000, 0x198FE0, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-19 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbstor \Device\00000080 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbstor \Device\00000087 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbstor \Device\00000088 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbstor \Device\00000089 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbstor \Device\0000008a sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbstor \Device\0000008b sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x10 0x6C 0xC0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x10 0x6C 0xC0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x10 0x6C 0xC0 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x10 0x6C 0xC0 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x10 0x6C 0xC0 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x10 0x6C 0xC0 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x10 0x6C 0xC0 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x10 0x6C 0xC0 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x10 0x6C 0xC0 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x10 0x6C 0xC0 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x10 0x6C 0xC0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x10 0x6C 0xC0 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x10 0x6C 0xC0 ...

---- EOF - GMER 1.0.15 ----

Good luck and thank you again for all your help.

Edited by freedie, 02 January 2010 - 11:02 AM.


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:33 PM

Posted 02 January 2010 - 05:12 PM

Happy new year to you aswell :(

I noticed that D drive (which I have got) was unticked ... is that important?


No that is fine.

Please tell me in your next reply any problems you are still having.


Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Then

Please click this link-->Virustotal
When the Virustotal page has finished loading, click the Browse button and navigate to the following file and click Submit.

c:\windows\system32\A09E64B1A5.dll

Please post back with the link to the scan results, in your next post.
If Virustotal is busy, try the same at Jotti: http://virusscan.jotti.org/



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [On_Demand | Stopped] -- -- (McAfee SiteAdvisor Service)
    O3 - HKU\S-1-5-21-3069503073-2611073265-3339622535-1007\..\Toolbar\WebBrowser: (no name) - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - No CLSID value found.
    O3 - HKU\S-1-5-21-3069503073-2611073265-3339622535-1007\..\Toolbar\WebBrowser: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found.
    O3 - HKU\S-1-5-21-3069503073-2611073265-3339622535-1007\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)
    O20 - HKLM Winlogon: UIHost - (C:\Documents) - File not found
    O20 - HKLM Winlogon: UIHost - (and) - File not found
    O20 - HKLM Winlogon: UIHost - (Settings\All) - File not found
    O20 - HKLM Winlogon: UIHost - (Users\Application) - File not found
    O20 - HKLM Winlogon: UIHost - (Data\TuneUp) - File not found
    O20 - HKLM Winlogon: UIHost - (Software\TuneUp) - File not found
    O20 - HKLM Winlogon: UIHost - (Utilities\WinStyler\tu_logonui.exe) - File not found
    O33 - MountPoints2\{dce672c2-67bc-11dc-b1f7-009096300101}\Shell - "" = AutoRun
    O33 - MountPoints2\{dce672c2-67bc-11dc-b1f7-009096300101}\Shell\AutoRun - "" = Auto&Play
    [2004/08/18 13:00:00 | 00,035,328 | -H-- | C] () -- C:\WINDOWS\System32\msls50.dll
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "65533:TCP"=-
    "52344:TCP"=-
    "3246:TCP"=-
    "2479:TCP"=-
    "2275:TCP"=-
    "8478:TCP"=-
    :Commands
    [RESETHOSTS]
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

Then please post back here with the following logs:
  • MBAM log
  • Virustotal link
  • OTL results
  • New OTL log
Thanks

unite.jpg


#7 freedie

freedie
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:33 PM

Posted 03 January 2010 - 05:19 AM

Thank you again syler.

My PC now appears to be running much better and my internet connection speed has improved too! The only oddity I can sometimes see is that, using IE8, the address appears on the right of the address bar and not on the left. Odd; but I can live with that! However why this should only sometimes happen is a complete mystery to me. May I now revert to my usual form of regular Disk Cleanups and Defragmentation? Why do I see this in your scans please 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory?

MBAM found no malicious threats.

Virus total and jotti both gave negative results in the (apparently, FYI, MS Flight Simulator file) 0/40 and 0/20

The virustotal link is:-

http://www.virustotal.com/analisis/0493693...81c4-1262508498

The OTL RunFix log is as follows:-

All processes killed
========== OTL ==========
Service McAfee SiteAdvisor Service stopped successfully!
Service McAfee SiteAdvisor Service deleted successfully!
Registry value HKEY_USERS\S-1-5-21-3069503073-2611073265-3339622535-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B24BA06E-FB7B-4757-95C2-DC01125F750E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B24BA06E-FB7B-4757-95C2-DC01125F750E}\ not found.
Registry value HKEY_USERS\S-1-5-21-3069503073-2611073265-3339622535-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{ED4BD629-C1B6-4399-8A34-02CCAA921DC9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED4BD629-C1B6-4399-8A34-02CCAA921DC9}\ not found.
Registry value HKEY_USERS\S-1-5-21-3069503073-2611073265-3339622535-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Toolbars\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch deleted successfully.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:C:\Documents deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:and deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:Settings\All deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:Users\Application deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:Data\TuneUp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:Software\TuneUp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:Utilities\WinStyler\tu_logonui.exe deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dce672c2-67bc-11dc-b1f7-009096300101}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dce672c2-67bc-11dc-b1f7-009096300101}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dce672c2-67bc-11dc-b1f7-009096300101}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dce672c2-67bc-11dc-b1f7-009096300101}\ not found.
C:\WINDOWS\system32\msls50.dll moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\65533:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\52344:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3246:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2479:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2275:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\8478:TCP deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: ME
->Temp folder emptied: 9407147 bytes
->Temporary Internet Files folder emptied: 15279707 bytes
->Java cache emptied: 13 bytes
->FireFox cache emptied: 14117079 bytes
->Opera cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 80012 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 798923 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 38.00 mb


OTL by OldTimer - Version 3.1.20.2 log created on 01032010_085529

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_518.dat moved successfully.

Registry entries deleted on Reboot...


The rescan gave the following:-

OTL logfile created on: 03/01/2010 09:00:53 - Run 1
OTL by OldTimer - Version 3.1.20.2 Folder = C:\Documents and Settings\ME\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 93.18 Gb Free Space | 62.52% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 60.22 Gb Free Space | 40.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ME
Current User Name: ME
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/03 08:54:41 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\OTL.exe
PRC - [2009/12/22 17:33:45 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/12/22 15:33:03 | 06,222,312 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe
PRC - [2009/11/24 23:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 23:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 23:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 23:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 23:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/06/03 03:09:36 | 00,552,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2008/04/14 00:12:28 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/03/28 10:13:35 | 00,380,928 | ---- | M] () -- C:\Program Files\Multimedia Keyboard\KBDAP32A.EXE
PRC - [2006/03/25 11:35:58 | 00,360,448 | ---- | M] () -- C:\Program Files\Browser Mouse\mouse32a.exe


========== Modules (SafeList) ==========

MOD - [2010/01/03 08:54:41 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\OTL.exe
MOD - [2006/03/25 11:35:58 | 00,057,344 | ---- | M] () -- C:\Program Files\Browser Mouse\mouDL32A.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/22 17:33:45 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/12/22 15:33:03 | 06,222,312 | ---- | M] (Prevx) [Auto | Running] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV - [2009/11/24 23:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 23:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 23:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 23:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/03/16 19:37:00 | 02,849,844 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/02/27 17:02:08 | 00,355,584 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/02/03 11:12:48 | 00,133,104 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c985f05e04b7a4) Google Update Service (gupdate1c985f05e04b7a4)
SRV - [2008/06/03 03:09:36 | 00,552,960 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2008/06/02 20:05:00 | 00,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2008/05/29 09:28:54 | 00,028,416 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/02/27 16:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) [On_Demand | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/11/30 16:30:39 | 00,295,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\termsrv32.dll -- (TermService)
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/12/22 15:33:04 | 00,047,408 | ---- | M] (Prevx) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pxrts.sys -- (pxrts)
DRV - [2009/12/22 15:33:04 | 00,030,280 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\pxscan.sys -- (pxscan)
DRV - [2009/12/22 15:33:04 | 00,024,496 | ---- | M] (Prevx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pxkbf.sys -- (pxkbf)
DRV - [2009/11/24 23:50:59 | 00,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 23:50:12 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 23:50:00 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 23:49:07 | 00,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 23:48:57 | 00,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 23:47:54 | 00,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/11/23 08:43:30 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/23 08:43:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/23 08:43:28 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/09/09 17:07:36 | 04,813,824 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/06/03 06:20:54 | 03,100,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 18:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 18:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 18:40:58 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer)
DRV - [2008/04/13 18:40:26 | 00,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008/04/13 16:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/09 14:38:30 | 00,031,616 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tileproxy.sys -- (Tileproxy)
DRV - [2007/11/16 10:55:00 | 00,165,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/05 10:19:26 | 00,035,200 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2007/10/05 10:19:26 | 00,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2007/05/01 16:04:28 | 00,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH0486.sys -- (SaiH0486)
DRV - [2007/03/08 22:18:00 | 00,008,320 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\grmnusb.sys -- (grmnusb)
DRV - [2007/03/07 23:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/10/21 12:05:56 | 00,021,376 | ---- | M] (DAVICOM Semiconductor, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZT6688.sys -- (ZT6688)
DRV - [2006/10/12 13:49:51 | 00,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2006/09/06 06:12:34 | 00,006,784 | ---- | M] (Micro Innovations) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/01/04 17:46:10 | 00,011,136 | ---- | M] (Genesys Logic) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fixustor.sys -- (FIXUSTOR)
DRV - [2005/10/05 15:57:08 | 00,012,544 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/09/29 17:01:51 | 00,066,048 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005/08/28 21:04:04 | 00,044,032 | ---- | M] (Reality XP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rxpvbus.sys -- (rxpvbus)
DRV - [2005/08/10 14:06:28 | 00,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005/08/10 12:44:04 | 00,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/07/22 11:02:12 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 11:01:10 | 00,231,168 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/07/22 11:01:00 | 00,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/05/16 13:20:39 | 00,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/01/31 10:20:04 | 00,211,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005/01/07 16:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/12/22 09:28:20 | 00,104,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2003/11/13 17:17:00 | 01,042,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/12/10 17:56:52 | 00,259,584 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV506AV.SYS -- (LV506AV) Logitech QuickCam Cordless(PID_0430)
DRV - [2002/12/10 17:52:02 | 00,035,328 | ---- | M] (Logitech Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\LVSound2.sys -- (lusbaudio)
DRV - [2002/11/18 15:51:40 | 00,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2002/06/10 14:21:02 | 00,010,254 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVBULK.sys -- (LVBulk)
DRV - [2002/06/10 07:24:38 | 00,220,079 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV551AV.sys -- (PID_0900_V) Logitech ClickSmart 310(PID_0900_V)
DRV - [2002/06/10 07:20:12 | 00,012,112 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:02:32 | 00,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC C3 3F 12 11 7C CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.order.2: "Google"
FF - prefs.js..browser.startup.homepage: "http://uk.foxstart.com/?rls=en:uk:mb"
FF - prefs.js..extensions.enabledItems: updater@foxstart.com:1.1.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/22 17:36:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/22 17:36:04 | 00,000,000 | ---D | M]

[2009/12/22 17:36:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Mozilla\Extensions
[2009/07/02 17:10:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2009/12/29 10:27:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Mozilla\Firefox\Profiles\z0dxo51i.default\extensions
[2009/12/22 17:36:04 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/22 17:36:04 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\updater@foxstart.com
[2009/12/18 19:27:46 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/12/18 19:27:46 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/12/18 19:27:46 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/12/18 19:27:46 | 00,002,014 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\foxstart.xml
[2009/12/18 19:27:46 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (98 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [FLMK08KB] C:\Program Files\Multimedia Keyboard\KBDAP32A.EXE ()
O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = EF FF FF 03 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 4818 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://129.210.52.139/activex/AMC.cab (AxisMediaControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\System32\ZWebAuth.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/30 16:33:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/03 08:55:29 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/03 08:54:38 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\OTL.exe
[2009/12/26 17:22:20 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/12/24 10:16:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2009/12/22 17:33:56 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/12/22 17:33:56 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/22 17:33:56 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/12/22 17:33:56 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/12/22 17:33:56 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/12/22 15:27:43 | 00,053,136 | ---- | C] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll
[2009/12/22 15:27:42 | 00,047,408 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2009/12/22 15:27:42 | 00,030,280 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2009/12/22 15:27:41 | 00,024,496 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2009/12/22 15:27:41 | 00,000,000 | ---D | C] -- C:\Program Files\Prevx
[2009/12/22 15:27:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2009/12/22 14:25:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Desktop\RootkitBuster_2.80.1077
[2009/12/22 14:22:53 | 00,532,480 | ---- | C] (Trend Micro Incorporated) -- C:\Documents and Settings\ME\Desktop\cwshredder.exe
[2009/12/22 14:19:49 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2009/12/21 10:57:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Desktop\PCI-8738-090401-8.17.34(XP3264-LO-01)
[2009/12/18 18:05:41 | 19,666,944 | ---- | C] (Macrovision Corporation) -- C:\Documents and Settings\ME\Desktop\AirshowPilotDemo.exe
[2009/12/17 18:16:31 | 00,765,952 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System\crlds3d.dll
[2009/12/17 18:16:31 | 00,712,704 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\Audio3D.dll
[2009/12/17 18:16:31 | 00,377,358 | ---- | C] (C-Media Inc) -- C:\WINDOWS\System32\drivers\cmaudio.sys
[2009/12/17 18:16:31 | 00,032,768 | ---- | C] (C-Media Corporation) -- C:\WINDOWS\System32\cmnprop.dll
[2009/12/17 18:16:19 | 01,818,624 | ---- | C] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe
[2009/12/17 18:16:16 | 00,139,264 | ---- | C] (C-Media Electronics Inc.) -- C:\WINDOWS\cmuninst.exe
[2009/12/16 17:42:39 | 00,343,040 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\TFC.exe
[2009/12/15 16:42:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Application Data\Tific
[2009/12/15 16:42:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/12/15 16:42:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/12/13 16:53:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/12/13 16:53:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/13 16:41:54 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/12/13 16:41:53 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/12/13 16:41:52 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/12/13 16:41:51 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/12/13 16:41:50 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/12/13 16:41:50 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/12/13 16:41:50 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/12/13 16:41:50 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/12/13 16:41:32 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/12/13 16:41:30 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/12/13 16:21:36 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2009/12/13 15:14:26 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2009/12/13 14:37:39 | 00,407,680 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\ME\Desktop\aswclnr.exe
[2009/12/13 14:16:15 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/13 14:16:15 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/13 09:55:59 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/12/11 16:38:55 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/12/09 19:01:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\My Documents\Downloads
[2009/12/06 15:31:54 | 01,839,496 | ---- | C] (Trend Micro) -- C:\Documents and Settings\ME\Desktop\HousecallLauncher.exe
[2009/11/11 10:19:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/09/16 08:32:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2009/08/02 00:00:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/04/11 12:03:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/02/08 15:15:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/02/03 11:13:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2007/02/17 00:01:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2006/03/01 14:54:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/03/01 14:53:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2006/03/01 14:53:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help

========== Files - Modified Within 30 Days ==========

[2010/01/03 09:00:03 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/03 08:57:15 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/03 08:57:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/03 08:56:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/03 08:55:52 | 15,466,496 | ---- | M] () -- C:\Documents and Settings\ME\ntuser.dat
[2010/01/03 08:55:52 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\ME\ntuser.ini
[2010/01/03 08:55:37 | 00,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/01/03 08:54:41 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\OTL.exe
[2010/01/01 14:35:07 | 00,100,352 | ---- | M] () -- C:\Documents and Settings\ME\Desktop\BOURC English names.xls
[2010/01/01 10:19:51 | 16,602,852 | -H-- | M] () -- C:\Documents and Settings\ME\Local Settings\Application Data\IconCache.db
[2010/01/01 10:11:47 | 00,053,904 | ---- | M] () -- C:\Documents and Settings\ME\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/31 22:56:04 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\ME\Desktop\sr49g1z3.exe
[2009/12/31 17:28:37 | 00,239,144 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/26 17:24:50 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/23 20:50:23 | 00,042,767 | ---- | M] () -- C:\Documents and Settings\ME\Desktop\jadwiga.jpg
[2009/12/23 16:45:37 | 03,282,260 | ---- | M] () -- C:\Documents and Settings\ME\Desktop\Tomos 061.jpg
[2009/12/22 17:33:44 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/12/22 17:33:44 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/22 17:33:44 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/12/22 17:33:44 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/12/22 17:33:44 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/12/22 15:33:05 | 00,053,136 | ---- | M] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll
[2009/12/22 15:33:04 | 00,047,408 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2009/12/22 15:33:04 | 00,030,280 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2009/12/22 15:33:04 | 00,024,496 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2009/12/22 15:32:55 | 00,000,161 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/12/22 14:22:53 | 00,532,480 | ---- | M] (Trend Micro Incorporated) -- C:\Documents and Settings\ME\Desktop\cwshredder.exe
[2009/12/18 18:05:43 | 19,666,944 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\ME\Desktop\AirshowPilotDemo.exe
[2009/12/18 17:14:33 | 01,340,416 | ---- | M] () -- C:\Documents and Settings\ME\Desktop\Scrap.shs
[2009/12/18 09:28:30 | 00,000,101 | ---- | M] () -- C:\WINDOWS\CMMIXER.INI
[2009/12/18 09:18:30 | 00,000,025 | ---- | M] () -- C:\WINDOWS\mixerdef.ini
[2009/12/17 18:20:50 | 00,000,092 | ---- | M] () -- C:\WINDOWS\CMISETUP.INI
[2009/12/17 18:20:50 | 00,000,026 | ---- | M] () -- C:\WINDOWS\CMCDPLAY.INI
[2009/12/17 18:19:34 | 14,298,400 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/12/17 18:19:34 | 00,706,080 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/12/17 18:19:34 | 00,193,568 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/12/17 18:19:34 | 00,067,244 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/12/17 13:02:04 | 00,007,433 | ---- | M] () -- C:\Documents and Settings\ME\Desktop\message.png
[2009/12/16 17:42:39 | 00,343,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\TFC.exe
[2009/12/13 16:41:50 | 00,002,639 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/12/13 14:37:45 | 00,407,680 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\ME\Desktop\aswclnr.exe
[2009/12/13 12:13:22 | 00,001,941 | ---- | M] () -- C:\rollback.ini
[2009/12/09 10:23:57 | 00,523,844 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/09 10:23:57 | 00,442,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/09 10:23:57 | 00,071,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/06 15:32:27 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\ME\Local Settings\Application Data\housecall.guid.cache
[2009/12/06 15:32:00 | 01,839,496 | ---- | M] (Trend Micro) -- C:\Documents and Settings\ME\Desktop\HousecallLauncher.exe

========== Files Created - No Company Name ==========

[2100/02/16 16:09:06 | 00,000,062 | ---- | C] () -- C:\WINDOWS\System32\LXBOUSCI.INI
[2010/01/02 17:53:50 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/01 14:34:34 | 00,100,352 | ---- | C] () -- C:\Documents and Settings\ME\Desktop\BOURC English names.xls
[2009/12/31 22:56:04 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\ME\Desktop\sr49g1z3.exe
[2009/12/23 20:50:17 | 00,042,767 | ---- | C] () -- C:\Documents and Settings\ME\Desktop\jadwiga.jpg
[2009/12/23 16:45:36 | 03,282,260 | ---- | C] () -- C:\Documents and Settings\ME\Desktop\Tomos 061.jpg
[2009/12/17 18:26:21 | 00,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2009/12/17 18:16:20 | 00,039,104 | ---- | C] () -- C:\WINDOWS\cmijack.dat
[2009/12/17 18:16:20 | 00,022,178 | ---- | C] () -- C:\WINDOWS\cmaudio.dat
[2009/12/17 13:02:04 | 00,007,433 | ---- | C] () -- C:\Documents and Settings\ME\Desktop\message.png
[2009/12/13 16:41:32 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/12/13 09:30:41 | 00,001,941 | ---- | C] () -- C:\rollback.ini
[2009/12/12 20:54:22 | 14,298,400 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/12/12 20:54:22 | 00,706,080 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/12/12 20:54:22 | 00,193,568 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/12/12 20:54:22 | 00,067,244 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/12/06 15:32:27 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\ME\Local Settings\Application Data\housecall.guid.cache
[2009/11/11 22:20:02 | 00,258,688 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/27 15:42:29 | 00,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/07/17 11:42:53 | 00,004,820 | ---- | C] () -- C:\Program Files\qexdb.txt
[2009/06/26 14:20:31 | 00,000,048 | ---- | C] () -- C:\Documents and Settings\ME\Local Settings\Application Data\mm-device-08.ini
[2009/06/26 14:20:12 | 00,000,597 | ---- | C] () -- C:\WINDOWS\{A7A59CB1-5FAE-42A1-B335-17B1C942B43E}_WiseFW.ini
[2008/12/20 10:00:14 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/12/10 10:15:04 | 00,000,038 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\3dsignal_Winter Train_cfg
[2008/12/02 11:25:10 | 00,000,230 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2008/11/10 13:40:41 | 00,001,205 | ---- | C] () -- C:\WINDOWS\tbs_bna.ini
[2008/11/10 13:40:26 | 00,000,009 | ---- | C] () -- C:\WINDOWS\tbs_job.ini
[2008/11/10 13:40:24 | 00,002,324 | ---- | C] () -- C:\WINDOWS\tbs_quiz.ini
[2008/11/10 13:40:24 | 00,001,033 | ---- | C] () -- C:\WINDOWS\tbs_juke.ini
[2008/11/10 13:40:24 | 00,000,009 | ---- | C] () -- C:\WINDOWS\tbs_tbh.ini
[2008/11/10 13:40:22 | 00,000,801 | ---- | C] () -- C:\WINDOWS\tbs_bows.ini
[2008/11/10 13:40:19 | 00,000,744 | ---- | C] () -- C:\WINDOWS\tbs_ss.ini
[2008/11/10 13:40:15 | 00,000,040 | ---- | C] () -- C:\WINDOWS\tbs_menu.ini
[2008/08/24 15:13:32 | 01,380,403 | ---- | C] () -- C:\WINDOWS\System32\avgsdk.dll
[2008/08/09 12:13:12 | 00,000,080 | RHS- | C] () -- C:\WINDOWS\System32\A09E64B1A5.dll
[2008/07/04 18:16:43 | 00,001,346 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2008/04/24 09:45:44 | 00,000,144 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2008/04/23 13:28:32 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\ME\Application Data\SAS7_000.DAT
[2008/04/21 14:12:02 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/04/05 15:35:00 | 00,000,027 | ---- | C] () -- C:\WINDOWS\SonySNCP1.ini
[2008/04/05 09:46:32 | 00,004,810 | ---- | C] () -- C:\WINDOWS\System32\Mapx16w6.dll
[2008/03/10 18:10:31 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/03/09 14:27:57 | 00,012,800 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Svclog.log
[2008/03/01 20:41:49 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/02/04 17:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/20 21:26:46 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/01/20 21:26:46 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2008/01/20 21:26:14 | 00,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/01/20 21:21:06 | 03,109,376 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/01/20 21:21:06 | 00,662,016 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/20 21:21:04 | 00,507,392 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/01/20 21:21:04 | 00,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2008/01/20 21:21:04 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2008/01/20 21:21:04 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/01/20 21:21:04 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2008/01/20 21:21:04 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2008/01/20 21:21:04 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/01/20 21:21:04 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2008/01/20 21:21:04 | 00,081,408 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2008/01/20 21:21:04 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2008/01/20 21:21:04 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2008/01/20 21:21:04 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/01/20 21:21:04 | 00,008,192 | ---- | C] () -- C:\WINDOWS\System32\FLT_ffdshow.dll
[2008/01/20 21:07:00 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/01/01 00:00:00 | 00,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2008/01/01 00:00:00 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/12/31 18:19:27 | 00,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2007/12/31 18:17:18 | 00,028,179 | ---- | C] () -- C:\WINDOWS\cmijack.ini
[2007/12/31 18:17:18 | 00,003,360 | R--- | C] () -- C:\WINDOWS\cmiainfo.sys
[2007/12/31 18:17:17 | 00,018,287 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2007/12/31 18:17:10 | 00,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2007/12/31 18:17:10 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2007/12/29 00:04:02 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2007/12/29 00:04:00 | 00,245,248 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2007/12/29 00:03:56 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2007/12/29 00:03:48 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2007/12/29 00:03:48 | 00,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2007/12/29 00:03:46 | 00,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2007/12/29 00:03:46 | 00,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2007/12/29 00:03:40 | 00,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2007/12/29 00:03:38 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2007/12/29 00:03:34 | 00,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2007/12/29 00:03:34 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2007/07/23 11:40:54 | 00,000,051 | ---- | C] () -- C:\Documents and Settings\ME\Local Settings\Application Data\setup.txt
[2007/06/28 18:54:10 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/05/01 16:04:28 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiC0486_11.dll
[2007/02/26 15:13:34 | 06,963,712 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll
[2007/02/26 15:13:34 | 00,452,608 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll
[2007/02/26 15:13:32 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\videocore.dll
[2006/12/07 18:43:58 | 00,000,161 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/06 21:30:55 | 00,000,403 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/12/06 15:23:12 | 00,000,282 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2006/11/06 14:30:38 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/10/26 15:56:00 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/10/26 15:55:59 | 00,000,116 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/08/02 16:50:59 | 00,000,352 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/06/07 08:23:18 | 00,356,352 | ---- | C] () -- C:\WINDOWS\System32\GPLPatchDLL.dll
[2006/03/28 10:51:48 | 00,000,535 | ---- | C] () -- C:\WINDOWS\SGREP32.INI
[2006/03/28 10:48:36 | 00,001,630 | ---- | C] () -- C:\WINDOWS\Payroll.INI
[2006/03/28 10:41:55 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2006/03/28 10:41:39 | 00,270,336 | ---- | C] () -- C:\WINDOWS\System32\SGLIST32.DLL
[2006/03/28 10:41:39 | 00,233,472 | ---- | C] () -- C:\WINDOWS\System32\SGLCH32.DLL
[2006/03/28 10:41:39 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHELP32.DLL
[2006/03/28 10:41:39 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGINTL32.DLL
[2006/03/28 10:41:39 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAPPBAR.DLL
[2006/03/28 10:41:39 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.DLL
[2006/03/28 10:41:39 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLOGO32.DLL
[2006/03/28 10:41:38 | 01,572,864 | ---- | C] () -- C:\WINDOWS\System32\SGREP32.DLL
[2006/03/28 10:41:38 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\SGTOOL32.DLL
[2006/03/28 10:41:38 | 00,241,664 | ---- | C] () -- C:\WINDOWS\System32\SGCDLG32.DLL
[2006/03/28 10:41:38 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\SGTBAR32.DLL
[2006/03/28 10:41:38 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\SGCOM32.DLL
[2006/03/28 10:41:38 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDT32.DLL
[2006/03/28 10:41:38 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGSTAT32.DLL
[2006/03/04 20:18:41 | 00,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2006/02/24 14:22:22 | 00,004,672 | ---- | C] () -- C:\WINDOWS\System32\LXBOUSCI.DLL
[2006/02/21 22:16:01 | 00,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/02/19 17:55:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/02/19 11:05:35 | 00,159,232 | ---- | C] () -- C:\Documents and Settings\ME\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/18 00:00:45 | 00,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2006/02/17 23:59:49 | 00,294,912 | ---- | C] () -- C:\WINDOWS\System32\liplW7.dll
[2006/02/17 23:59:49 | 00,290,816 | ---- | C] () -- C:\WINDOWS\System32\liplA6.dll
[2006/02/17 23:59:49 | 00,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplPX.dll
[2006/02/17 23:59:49 | 00,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplP6.dll
[2006/02/17 23:59:49 | 00,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplM6.dll
[2006/02/17 23:59:49 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\lipl.dll
[2006/02/17 22:25:04 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2006/02/17 21:29:11 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/02/17 21:10:23 | 00,005,187 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/02/17 21:06:57 | 00,000,125 | ---- | C] () -- C:\Documents and Settings\ME\Local Settings\Application Data\fusioncache.dat
[2006/01/17 18:08:10 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiC0486_0402.dll
[2006/01/17 18:08:08 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiC0486_0C.dll
[2006/01/17 18:08:08 | 00,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0486_10.dll
[2006/01/17 18:08:06 | 00,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0486_0A.dll
[2006/01/17 18:08:06 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiC0486_09.dll
[2006/01/17 18:08:04 | 00,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0486_07.dll
[2006/01/17 18:01:14 | 01,925,120 | ---- | C] () -- C:\WINDOWS\System32\SaiC0486.Dll
[2005/11/30 17:23:36 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/30 17:12:36 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/30 17:12:36 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/30 17:12:36 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/30 17:12:36 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/30 17:12:36 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/30 17:12:36 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/30 17:12:24 | 00,000,484 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/30 17:02:14 | 00,000,826 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/30 16:35:24 | 00,000,828 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/30 01:04:01 | 00,056,880 | ---- | C] () -- C:\WINDOWS\System32\scvideo.dll
[2005/08/31 07:42:24 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\dfltchk2.dll
[2005/08/28 21:04:04 | 00,001,257 | ---- | C] () -- C:\WINDOWS\GARMINWT.INI
[2005/02/05 19:46:00 | 00,004,608 | ---- | C] () -- C:\WINDOWS\fgexec.dll
[2004/03/26 21:49:10 | 04,055,040 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll
[2003/07/15 00:57:20 | 00,031,744 | ---- | C] () -- C:\WINDOWS\System32\flt1chk2.dll
[2002/09/19 03:40:16 | 00,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2002/09/19 03:13:13 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\lxboBCE.DLL
[2002/09/19 03:13:11 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\lxboICO.DLL
[2002/09/10 15:10:05 | 00,495,616 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002/06/11 08:34:09 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\lxbo2kui.dll
[2002/06/11 08:33:54 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\lxbo2kpm.dll
[2002/06/07 12:59:15 | 00,000,194 | ---- | C] () -- C:\WINDOWS\X84-X85_DS.ini
[2001/08/24 19:17:59 | 00,001,369 | ---- | C] () -- C:\WINDOWS\Lexmark_ICM.ini
[2000/10/24 09:08:36 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/10/24 09:08:33 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1999/03/22 01:00:00 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1999/01/27 13:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1998/08/16 05:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1997/06/13 07:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:562E6495
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:861A898F
< End of report >

The Extras.txt was as follows:-

OTL Extras logfile created on: 03/01/2010 09:00:53 - Run 1
OTL by OldTimer - Version 3.1.20.2 Folder = C:\Documents and Settings\ME\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 93.18 Gb Free Space | 62.52% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 60.22 Gb Free Space | 40.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ME
Current User Name: ME
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"SerialNumber" = A109A-K13-3ZXD-BAP5-TE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"8000:UDP" = 8000:UDP:*:Disabled:Express Talk RTP Incoming Audio (UDP)
"8001:UDP" = 8001:UDP:*:Disabled:Express Talk RTP Incoming Audio (UDP)
"8002:UDP" = 8002:UDP:*:Disabled:Express Talk RTP Incoming Audio (UDP)
"8003:UDP" = 8003:UDP:*:Disabled:Express Talk RTP Incoming Audio (UDP)
"3389:TCP" = 3389:TCP:*:Disabled:Remote Desktop

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Outlook Express\msimn.exe" = C:\Program Files\Outlook Express\msimn.exe:*:Enabled:Outlook Express -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Disabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\Bridge Base Online\NetBridgeVu.exe" = C:\Bridge Base Online\NetBridgeVu.exe:*:Enabled:Bridge Base Online -- ()
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Disabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\GPL 2004 DEMO\gpl.exe" = C:\Program Files\GPL 2004 DEMO\gpl.exe:*:Disabled:Grand Prix Legends -- (Sierra On-Line Inc.
Bellevue, WA 98007)
"C:\Program Files\Tesco internet phone\TescoIP.exe" = C:\Program Files\Tesco internet phone\TescoIP.exe:*:Disabled:TescoIP -- ()
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player -- ()
"C:\Program Files\GPL 2004 DEMO\gplc66.exe" = C:\Program Files\GPL 2004 DEMO\gplc66.exe:*:Disabled:Grand Prix Legends -- (Sierra On-Line Inc.
Bellevue, WA 98007)
"C:\Program Files\GPLSecrets\iGOR\iGOR.exe" = C:\Program Files\GPLSecrets\iGOR\iGOR.exe:*:Disabled:iGOR -- ()
"C:\Documents and Settings\ME\Desktop\RarSFX0\iGOR\iGOR.exe" = C:\Documents and Settings\ME\Desktop\RarSFX0\iGOR\iGOR.exe:*:Disabled:iGOR -- ()
"C:\Program Files\VROC\WinVROC\WinVROC.exe" = C:\Program Files\VROC\WinVROC\WinVROC.exe:*:Disabled:Main WinVROC Module -- (Lawrence L. Holbert)
"C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe" = C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe:*:Disabled:Microsoft Flight Simulator -- (Microsoft Corp.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Disabled:Delivery Manager Service -- (Kontiki Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Disabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\Memory-Map\OS-5\showmmcrypt.exe" = C:\Program Files\Memory-Map\OS-5\showmmcrypt.exe:*:Disabled:License-Managed Data Viewer -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- (Lime Wire, LLC)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Disabled:Logitech Vid -- (Logitech Inc.)
"C:\Program Files\Memory-Map\OS-5\MMNav.exe" = C:\Program Files\Memory-Map\OS-5\MMNav.exe:*:Disabled:Memory-Map -- (Memory-Map, Inc)
"C:\Program Files\Memory-Map\OS-5\mm3d.exe" = C:\Program Files\Memory-Map\OS-5\mm3d.exe:*:Disabled:Memory-Map 3D -- (Memory-Map, Inc)
"C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" = C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:*:Disabled:VoipBuster -- (VoipBuster)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Disabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08E4AE58-748D-4983-9B8A-495E2341769F}" = Garmin POI Loader
"{1116FD69-3C49-BE9A-C206-E8BA26CCA10F}" = CCC Help English
"{16FE2579-06B2-3E32-58F2-4B70B69A3070}" = ccc-core-preinstall
"{1EB21F28-E3AF-A317-4658-6C0C455C2F61}" = Catalyst Control Center Core Implementation
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2F4AF40B-433A-494E-BB41-816D113F32BA}" = aerosoft's - Mega Airport London Heathrow X
"{2FD177C0-A752-11DC-8314-0800200C9A66}" = Windows Live SkyDrive Upload Tool
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46D9C523-FABB-FFF1-321D-F493A68E2C3E}" = Catalyst Control Center Graphics Previews Common
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{57D32909-FCA8-A78B-2AD2-2A50F5E11858}" = ccc-core-static
"{57EA735B-4F1D-9FC5-6A36-B0C0F1D704FE}" = Catalyst Control Center Graphics Light
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{62369F2F77534556AEF4C58152E3BDE5}" =
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{784E6B0F-00EC-4950-95A2-BBA64F44EC48}" = Camtasia Studio 5
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{888D0F50-FF0A-4808-966E-23D63277BF2A}" = Intel® Network Connections 12.4.38.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C4EADB1-43EC-44CE-8C06-897785D5B9DF}" = VFR Real Scenery vol3 demo
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{98FDC595-92B3-48D5-80D6-FE7AABD9191B}_is1" = Weather Watcher Live
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A7894110-9C15-43EF-89E9-060363290188}" = Samsung PC Studio
"{A7A59CB1-5FAE-42A1-B335-17B1C942B43E}" = Memory-Map OS Edition Version 5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B56D25A0-1316-4255-AB45-1147C9D01C5E}" = Aerosoft's - MonacoX
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEA18030-8B42-1286-EF64-CDA6BD083888}" = BBC iPlayer Desktop
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{C82185E8-C27B-4EF4-2007-3333BC2C2B6D}" = Microsoft AutoRoute 2007
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{D52B286A-BB3A-436B-A41A-8E1475DE5E06}" = Abacus Fighter Pilot 2 for FSX
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8320DD6-FE47-41DE-B116-4158B7AE3F37}" = ACDSee for PENTAX 2.0
"{D88857C8-B36B-42CE-AC26-9FFFEEDB181A}" = RssReader
"{DA46AA5F-4934-4DAC-94E4-7D84AD9A4090}" = Project Canarias 2006
"{DC6CD4F8-6AF8-4B47-A25A-9D9560D3845E}" = Saitek SD6 Programming Software 6.0.10.7
"{DE31F8AA-B12D-3A38-E561-C657EED45465}" = Catalyst Control Center Graphics Full Existing
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E54F101A-F272-4ADE-B095-296121486D68}" = Quo v2
"{E6EB53D4-5AD0-07F0-2DAC-0A2D624DF39D}" = ccc-utility
"{E74CC47C-28D3-25E1-14D2-68EBC87C31BA}" = Skins
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" =
"{EF32F291-8B08-43EF-8BAA-58B9F8C9540F}" = aerosoft's - Lukla X - Mount Everest
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1608947-B8A4-4D65-A7B8-8B1D669C0E2C}" = SnagIt 7
"{F251B61F-9D18-13C4-02EE-71A36343D442}" = Catalyst Control Center Graphics Full New
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCDB7BCC-FD7D-43DF-8AA2-6A58EE775B58}" = Platinum Collection Piaggio Avanti for FSX
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"22ea8256-5069-404e-8b08-af0c3889380e_is1" = Tesco Internet Phone
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Alarm_is1" = Alarm 2.0.4
"All ATI Software" = ATI - Software Uninstall Utility
"Ashampoo Photo Optimizer 2_is1" = Ashampoo Photo Optimizer 2.00
"ATI Display Driver" = ATI Display Driver
"AutoSizer" = AutoSizer
"avast!" = avast! Antivirus
"AXIS Media Control" = AXIS Media Control
"BBC iPlayer Download Manager" = BBC iPlayer Download Manager
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"Bink and Smacker" = Bink and Smacker
"Branding" =
"Bridge Squeezes Complete" = Bridge Squeezes Complete
"Bridge_Base_Online" = Bridge Base Online
"Bridge_Base_Online_Update_-_November_2008" = Bridge Base Online Update - November 2008
"Browser Mouse" = Browser Mouse
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"Connection Manager" =
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"ExpressBurn" = Express Burn
"ExpressRip" = Express Rip
"FLAC" = FLAC Installer 1.1.2a (remove only)
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"FLVPlayer" = FLV Player 1.3.3
"FS2004 EGNL Walney Island Airfield" = FS2004 EGNL Walney Island Airfield
"Game Booster_is1" = Game Booster
"GPL 2004 DEMO" = GPL 2004 DEMO
"GTK 2.0" = GTK+ Runtime 2.12.1 rev b (remove only)
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield Uninstall Information" =
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"Jeff's Birding Database v3.2" = Jeff's Birding Database v3.2
"Kantar's Test Your Play" = Kantar's Test Your Play
"LFRD2004 St-Malo Dinard Pleurtuit" = LFRD2004 St-Malo Dinard Pleurtuit
"LimeWire" = LimeWire PRO 4.14.10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maps2Bgl_X_is1" = Maps2Bgl 2.6 Beta FSX-Version
"Media Player - Codec Pack" = Media Player Codec Pack 2.1.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Interactive Training" =
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"Multimedia Keyboard" = Multimedia Keyboard
"My_Favorite_52_Demo_Version_By_Larry_Cohen" = My Favorite 52 Demo Version By Larry Cohen
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroVision!UninstallKey" = Nero Digital
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVEContent!UninstallKey" = NeroVision Express Content
"OpenAL" = OpenAL
"PCHealth" =
"PCI Audio Driver" = PCI Audio Driver
"PCSI" = Prevx
"Project Canarias 2006" =
"QcDrv" = Logitech Camera Driver
"RadarSync" = RadarSync
"RealAlt_is1" = Real Alternative 1.52
"Recordpad" = Recordpad
"rFactor" = rFactor (remove only)
"Songbird-release-1146" = Songbird 1.2.0 (Build 1146)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"Spotify" = Spotify
"ST6UNST #1" = GPL Race Engineer
"Switch" = Switch Sound File Converter
"SystemRequirementsLab" = System Requirements Lab
"Talk" = Express Talk
"Tesco internet phone_is1" = Tesco internet phone
"The Tracker! Ver. 3.0" = The Tracker! Ver. 3.0
"TileProxy" = The TileProxy Project for Microsoft FSX/2004/2002
"ToolBox" = NCH Toolbox
"Valex AC3-DTS codec" = Valex AC3-DTS codec (remove only)
"VLC media player" = VLC media player 0.9.8
"VoipBuster_is1" = VoipBuster
"WavePad" = WavePad Sound Editor
"WIC" = Windows Imaging Component
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPatrol" = WinPatrol 2008
"WinRAR archiver" = WinRAR archiver
"WinVROC" = WinVROC
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD" = XviD MPEG-4 Codec
"Xvid_is1" = Xvid 1.1.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"EGCW Welshpool" = EGCW Welshpool
"EGNL Barrow - Walney Island" = EGNL Barrow - Walney Island
"EGSC Cambridge" = EGSC Cambridge
"EGSH Norwich Airport" = EGSH Norwich Airport
"RAF Shawbury, Ternhill and EGCV Sleap" = RAF Shawbury, Ternhill and EGCV Sleap

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01/01/2010 07:13:20 | Computer Name = ME | Source = ESENT | ID = 455
Description = wuaueng.dll (3392) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 01/01/2010 07:13:30 | Computer Name = ME | Source = ESENT | ID = 489
Description = wuauclt (3436) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 01/01/2010 07:13:30 | Computer Name = ME | Source = ESENT | ID = 455
Description = wuaueng.dll (3436) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 01/01/2010 07:13:40 | Computer Name = ME | Source = ESENT | ID = 489
Description = wuauclt (3436) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 01/01/2010 07:13:40 | Computer Name = ME | Source = ESENT | ID = 455
Description = wuaueng.dll (3436) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 01/01/2010 07:13:51 | Computer Name = ME | Source = ESENT | ID = 489
Description = wuauclt (3500) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 01/01/2010 07:13:51 | Computer Name = ME | Source = ESENT | ID = 455
Description = wuaueng.dll (3500) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 01/01/2010 07:14:01 | Computer Name = ME | Source = ESENT | ID = 489
Description = wuauclt (3500) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 01/01/2010 07:14:01 | Computer Name = ME | Source = ESENT | ID = 455
Description = wuaueng.dll (3500) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 01/01/2010 07:14:02 | Computer Name = ME | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80248011, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 26/12/2009 13:38:39 | Computer Name = ME | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%1058

Error - 26/12/2009 13:38:40 | Computer Name = ME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd sptd

Error - 28/12/2009 07:22:14 | Computer Name = ME | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%1058

Error - 28/12/2009 07:22:15 | Computer Name = ME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd sptd

Error - 28/12/2009 11:41:58 | Computer Name = ME | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 001AEE0048E2 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 28/12/2009 11:42:14 | Computer Name = ME | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%1058

Error - 28/12/2009 11:42:15 | Computer Name = ME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd sptd

Error - 29/12/2009 00:15:39 | Computer Name = ME | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 001AEE0048E2 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 29/12/2009 00:15:54 | Computer Name = ME | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%1058

Error - 29/12/2009 00:15:55 | Computer Name = ME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd sptd


< End of report >

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:33 PM

Posted 03 January 2010 - 05:42 PM

Why do I see this in your scans please 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory?


This is telling you the amount of RAM installed 2GB, and how much is Available 1GB.

I have no idea about your IE issue it does sound strange, I have never heard of that problem before, you may want to ask about this in the XP
forum when we are done here.

I would like to see one more scan then you can go ahead and do any clean up or defrag.

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Then in your next reply, please let me know if you are having any more problems and post back here with the following logs:
  • Kaspersky report
  • New DDS log
Thanks

unite.jpg


#9 freedie

freedie
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:33 PM

Posted 05 January 2010 - 12:49 AM

Hi again syler.

All looking very good now! The only problem I have now is a svchost.exe exception every time I close down. This had existed before the virus problem began and is still present (sometimes?).

The good news files are as follows:-

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, January 5, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, January 04, 2010 06:40:41
Records in database: 3360417
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Objects scanned: 1754914
Threats found: 1
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 22:10:25


File name / Threat / Threats count
D:\Downloads\DAEMON Tools 4.0.6\daemon406-x64.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
D:\Downloads\DAEMON Tools 4.0.6\daemon406-x86.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
D:\Downloads\daemon408-x86\daemon408-x86.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
D:\Downloads\daemon408-x86.rar Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
D:\Downloads\WW5617SETUP2.EXE Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1

Selected area has been scanned.



DDS (Ver_09-12-01.01) - NTFSx86
Run by ME at 5:38:50.47 on 05/01/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1411 [GMT 0:00]

AV: avast! antivirus 4.8.1368 [VPS 100104-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Multimedia Keyboard\KbdAp32A.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\ME\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;<local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE"
mRun: [FLMK08KB] c:\program files\multimedia keyboard\KbdAp32A.exe
mRun: [FLMOFFICE4DMOUSE] c:\program files\browser mouse\mouse32a.exe
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://129.210.52.139/activex/AMC.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\me\applic~1\mozilla\firefox\profiles\z0dxo51i.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.foxstart.com/?rls=en:uk:mb
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\me\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-13 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-13 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-13 138680]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-13 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-13 352920]
R3 FIXUSTOR;FIXUSTOR;c:\windows\system32\drivers\fixustor.sys [2006-1-4 11136]
R3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [2007-10-12 220079]
R3 rxpvbus;Reality XP Avionics Bus Driver;c:\windows\system32\drivers\rxpvbus.sys [2005-8-28 44032]
R3 ZT6688;ZT6688 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\ZT6688.sys [2008-3-10 21376]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 ensqio;ensqio;c:\windows\system32\drivers\ensqio.sys --> c:\windows\system32\drivers\ensqio.sys [?]
S1 sbpcint4;SB AudioPCI 128;c:\windows\system32\drivers\sbpcint4.sys --> c:\windows\system32\drivers\sbpcint4.sys [?]
S3 cpuz128;cpuz128;\??\c:\docume~1\me\locals~1\temp\cpuz_x32.sys --> c:\docume~1\me\locals~1\temp\cpuz_x32.sys [?]
S3 huadio;huadio;\??\c:\huadio.tmp --> c:\huadio.tmp [?]
S3 LV506AV;Logitech QuickCam Cordless(PID_0430);c:\windows\system32\drivers\LV506AV.SYS [2006-2-18 259584]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\241.tmp --> c:\windows\system32\241.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SaiH0486;SaiH0486;c:\windows\system32\drivers\SaiH0486.sys [2006-1-17 132232]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408]
S3 Tileproxy;Tileproxy;c:\windows\system32\drivers\tileproxy.sys [2008-3-9 31616]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys --> c:\windows\system32\drivers\vaxscsi.sys [?]
S4 gupdate1c985f05e04b7a4;Google Update Service (gupdate1c985f05e04b7a4);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2100-02-16 16:09:06 62 -c--a-w- c:\windows\system32\LXBOUSCI.INI
2010-01-03 15:28:48 54156 ---ha-w- c:\windows\QTFont.qfn
2010-01-03 15:28:48 1409 ----a-w- c:\windows\QTFont.for
2010-01-03 11:11:02 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-01-03 11:11:02 160217 ----a-w- c:\windows\system32\PowerToysLicense.rtf
2010-01-03 08:55:29 0 d-----w- C:\_OTL
2009-12-26 17:22:20 0 dc-h--w- c:\windows\ie8
2009-12-22 17:33:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-12-22 17:33:56 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-22 14:19:49 0 d-----w- c:\program files\TrendMicro
2009-12-17 18:26:21 101 ----a-w- c:\windows\CMMIXER.INI
2009-12-17 18:16:31 765952 ----a-w- c:\windows\system\crlds3d.dll
2009-12-17 18:16:31 712704 ----a-w- c:\windows\system32\Audio3D.dll
2009-12-17 18:16:31 377358 ----a-w- c:\windows\system32\drivers\cmaudio.sys
2009-12-17 18:16:31 32768 ----a-w- c:\windows\system32\cmnprop.dll
2009-12-17 18:16:20 39104 ----a-w- c:\windows\cmijack.dat
2009-12-17 18:16:20 22178 ----a-w- c:\windows\cmaudio.dat
2009-12-17 18:16:19 1818624 ----a-w- c:\windows\mixer.exe
2009-12-17 18:16:16 139264 ----a-w- c:\windows\cmuninst.exe
2009-12-15 16:42:51 0 d-----w- c:\docume~1\me\applic~1\Tific
2009-12-15 16:42:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2009-12-15 16:42:30 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-12-13 16:21:36 0 d-----w- c:\program files\Enigma Software Group
2009-12-13 15:14:26 0 d-----w- c:\program files\Sophos
2009-12-13 09:30:41 1941 ----a-w- C:\rollback.ini
2009-12-12 20:54:22 706080 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-12-12 20:54:22 67244 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-12-12 20:54:22 193568 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-12 20:54:22 14298400 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-11 16:38:55 0 d-----w- c:\program files\Spybot - Search & Destroy

==================== Find3M ====================

2009-12-30 14:55:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 14:54:58 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-11-02 20:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-08 14:57:02 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 14:57:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 14:56:56 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-07-17 11:42:53 4820 -c--a-w- c:\program files\qexdb.txt
2006-03-29 14:50:37 61 -csh--w- c:\windows\cnerolf.dat
2008-08-09 12:14:18 80 -csh--r- c:\windows\system32\A09E64B1A5.dll
2009-02-27 17:57:53 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009022720090228\index.dat

============= FINISH: 5:39:35.47 ===============

Attached Files



#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:33 PM

Posted 05 January 2010 - 01:31 AM

Hello freedie,

Your logs look ok but I would just like to have a look with another tool.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#11 freedie

freedie
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:33 PM

Posted 05 January 2010 - 06:55 AM

Well syler .. this is just fantastic. PC is as I remember it before my December problems (even with the same old fault ... will try a different section for that!).

Here is the ComboFix.txt:-

ComboFix 10-01-04.01 - ME 05/01/2010 11:32:55.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1523 [GMT 0:00]
Running from: c:\documents and settings\ME\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100104-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ME\Application Data\Messenger
c:\recycler\S-1-5-21-959953628-961672200-4061147283-1003
c:\windows\Downloaded Program Files\Quarantine
c:\windows\system32\geyekrutnsdlpc.dat
c:\windows\system32\libmplayer.dll
c:\windows\system32\UACeoemdjnjeurbyikpf.db
c:\windows\unins000.dat
c:\windows\unins000.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-05 to 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-05 05:47 . 2010-01-05 05:47 -------- d-----w- c:\documents and settings\ME\Application Data\Yahoo!
2010-01-03 11:11 . 2003-06-25 16:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2009-12-26 17:51 . 2009-12-26 17:51 52224 ----a-w- c:\documents and settings\ME\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-26 17:22 . 2009-12-26 17:23 -------- dc-h--w- c:\windows\ie8
2009-12-24 10:15 . 2009-12-24 10:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2009-12-22 17:33 . 2009-12-22 17:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-22 17:33 . 2009-12-22 17:33 152576 ----a-w- c:\documents and settings\ME\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-22 17:32 . 2009-12-22 17:32 79488 ----a-w- c:\documents and settings\ME\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-22 14:19 . 2009-12-22 14:19 388096 ----a-r- c:\documents and settings\ME\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-22 14:19 . 2009-12-22 14:19 -------- d-----w- c:\program files\TrendMicro
2009-12-17 18:16 . 2002-11-18 15:51 377358 ----a-w- c:\windows\system32\drivers\cmaudio.sys
2009-12-17 18:16 . 2002-10-09 09:38 32768 ----a-w- c:\windows\system32\cmnprop.dll
2009-12-17 18:16 . 2001-11-23 12:08 712704 ----a-w- c:\windows\system32\Audio3D.dll
2009-12-17 18:16 . 2000-10-20 18:28 765952 ----a-w- c:\windows\system\crlds3d.dll
2009-12-17 18:16 . 2002-11-19 15:46 39104 ----a-w- c:\windows\cmijack.dat
2009-12-17 18:16 . 2002-11-19 15:43 22178 ----a-w- c:\windows\cmaudio.dat
2009-12-17 18:16 . 2002-10-15 18:00 1818624 ----a-w- c:\windows\mixer.exe
2009-12-17 18:16 . 2002-07-11 11:24 139264 ----a-w- c:\windows\cmuninst.exe
2009-12-16 18:20 . 2009-12-26 17:51 117760 ----a-w- c:\documents and settings\ME\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-15 16:42 . 2009-12-15 16:42 -------- d-----w- c:\documents and settings\ME\Application Data\Tific
2009-12-15 16:42 . 2009-12-16 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-12-15 16:42 . 2009-12-15 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-12-13 16:41 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-13 16:41 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-13 16:41 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-13 16:41 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-13 16:41 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-13 16:41 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-13 16:41 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-13 16:41 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-13 16:41 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-13 16:41 . 2009-12-13 16:41 -------- d-----w- c:\program files\Alwil Software
2009-12-13 16:21 . 2009-12-13 16:21 -------- d-----w- c:\program files\Enigma Software Group
2009-12-13 15:14 . 2009-12-13 15:14 -------- d-----w- c:\program files\Sophos
2009-12-12 20:54 . 2009-12-17 18:19 706080 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-12-12 20:54 . 2009-12-17 18:19 14298400 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-11 16:38 . 2009-12-13 11:44 -------- d-----w- c:\program files\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 06:17 . 2009-03-01 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-01-05 06:16 . 2009-03-30 09:16 -------- d-----w- c:\program files\PCPitstop
2010-01-04 06:13 . 2008-05-07 09:37 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-03 08:55 . 2009-11-11 22:20 258688 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-03 08:39 . 2008-09-01 16:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-03 08:36 . 2009-01-07 08:12 5061520 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-01 10:11 . 2006-02-17 21:06 53904 -c--a-w- c:\documents and settings\ME\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-30 14:55 . 2008-09-01 16:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 14:54 . 2008-09-01 16:46 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-12-27 17:09 . 2008-03-28 13:11 -------- d-----w- c:\program files\Axis Communications
2009-12-26 15:53 . 2009-11-11 16:39 -------- d-----w- c:\program files\Uniblue
2009-12-26 15:40 . 2009-11-11 16:40 -------- d-----w- c:\documents and settings\ME\Application Data\uniblue
2009-12-25 20:21 . 2006-02-22 16:05 -------- d-----w- c:\documents and settings\ME\Application Data\Skype
2009-12-25 18:19 . 2008-03-01 20:41 -------- d-----w- c:\documents and settings\ME\Application Data\skypePM
2009-12-22 17:33 . 2006-03-03 12:05 -------- d-----w- c:\program files\Java
2009-12-22 10:36 . 2009-09-21 13:02 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-22 10:36 . 2009-09-21 13:02 38784 ----a-w- c:\documents and settings\ME\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-20 16:02 . 2006-03-21 11:12 -------- d-----w- c:\program files\Lavasoft
2009-12-20 16:02 . 2008-03-18 13:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-17 18:19 . 2009-12-12 20:54 67244 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-12-17 18:19 . 2009-12-12 20:54 193568 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-16 18:19 . 2009-08-07 08:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-16 18:19 . 2009-08-07 08:10 -------- d-----w- c:\documents and settings\ME\Application Data\SUPERAntiSpyware.com
2009-12-16 18:18 . 2006-02-26 18:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-16 13:33 . 2009-07-22 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Entriq
2009-12-15 16:53 . 2006-02-17 21:21 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-12 10:38 . 2008-07-29 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-12-11 17:35 . 2006-03-21 10:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-03 16:38 . 2009-08-28 23:14 -------- d-----w- c:\program files\Dabrisoft
2009-11-29 16:13 . 2009-06-05 12:43 -------- d-----w- c:\documents and settings\ME\Application Data\Quo2
2009-11-29 16:04 . 2009-08-11 14:35 -------- d-----w- c:\documents and settings\ME\Application Data\Spotify
2009-11-29 15:34 . 2009-07-02 17:08 -------- d-----w- c:\program files\Songbird
2009-11-24 15:55 . 2008-12-24 11:45 -------- d-----w- c:\program files\Incomplete
2009-11-21 15:51 . 2005-11-30 01:03 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-13 13:05 . 2009-11-13 13:05 -------- d-----w- c:\program files\Just Flight
2009-11-13 13:05 . 2005-11-30 17:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-13 10:38 . 2009-11-13 10:38 -------- d-----w- c:\program files\roadhawk
2009-11-12 09:29 . 2009-07-28 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-02 20:42 . 2009-10-03 17:52 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:45 . 2005-11-30 01:04 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-28 18:17 . 2009-10-28 18:17 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-21 05:38 . 2005-11-30 01:04 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2005-11-30 01:04 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 23:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2005-11-30 01:04 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2005-11-30 01:04 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2005-11-30 01:04 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-08 14:57 . 2007-10-09 13:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 14:57 . 2005-11-30 01:04 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 14:56 . 2005-11-30 01:04 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-07-17 11:42 . 2009-07-17 11:42 4820 -c--a-w- c:\program files\qexdb.txt
2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-03-29 14:50 . 2006-03-29 14:50 61 -csh--w- c:\windows\cnerolf.dat
2008-08-09 12:14 . 2008-08-09 12:13 80 -csh--r- c:\windows\system32\A09E64B1A5.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FLMK08KB"="c:\program files\Multimedia Keyboard\KbdAp32A.exe" [2006-03-28 380928]
"FLMOFFICE4DMOUSE"="c:\program files\Browser Mouse\mouse32a.exe" [2006-03-25 360448]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"PC Pitstop Optimize Reminder"="c:\program files\PCPitstop\Optimize3\Reminder-Optimize3.exe" [2009-06-10 205552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Help.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BT Broadband Help.lnk
backup=c:\windows\pss\BT Broadband Help.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IconixOEAddOn
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize2 Reminder

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:45 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-03-11 16:54 321344 -c--a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 -c----w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-02-26 01:01 437160 -c--a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-03 08:01 133104 -c--atw- c:\documents and settings\ME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2004-02-03 13:42 401491 -c--a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Explorer]
2009-03-08 14:09 638816 ----a-w- c:\program files\Internet Explorer\iexplore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Outlook Express]
2008-04-14 00:12 60416 -c--a-w- c:\program files\Outlook Express\msimn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-06-07 17:16 282624 -c--a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 11:17 61440 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tesco]
2009-07-09 09:07 7801344 -c--a-w- c:\program files\Tesco internet phone\TescoIP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 18:20 866584 -c--a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 20:05 204288 -c----w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"SerialNumber"="A109A-K13-3ZXD-BAP5-TE"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Bridge Base Online\\NetBridgeVu.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\GPL 2004 DEMO\\gpl.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Tesco internet phone\\TescoIP.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\GPL 2004 DEMO\\gplc66.exe"=
"c:\\Program Files\\GPLSecrets\\iGOR\\iGOR.exe"=
"c:\\Documents and Settings\\ME\\Desktop\\RarSFX0\\iGOR\\iGOR.exe"=
"c:\\Program Files\\VROC\\WinVROC\\WinVROC.exe"=
"c:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Memory-Map\\OS-5\\showmmcrypt.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Memory-Map\\OS-5\\MMNav.exe"=
"c:\\Program Files\\Memory-Map\\OS-5\\mm3d.exe"=
"c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:UDP"= 8000:UDP:*:Disabled:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:*:Disabled:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:*:Disabled:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:*:Disabled:Express Talk RTP Incoming Audio (UDP)
"3389:TCP"= 3389:TCP:*:Disabled:Remote Desktop

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13/12/2009 16:41 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 08:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 08:43 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/12/2009 16:41 20560]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
R3 FIXUSTOR;FIXUSTOR;c:\windows\system32\drivers\fixustor.sys [04/01/2006 17:46 11136]
R3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [12/10/2007 12:17 220079]
R3 rxpvbus;Reality XP Avionics Bus Driver;c:\windows\system32\drivers\rxpvbus.sys [28/08/2005 21:04 44032]
R3 ZT6688;ZT6688 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\ZT6688.sys [10/03/2008 17:03 21376]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S1 ensqio;ensqio;c:\windows\system32\DRIVERS\ensqio.sys --> c:\windows\system32\DRIVERS\ensqio.sys [?]
S1 sbpcint4;SB AudioPCI 128;c:\windows\system32\DRIVERS\sbpcint4.sys --> c:\windows\system32\DRIVERS\sbpcint4.sys [?]
S3 cpuz128;cpuz128;\??\c:\docume~1\ME\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\ME\LOCALS~1\Temp\cpuz_x32.sys [?]
S3 huadio;huadio;\??\c:\huadio.tmp --> c:\huadio.tmp [?]
S3 LV506AV;Logitech QuickCam Cordless(PID_0430);c:\windows\system32\drivers\LV506AV.SYS [18/02/2006 00:00 259584]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\241.tmp --> c:\windows\system32\241.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SaiH0486;SaiH0486;c:\windows\system32\drivers\SaiH0486.sys [17/01/2006 17:48 132232]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 08:43 7408]
S3 Tileproxy;Tileproxy;c:\windows\system32\drivers\tileproxy.sys [09/03/2008 14:38 31616]
S3 vaxscsi;vaxscsi;c:\windows\system32\Drivers\vaxscsi.sys --> c:\windows\system32\Drivers\vaxscsi.sys [?]
S4 gupdate1c985f05e04b7a4;Google Update Service (gupdate1c985f05e04b7a4);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2009 11:12 133104]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [30/12/2009 14:14 90352]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-01-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;<local>
IE: E&xport to Microsoft Excel
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\ME\Application Data\Mozilla\Firefox\Profiles\z0dxo51i.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.foxstart.com/?rls=en:uk:mb
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\ME\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
MSConfigStartUp-SSBkgdUpdate - c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet012\Services\huadio]
"ImagePath"="\??\c:\huadio.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet012\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\241.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet012\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3069503073-2611073265-3339622535-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-3069503073-2611073265-3339622535-1007\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-3069503073-2611073265-3339622535-1007)
@Allowed: (Read) (S-1-5-21-3069503073-2611073265-3339622535-1007)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-3069503073-2611073265-3339622535-1007\S@wlr \SVu3@\Ji*n*d@w3@ SVu*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"UniqueID"="{2D37C6C9-565C-4CB1-9790-09708DA3F887}"
"ComputerName"="ME"
"VolumeSerialNumber"=dword:34a91d3a
DUMPHIVE0.003 (REGF)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(620)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-01-05 11:40:34
ComboFix-quarantined-files.txt 2010-01-05 11:40

Pre-Run: 99,417,526,272 bytes free
Post-Run: 99,805,171,712 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut /TUTag=P4ZFQO

- - End Of File - - 48C450EE0ADE43B3C62F41612BCCCF9C

By the way, I also found this file when seeking the above. It has only just been created and is in a ComboFix folder on c:
It is called mbr.txt and reads as follows:-

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba11cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> sfsync02.sys @ 0xba0e98b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
copy of MBR has been found in sector 0x012A18AC1
malicious code @ sector 0x012A18AC4 !
PE file found in sector at 0x012A18ADA !

My guess is that combofix found this file and resaved it?

Thank you again for all your help syler.

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:33 PM

Posted 05 January 2010 - 06:13 PM

Glad to here it's running better :(
  • Go to Start >> Run
  • Copy and paste the following command line into the Run box, then click OK.

cmd /c mbr -t& start mbr.log

  • A file called mbr.log will pop up please post the contents in your reply.

unite.jpg


#13 freedie

freedie
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:33 PM

Posted 06 January 2010 - 09:57 AM

Worringly? it reads as follows:-

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys intelide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x012A18AC1
malicious code @ sector 0x012A18AC4 !
PE file found in sector at 0x012A18ADA !

Hope you can fix this er, if it needs fixing?

Thx again syler

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:33 PM

Posted 06 January 2010 - 02:44 PM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\program files\qexdb.txt
c:\windows\cnerolf.dat
Driver::
cpuz128
MEMSWEEP2

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

unite.jpg


#15 freedie

freedie
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:33 PM

Posted 07 January 2010 - 05:21 AM

OK syler; here it is:-

ComboFix 10-01-04.01 - ME 07/01/2010 9:44.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1569 [GMT 0:00]
Running from: c:\documents and settings\ME\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ME\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100106-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\program files\qexdb.txt"
"c:\windows\cnerolf.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\qexdb.txt
c:\windows\cnerolf.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CPUZ128
-------\Legacy_MEMSWEEP2
-------\Service_cpuz128
-------\Service_MEMSWEEP2


((((((((((((((((((((((((( Files Created from 2009-12-07 to 2010-01-07 )))))))))))))))))))))))))))))))
.

2010-01-05 05:47 . 2010-01-05 05:47 -------- d-----w- c:\documents and settings\ME\Application Data\Yahoo!
2010-01-03 11:11 . 2003-06-25 16:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2009-12-26 17:22 . 2009-12-26 17:23 -------- dc-h--w- c:\windows\ie8
2009-12-24 10:15 . 2009-12-24 10:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2009-12-22 17:33 . 2009-12-22 17:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-22 14:19 . 2009-12-22 14:19 -------- d-----w- c:\program files\TrendMicro
2009-12-17 18:16 . 2002-11-18 15:51 377358 ----a-w- c:\windows\system32\drivers\cmaudio.sys
2009-12-17 18:16 . 2002-10-09 09:38 32768 ----a-w- c:\windows\system32\cmnprop.dll
2009-12-17 18:16 . 2001-11-23 12:08 712704 ----a-w- c:\windows\system32\Audio3D.dll
2009-12-17 18:16 . 2000-10-20 18:28 765952 ----a-w- c:\windows\system\crlds3d.dll
2009-12-17 18:16 . 2002-11-19 15:46 39104 ----a-w- c:\windows\cmijack.dat
2009-12-17 18:16 . 2002-11-19 15:43 22178 ----a-w- c:\windows\cmaudio.dat
2009-12-17 18:16 . 2002-10-15 18:00 1818624 ----a-w- c:\windows\mixer.exe
2009-12-17 18:16 . 2002-07-11 11:24 139264 ----a-w- c:\windows\cmuninst.exe
2009-12-15 16:42 . 2009-12-15 16:42 -------- d-----w- c:\documents and settings\ME\Application Data\Tific
2009-12-15 16:42 . 2009-12-16 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-12-15 16:42 . 2009-12-15 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-12-13 16:41 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-13 16:41 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-13 16:41 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-13 16:41 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-13 16:41 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-13 16:41 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-13 16:41 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-13 16:41 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-13 16:41 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-13 16:41 . 2009-12-13 16:41 -------- d-----w- c:\program files\Alwil Software
2009-12-13 16:21 . 2009-12-13 16:21 -------- d-----w- c:\program files\Enigma Software Group
2009-12-13 15:14 . 2009-12-13 15:14 -------- d-----w- c:\program files\Sophos
2009-12-12 20:54 . 2009-12-17 18:19 706080 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-12-12 20:54 . 2009-12-17 18:19 14298400 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-11 16:38 . 2009-12-13 11:44 -------- d-----w- c:\program files\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 16:07 . 2008-05-07 09:37 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-05 06:17 . 2009-03-01 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-01-05 06:16 . 2009-03-30 09:16 -------- d-----w- c:\program files\PCPitstop
2010-01-03 08:55 . 2009-11-11 22:20 258688 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-03 08:39 . 2008-09-01 16:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-03 08:36 . 2009-01-07 08:12 5061520 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-01 10:11 . 2006-02-17 21:06 53904 -c--a-w- c:\documents and settings\ME\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-30 14:55 . 2008-09-01 16:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 14:54 . 2008-09-01 16:46 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-12-27 17:09 . 2008-03-28 13:11 -------- d-----w- c:\program files\Axis Communications
2009-12-26 17:51 . 2009-12-26 17:51 52224 ----a-w- c:\documents and settings\ME\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-26 17:51 . 2009-12-16 18:20 117760 ----a-w- c:\documents and settings\ME\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-26 15:53 . 2009-11-11 16:39 -------- d-----w- c:\program files\Uniblue
2009-12-26 15:40 . 2009-11-11 16:40 -------- d-----w- c:\documents and settings\ME\Application Data\uniblue
2009-12-25 20:21 . 2006-02-22 16:05 -------- d-----w- c:\documents and settings\ME\Application Data\Skype
2009-12-25 18:19 . 2008-03-01 20:41 -------- d-----w- c:\documents and settings\ME\Application Data\skypePM
2009-12-22 17:33 . 2006-03-03 12:05 -------- d-----w- c:\program files\Java
2009-12-22 17:33 . 2009-12-22 17:33 152576 ----a-w- c:\documents and settings\ME\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-22 17:32 . 2009-12-22 17:32 79488 ----a-w- c:\documents and settings\ME\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-22 14:19 . 2009-12-22 14:19 388096 ----a-r- c:\documents and settings\ME\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-22 10:36 . 2009-09-21 13:02 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-22 10:36 . 2009-09-21 13:02 38784 ----a-w- c:\documents and settings\ME\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-20 16:02 . 2006-03-21 11:12 -------- d-----w- c:\program files\Lavasoft
2009-12-20 16:02 . 2008-03-18 13:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-17 18:19 . 2009-12-12 20:54 67244 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-12-17 18:19 . 2009-12-12 20:54 193568 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-16 18:19 . 2009-08-07 08:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-16 18:19 . 2009-08-07 08:10 -------- d-----w- c:\documents and settings\ME\Application Data\SUPERAntiSpyware.com
2009-12-16 18:18 . 2006-02-26 18:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-16 13:33 . 2009-07-22 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Entriq
2009-12-15 16:53 . 2006-02-17 21:21 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-12 10:38 . 2008-07-29 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-12-11 17:35 . 2006-03-21 10:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-03 16:38 . 2009-08-28 23:14 -------- d-----w- c:\program files\Dabrisoft
2009-11-29 16:13 . 2009-06-05 12:43 -------- d-----w- c:\documents and settings\ME\Application Data\Quo2
2009-11-29 16:04 . 2009-08-11 14:35 -------- d-----w- c:\documents and settings\ME\Application Data\Spotify
2009-11-29 15:34 . 2009-07-02 17:08 -------- d-----w- c:\program files\Songbird
2009-11-24 15:55 . 2008-12-24 11:45 -------- d-----w- c:\program files\Incomplete
2009-11-21 15:51 . 2005-11-30 01:03 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-13 13:05 . 2009-11-13 13:05 -------- d-----w- c:\program files\Just Flight
2009-11-13 13:05 . 2005-11-30 17:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-13 10:38 . 2009-11-13 10:38 -------- d-----w- c:\program files\roadhawk
2009-11-12 09:29 . 2009-07-28 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-02 20:42 . 2009-10-03 17:52 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:45 . 2005-11-30 01:04 916480 ------w- c:\windows\system32\wininet.dll
2009-10-28 18:17 . 2009-10-28 18:17 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-21 05:38 . 2005-11-30 01:04 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2005-11-30 01:04 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 23:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2005-11-30 01:04 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2005-11-30 01:04 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2005-11-30 01:04 79872 ----a-w- c:\windows\system32\raschap.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-08-09 12:14 . 2008-08-09 12:13 80 -csh--r- c:\windows\system32\A09E64B1A5.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FLMK08KB"="c:\program files\Multimedia Keyboard\KbdAp32A.exe" [2006-03-28 380928]
"FLMOFFICE4DMOUSE"="c:\program files\Browser Mouse\mouse32a.exe" [2006-03-25 360448]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Help.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BT Broadband Help.lnk
backup=c:\windows\pss\BT Broadband Help.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:45 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-03-11 16:54 321344 -c--a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 -c----w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-02-26 01:01 437160 -c--a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-03 08:01 133104 -c--atw- c:\documents and settings\ME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2004-02-03 13:42 401491 -c--a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Explorer]
2009-03-08 14:09 638816 ----a-w- c:\program files\Internet Explorer\iexplore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Outlook Express]
2008-04-14 00:12 60416 -c--a-w- c:\program files\Outlook Express\msimn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-06-07 17:16 282624 -c--a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 11:17 61440 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tesco]
2009-07-09 09:07 7801344 -c--a-w- c:\program files\Tesco internet phone\TescoIP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 20:05 204288 -c----w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"PC Pitstop Optimize Reminder"=c:\program files\PCPitstop\Optimize3\Reminder-Optimize3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"SerialNumber"="A109A-K13-3ZXD-BAP5-TE"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Bridge Base Online\\NetBridgeVu.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\GPL 2004 DEMO\\gpl.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Tesco internet phone\\TescoIP.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\GPL 2004 DEMO\\gplc66.exe"=
"c:\\Program Files\\GPLSecrets\\iGOR\\iGOR.exe"=
"c:\\Documents and Settings\\ME\\Desktop\\RarSFX0\\iGOR\\iGOR.exe"=
"c:\\Program Files\\VROC\\WinVROC\\WinVROC.exe"=
"c:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Memory-Map\\OS-5\\showmmcrypt.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Memory-Map\\OS-5\\MMNav.exe"=
"c:\\Program Files\\Memory-Map\\OS-5\\mm3d.exe"=
"c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:UDP"= 8000:UDP:*:Disabled:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:*:Disabled:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:*:Disabled:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:*:Disabled:Express Talk RTP Incoming Audio (UDP)
"3389:TCP"= 3389:TCP:*:Disabled:Remote Desktop

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13/12/2009 16:41 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 08:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 08:43 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/12/2009 16:41 20560]
R3 FIXUSTOR;FIXUSTOR;c:\windows\system32\drivers\fixustor.sys [04/01/2006 17:46 11136]
R3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [12/10/2007 12:17 220079]
R3 rxpvbus;Reality XP Avionics Bus Driver;c:\windows\system32\drivers\rxpvbus.sys [28/08/2005 21:04 44032]
R3 ZT6688;ZT6688 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\ZT6688.sys [10/03/2008 17:03 21376]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S1 ensqio;ensqio;c:\windows\system32\DRIVERS\ensqio.sys --> c:\windows\system32\DRIVERS\ensqio.sys [?]
S1 sbpcint4;SB AudioPCI 128;c:\windows\system32\DRIVERS\sbpcint4.sys --> c:\windows\system32\DRIVERS\sbpcint4.sys [?]
S3 huadio;huadio;\??\c:\huadio.tmp --> c:\huadio.tmp [?]
S3 LV506AV;Logitech QuickCam Cordless(PID_0430);c:\windows\system32\drivers\LV506AV.SYS [18/02/2006 00:00 259584]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SaiH0486;SaiH0486;c:\windows\system32\drivers\SaiH0486.sys [17/01/2006 17:48 132232]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 08:43 7408]
S3 Tileproxy;Tileproxy;c:\windows\system32\drivers\tileproxy.sys [09/03/2008 14:38 31616]
S3 vaxscsi;vaxscsi;c:\windows\system32\Drivers\vaxscsi.sys --> c:\windows\system32\Drivers\vaxscsi.sys [?]
S4 gupdate1c985f05e04b7a4;Google Update Service (gupdate1c985f05e04b7a4);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2009 11:12 133104]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [30/12/2009 14:14 90352]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;<local>
IE: E&xport to Microsoft Excel
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\ME\Application Data\Mozilla\Firefox\Profiles\z0dxo51i.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.foxstart.com/?rls=en:uk:mb
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\ME\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-07 09:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet012\Services\huadio]
"ImagePath"="\??\c:\huadio.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet012\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3069503073-2611073265-3339622535-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-3069503073-2611073265-3339622535-1007\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-3069503073-2611073265-3339622535-1007)
@Allowed: (Read) (S-1-5-21-3069503073-2611073265-3339622535-1007)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-3069503073-2611073265-3339622535-1007\S@wlr \SVu3@\Ji*n*d@w3@ SVu*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"UniqueID"="{2D37C6C9-565C-4CB1-9790-09708DA3F887}"
"ComputerName"="ME"
"VolumeSerialNumber"=dword:34a91d3a
DUMPHIVE0.003 (REGF)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(620)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3352)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Browser Mouse\MOUDL32A.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-07 09:59:50 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-07 09:59
ComboFix2.txt 2010-01-05 11:40

Pre-Run: 99,803,734,016 bytes free
Post-Run: 99,691,208,704 bytes free

- - End Of File - - 62BAE06FB0079ECBF22FCCC917D7B2B5

Good luck and thanks again

Eddie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users