Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google links redirect to wrong websites


  • This topic is locked This topic is locked
12 replies to this topic

#1 Richardflea

Richardflea

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Markinch, Fife, UK
  • Local time:12:57 PM

Posted 29 April 2010 - 10:19 AM

Hello there!

The past couple days I've started to notice strange goings-on when I've been using Internet browsers (Firefox and IE).

When I do a Google search, it will bring up the search results as normal.

But most of the time, when I click on the links, I will be redirected to pages from websites such as:

info.co.uk
officialmed.org
morphinkids.com
drcody.com

etc. the list goes on!

I've ran Malwarebytes' Anti Malware and it says I have no infections.

AVG scans show no unusual behaviours.


Heres the Hijack This log;





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:18:52, on 29/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32wltrysvc.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesAVGAVG9avgchsvx.exe
C:Program FilesAVGAVG9avgrsx.exe
C:WINDOWSSystem32bcmwltry.exe
C:Program FilesAVGAVG9avgcsrvx.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
C:Program FilesAVGAVG9avgwdsvc.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSsystem32cisvc.exe
C:Program FilesDigidesignDriversMMERefresh.exe
C:Program FilesAVGAVG9avgnsx.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesMediafourMacDrive 8MacDrive8Service.exe
C:Program FilesCommon FilesMotiveMcciCMService.exe
C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
C:WINDOWSsystem32tcpsvcs.exe
C:WINDOWSSystem32snmp.exe
C:Program FilesDell Support Centerbinsprtsvc.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Program FilesAVGAVG9avgemc.exe
C:Program FilesAVGAVG9avgcsrvx.exe
C:WINDOWSsystem32wltray.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:PROGRA~1AVGAVG9avgtray.exe
C:Program FilesMediafourMacDrive 8MacDrive.exe
C:Program FilesIconsSetIcon.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesSonic SharedCineTray.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = click here
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = click here
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG9avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:Program FilesMicrosoftSearch Enhancement PackSearch HelperSEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.5.4723.1820swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program FilesMSNToolbar3.0.1203.0msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:Program FilesWindows LiveToolbarwltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 - Toolbar: gksraemq - {F661BA6B-FAF4-4165-A701-F65A7585AC91} - C:WINDOWSgksraemq.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:Program FilesWindows LiveToolbarwltcore.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:Program FilesMSNToolbar3.0.1203.0msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O4 - HKLM..Run: [wltray.exe] C:WINDOWSsystem32wltray.exe
O4 - HKLM..Run: [PHIME2002ASync] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 - HKLM..Run: [MSPY2002] C:WINDOWSsystem32IMEPINTLGNTImScInst.exe /SYNC
O4 - HKLM..Run: [MSN Explorer] C:windowssystem32drivershelpsysmsnexplorer.exe
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [ISUSPM Startup] "c:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe" -startup
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb11.exe
O4 - HKLM..Run: [AppleSyncNotifier] C:Program FilesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe
O4 - HKLM..Run: [AVG9_TRAY] C:PROGRA~1AVGAVG9avgtray.exe
O4 - HKLM..Run: [StartCCC] "C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
O4 - HKLM..Run: [MacDrive 8 application] "C:Program FilesMediafourMacDrive 8MacDrive.exe"
O4 - HKLM..Run: [Getting started with MacDrive 8] "C:Program FilesMediafourMacDrive 8MDGetStarted.exe" /auto
O4 - HKLM..Run: [SetIcon] C:Program FilesIconsSetIcon.exe
O4 - HKLM..Run: [Adobe ARM] "C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe"
O4 - HKLM..Run: [DigidesignMMERefresh] C:Program FilesDigidesignDriversMMERefresh.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesCommon FilesJavaJava Updatejusched.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..RunServices: [SchedulingAgent] C:WINDOWSsystem32mstask.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [IpWins] C:Program FilesIpwindowsipwins.exe
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUSS-1-5-18..PoliciesExplorerRun: [{C06C25D5-0D3F-1033-1013-05050622002c}] "C:Program FilesCommon Files{C06C25D5-0D3F-1033-1013-05050622002c}Update.exe" te-110-12-0000073 (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - HKUS.DEFAULT..PoliciesExplorerRun: [{C06C25D5-0D3F-1033-1013-05050622002c}] "C:Program FilesCommon Files{C06C25D5-0D3F-1033-1013-05050622002c}Update.exe" te-110-12-0000073 (User 'Default user')
O4 - Startup: Sonic CinePlayer Quick Launch.lnk = C:Program FilesCommon FilesSonic SharedCineTray.exe
O4 - Startup: Windows Live Messenger .lnk = C:Program FilesWindows LiveMessengermsnmsgr.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - click here
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~4OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:Program FilesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Save YouTube Video - res://C:Program FilesCommon FilesDVDVideoSoftDllIEContextMenuY.dll/scriptY2MP4.htm
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:Program FilesCommon FilesDVDVideoSoftDllIEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~4OFFICE11REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:Program FilesPartyGamingPartyPokerRunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:Program FilesPartyGamingPartyPokerRunApp.exe (file missing)
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:Program FilesPartyGamingPartyBingoRunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:Program FilesPartyGamingPartyBingoRunBingo.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:Documents and SettingsRichard AlexanderStart MenuProgramsIMVURun IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - click here
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - click here
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - click here
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - click here
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - click here
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - click here
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - click here
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - click here
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - click here
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - click here
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - click here
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - click here
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - click here
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - click here
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - click here
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - click here
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - click here
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - click here
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - click here
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - click here
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - click here
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - click here
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - click here
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - click here
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - click here
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - click here
O18 - Protocol: cdefs - {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} - C:Program FilesAnuman InteractiveTrain Set Buildermonki.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG9avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:WINDOWSSYSTEM32avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:Program FilesAVGAVG9avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:Program FilesAVGAVG9avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: CardBusService - Unknown owner - C:Program FilesCommon FilesAVerMediaServiceCardBusService.exe (file missing)
O23 - Service: Client IP-IPX - Unknown owner - C:WINDOWSsystem32svchosts.exe (file missing)
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:Program FilesDigidesignDriversMMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:Program FilesDigidesignPro ToolsdigiSPTIService.exe
O23 - Service: Google Update Service (gupdate1c99fe14b83cb5a) (gupdate1c99fe14b83cb5a) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: MacDrive 8 service (MacDrive8Service) - Mediafour Corporation - C:Program FilesMediafourMacDrive 8MacDrive8Service.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:Program FilesCommon FilesMotiveMcciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:Program FilesIntelPROSetWiredNCSSyncNetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:Program FilesDell Support Centerbinsprtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:PROGRA~1COMMON~1SONYSH~1AVLibSptisrv.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:WINDOWSSystem32wltrysvc.exe



DDS log


DDS (Ver_10-03-17.01) - NTFSx86
Run by Richard Alexander at 18:20:01.25 on 29/04/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.412 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Icons\SetIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\wltray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Richard Alexander\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: QXK Olive: {d3cecc49-a0f2-4cb5-bfca-a79c22c08059} - c:\windows\vanwxemgvdp.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: gksraemq: {f661ba6b-faf4-4165-a701-f65a7585ac91} - c:\windows\gksraemq.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IpWins] c:\program files\ipwindows\ipwins.exe
uRun: [eyeBeam SIP Client]
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [MSN Explorer] c:\windows\system32\drivers\helpsys\msnexplorer.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [MacDrive 8 application] "c:\program files\mediafour\macdrive 8\MacDrive.exe"
mRun: [Getting started with MacDrive 8] "c:\program files\mediafour\macdrive 8\MDGetStarted.exe" /auto
mRun: [SetIcon] c:\program files\icons\SetIcon.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [wltray.exe] c:\windows\system32\wltray.exe
mRunServices: [SchedulingAgent] c:\windows\system32\mstask.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uExplorerRun: [{C06C25D5-0D3F-1033-1013-05050622002c}] "c:\program files\common files\{c06c25d5-0d3f-1033-1013-05050622002c}\Update.exe" te-110-12-0000073
dExplorerRun: [{C06C25D5-0D3F-1033-1013-05050622002c}] "c:\program files\common files\{c06c25d5-0d3f-1033-1013-05050622002c}\Update.exe" te-110-12-0000073
dExplorerRun: [{C06C25D5-0D3F-1033-0108-07050622002c}] "c:\program files\common files\{c06c25d5-0d3f-1033-0108-07050622002c}\Update.exe" te-110-12-0000073
StartupFolder: c:\docume~1\richar~1\startm~1\programs\startup\sonicc~1.lnk - c:\program files\common files\sonic shared\CineTray.exe
StartupFolder: c:\docume~1\richar~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows live\messenger\msnmsgr.exe
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Save YouTube Video - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - c:\program files\partygaming\partybingo\RunBingo.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\richard alexander\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} - hxxp://musicmix.messenger.msn.com/Medialogic.CAB
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} - hxxp://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://richardalexander001.spaces.live.com/PhotoUpload/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} - hxxp://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} - hxxp://www.miniclip.com/igloader/igloader.CAB
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://138.237.46.59/activex/AMC.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - hxxp://by106fd.bay106.hotmail.msn.com/activex/HMAtchmt.ocx
Handler: cdefs - {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\richar~1\applic~1\mozilla\firefox\profiles\jg8d4r3j.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2010-3-20 16384]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2009-9-28 259176]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [2009-7-31 27488]
R0 vburner;vburner;c:\windows\system32\drivers\vburner.sys [2008-8-29 15872]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-31 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-31 29512]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-8-31 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-16 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-16 308064]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2010-3-20 11776]
R2 Ekauio;Ekahau NDIS Usermode I/O Protocol;c:\windows\system32\drivers\ekauio.sys [2009-4-7 12416]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
R2 MacDrive8Service;MacDrive 8 service;c:\program files\mediafour\macdrive 8\MacDrive8Service.exe [2009-9-23 150528]
R3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2005-12-30 31872]
S2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [2005-3-15 277504]
S2 CardBusService;CardBusService;c:\program files\common files\avermedia\service\cardbusservice.exe --> c:\program files\common files\avermedia\service\CardBusService.exe [?]
S2 Client IP-IPX;Client IP-IPX;"c:\windows\system32\svchosts.exe" -e te-110-12-0000073 --> c:\windows\system32\svchosts.exe [?]
S2 gupdate1c99fe14b83cb5a;Google Update Service (gupdate1c99fe14b83cb5a);c:\program files\google\update\GoogleUpdate.exe [2009-3-8 133104]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2007-11-20 1171456]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2010-3-20 109056]
S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2007-7-15 465988]
S3 jatmlano;jatmlano;\??\c:\docume~1\richar~1\locals~1\temp\jatmlano.sys --> c:\docume~1\richar~1\locals~1\temp\jatmlano.sys [?]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [2010-3-20 15488]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2010-3-20 15232]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\NPF.sys [?]
S3 PhilTune;Philips TV Tuner;c:\windows\system32\drivers\PhilTune.sys [2008-3-4 19840]
S3 RDID1053;EDIROL PC-50;c:\windows\system32\drivers\RDWM1053.SYS [2006-2-20 59649]

=============== Created Last 30 ================

2010-04-29 16:43:57 0 ----a-w- c:\documents and settings\richard alexander\regsvr32
2010-04-29 16:39:36 0 d-----w- c:\program files\Trend Micro
2010-04-29 16:02:47 0 d-----w- c:\program files\CCleaner
2010-04-29 15:44:59 7417 ----a-w- c:\windows\system32\drivers\bcm43xx.cat
2010-04-29 15:44:59 31185 ----a-w- c:\windows\system32\drivers\bcmrndis.inf
2010-04-29 15:44:59 27264 ----a-w- c:\windows\system32\drivers\RNDISMPK.sys
2010-04-29 15:44:59 172032 ----a-w- c:\windows\system32\BCMLogon.dll
2010-04-29 15:44:59 0 d-----w- c:\program files\BT Voyager
2010-04-29 15:12:07 0 d-----w- c:\windows\system32\wbem\Repository
2010-04-29 15:10:33 0 d-----w- c:\program files\AVS4YOU
2010-04-29 15:10:33 0 d-----w- c:\program files\AudioCommander
2010-04-29 15:10:32 0 d-----w- c:\program files\TeamViewer
2010-04-29 15:10:32 0 d-----w- c:\program files\Desktop Screen Record 5
2010-04-29 15:10:16 0 d-----w- c:\program files\PartyGaming
2010-04-29 15:10:16 0 d-----w- c:\program files\common files\Real
2010-04-29 15:10:16 0 d-----w- C:\DVDVideoSoft
2010-04-29 14:40:46 0 d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan
2010-04-29 12:08:17 0 d-----w- c:\docume~1\richar~1\applic~1\Malwarebytes
2010-04-29 12:07:49 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 12:07:49 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-26 22:16:19 0 d-----w- c:\program files\Flux
2010-04-26 22:15:43 0 d-----w- c:\program files\Nomad Factory Inc
2010-04-26 22:14:36 0 d-----w- c:\program files\Sonalksis
2010-04-26 22:14:35 10553 ----a-w- c:\windows\unins000.dat
2010-04-17 13:57:12 0 d-----w- c:\docume~1\richar~1\applic~1\TightVNC
2010-04-16 20:07:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Messenger Plus!
2010-04-16 20:07:00 0 d-----w- c:\program files\Messenger Plus! Live
2010-04-13 22:30:13 0 d-----w- c:\docume~1\richar~1\applic~1\AVG9
2010-04-13 20:50:53 0 d-----w- c:\program files\IK Multimedia
2010-04-11 18:43:52 0 d-----w- c:\docume~1\richar~1\applic~1\Sibelius Software
2010-04-06 18:27:55 160373 ----a-w- c:\windows\MPEG-4 Booster Pack Uninstaller.exe
2010-04-06 18:17:14 166361 ----a-w- c:\windows\Video Cleaner Pro Uninstaller.exe
2010-04-06 17:56:27 0 d-----w- c:\program files\WMV9_VCM
2010-04-06 12:48:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-04-05 18:18:59 0 d-----w- c:\program files\iPod
2010-04-05 18:18:55 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-05 18:18:54 0 d-----w- c:\program files\iTunes
2010-04-05 18:10:50 0 d-----w- c:\program files\Bonjour
2010-04-02 17:59:59 0 d-----w- C:\Digidesign Databases

==================== Find3M ====================

2010-04-29 15:45:53 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-04-20 15:46:25 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-16 21:53:53 77348 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-06 12:47:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-26 21:37:31 6500352 ----a-w- c:\windows\system32\PSP VintageWarmer2.dll
2010-03-26 21:37:30 6496256 ----a-w- c:\windows\system32\PSP VintageWarmer.dll
2010-03-26 21:25:44 6080000 ----a-w- c:\windows\system32\PSP oldTimer.dll
2010-03-26 21:18:20 3175424 ----a-w- c:\windows\system32\PSP Nitro.dll
2010-03-16 14:23:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-16 14:23:15 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-10 20:24:02 364544 ----a-w- c:\windows\system32\WDBtnMgr.exe
2010-03-10 13:18:21 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-03-10 13:18:20 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-02-25 19:32:42 165073 ----a-w- c:\windows\Audio Converter Pro Uninstaller.exe
2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-23 05:20:02 634648 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2010-02-23 05:18:28 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2010-02-17 08:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 10:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 10:03:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2007-11-01 21:27:00 244 -c--a-w- c:\program files\INSTALL.LOG
2008-01-02 12:00:27 16384 -csha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2007-12-29 16:39:22 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012007122920071230\index.dat
2008-09-20 19:41:38 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092020080921\index.dat

============= FINISH: 18:21:30.66 ===============


Thats it! Hope someone can help.

Also, Attached is a the log that GMER outputs.
(GMER was run in Safe Mode)

Attached Files


Edited by Richardflea, 30 April 2010 - 02:39 AM.
Posts merged ~BP


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:57 PM

Posted 03 May 2010 - 10:41 AM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since
resolved your issues I would appreciate if you would let me no so I can close this topic.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %appdata%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    /md5start
    proquota.exe
    sfcfiles.dll
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    beep.sys
    iaStor.sys
    nvstor.sys
    atapi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    iastorv.sys
    /md5stop
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Thanks

unite.jpg


#3 Richardflea

Richardflea
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Markinch, Fife, UK
  • Local time:12:57 PM

Posted 03 May 2010 - 01:28 PM

Hey, thanks! The problem is still there unfortunately.

OTL.txt

OTL logfile created on: 03/05/2010 19:09:49 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Richard Alexander\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 523.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.76 Gb Total Space | 196.22 Gb Free Space | 85.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICHARD
Current User Name: Richard Alexander
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/03 14:11:28 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard Alexander\Desktop\OTL.exe
PRC - [2010/04/20 16:46:34 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/20 16:46:23 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/14 17:47:08 | 002,790,472 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/04/14 17:47:05 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/02 17:53:50 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/16 15:23:43 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/16 15:23:28 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/16 15:23:15 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/16 15:23:15 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/09/23 14:13:40 | 000,150,528 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
PRC - [2009/06/15 12:08:44 | 000,202,328 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/14 01:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/15 10:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2006/12/09 02:17:32 | 000,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2006/07/25 02:01:00 | 000,114,688 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic Shared\CineTray.exe
PRC - [2005/08/11 14:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/08/04 06:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2002/12/16 11:02:08 | 000,039,936 | ---- | M] (Standard Microsystems Corp.) -- C:\Program Files\Icons\SetIcon.exe


========== Modules (SafeList) ==========

MOD - [2010/05/03 14:11:28 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard Alexander\Desktop\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Client IP-IPX)
SRV - File not found [Auto | Stopped] -- -- (CardBusService)
SRV - [2010/04/14 17:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/04/14 17:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/04/14 17:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/16 15:23:28 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/16 15:23:15 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/09/23 14:13:40 | 000,150,528 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/04/14 01:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2008/04/14 01:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/14 01:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2007/11/15 10:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2006/12/09 02:17:32 | 000,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2006/12/09 00:13:06 | 000,122,880 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2004/08/04 06:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2004/08/04 06:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)
SRV - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/07/28 18:31:14 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe -- (SPTISRV)


========== Driver Services (SafeList) ==========

DRV - [2010/04/20 16:46:25 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/04/14 17:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/04/14 17:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/04/14 17:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/04/14 17:31:12 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/04/14 17:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/14 17:30:45 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/03/16 15:23:41 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/16 15:23:15 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/09/30 05:18:22 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/09/28 15:02:18 | 000,259,176 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2009/07/31 17:07:16 | 000,027,488 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV - [2009/05/11 23:38:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/05/11 23:38:23 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/04/07 13:45:24 | 000,012,416 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ekauio.sys -- (Ekauio)
DRV - [2009/01/06 08:38:52 | 000,035,328 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ax88772.sys -- (AX88772)
DRV - [2008/08/16 12:41:28 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/04/13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 19:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 19:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/26 11:19:28 | 000,015,872 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vburner.sys -- (vburner)
DRV - [2007/02/23 15:06:06 | 000,037,760 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV - [2007/02/06 16:05:14 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)
DRV - [2006/12/14 04:34:40 | 001,171,456 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerBDA3x.sys -- (AVerBDA3x)
DRV - [2006/12/08 23:50:34 | 000,011,776 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\diginet.sys -- (DigiNet)
DRV - [2006/12/08 23:50:30 | 000,016,384 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\DigiFilt.sys -- (DigiFilter)
DRV - [2006/12/08 23:49:58 | 000,015,232 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbx2midk.sys -- (MBX2MIDK)
DRV - [2006/12/08 23:49:42 | 000,015,488 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbx2dfu.sys -- (MBX2DFU)
DRV - [2006/12/08 23:48:38 | 000,109,056 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2006/12/08 15:49:56 | 000,015,360 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2006/10/05 18:07:28 | 000,072,608 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TPkd.sys -- (TPkd)
DRV - [2006/05/29 07:07:33 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2006/05/04 12:02:06 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2005/06/14 23:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/04/25 12:10:20 | 000,033,538 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2005/03/15 13:00:00 | 000,277,504 | ---- | M] (Philips Semiconductors) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SAA713x.sys -- (713xTVCard)
DRV - [2005/03/02 18:44:00 | 000,465,988 | R--- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HCWBT8XX.sys -- (HCWBT8xx)
DRV - [2005/02/08 21:57:06 | 000,059,649 | R--- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RDWM1053.SYS -- (RDID1053)
DRV - [2005/01/19 12:01:26 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2005/01/05 06:05:08 | 000,082,768 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabser.sys -- (slabser)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/05/13 14:00:04 | 000,111,808 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/05/13 12:19:36 | 000,079,488 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004/03/22 18:24:00 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/12/01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/11/17 22:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 22:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 22:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:07:20 | 000,019,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PhilTune.sys -- (PhilTune)
DRV - [2001/08/17 15:05:20 | 000,031,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OVCE.sys -- (QCEmerald)
DRV - [2001/08/17 15:05:06 | 000,025,216 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OVSound2.sys -- (lusbaudio)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 14:46:40 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enum1394.sys -- (ENUM1394)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:\PROGRA~1\SPEEDB~1\proxy.pac

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:\PROGRA~1\SPEEDB~1\proxy.pac



IE - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
IE - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C CF F2 D5 80 E8 C9 01 [binary data]
IE - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/20 17:49:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/29 16:09:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/29 16:09:58 | 000,000,000 | ---D | M]

[2010/04/29 16:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Alexander\Application Data\Mozilla\Extensions
[2009/08/21 17:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Alexander\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/04/29 16:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Alexander\Application Data\Mozilla\Firefox\Profiles\jg8d4r3j.default\extensions
[2010/04/29 16:11:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard Alexander\Application Data\Mozilla\Firefox\Profiles\jg8d4r3j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/29 16:11:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard Alexander\Application Data\Mozilla\Firefox\Profiles\jg8d4r3j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/29 16:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Alexander\Application Data\Mozilla\Firefox\Profiles\jg8d4r3j.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/04/29 16:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Alexander\Application Data\Mozilla\Firefox(2)\Profiles(2)\gmrw87b1.default\extensions
[2010/04/29 16:09:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Richard Alexander\Application Data\Mozilla\Firefox(2)\Profiles(2)\gmrw87b1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2010/04/29 16:09:50 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Richard Alexander\Application Data\Mozilla\Firefox(2)\Profiles(2)\gmrw87b1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2010/04/29 16:09:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/05/27 20:46:20 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/02/12 20:30:16 | 000,164,352 | ---- | M] (Indiepath Ltd) -- C:\Program Files\Mozilla Firefox\plugins\npigl.dll
[2006/08/09 11:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npWebLaunch.dll
[2009/08/09 01:11:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2009/08/09 01:30:36 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll

O1 HOSTS File: ([2008/09/03 23:36:03 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [Getting started with MacDrive 8] C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe (HP)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe (Standard Microsystems Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006..\Run: [eyeBeam SIP Client] File not found
O4 - HKLM..\RunServices: [SchedulingAgent] C:\WINDOWS\System32\mstask.exe File not found
O4 - Startup: C:\Documents and Settings\Richard Alexander\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: {C06C25D5-0D3F-1033-1013-05050622002c} = "C:\Program Files\Common Files\{C06C25D5-0D3F-1033-1013-05050622002c}\Update.exe" te-110-12-0000073 File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: {C06C25D5-0D3F-1033-0108-07050622002c} = "C:\Program Files\Common Files\{C06C25D5-0D3F-1033-0108-07050622002c}\Update.exe" te-110-12-0000073 ()
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: {C06C25D5-0D3F-1033-1013-05050622002c} = "C:\Program Files\Common Files\{C06C25D5-0D3F-1033-1013-05050622002c}\Update.exe" te-110-12-0000073 File not found
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: {C06C25D5-0D3F-1033-0108-07050622002c} = "C:\Program Files\Common Files\{C06C25D5-0D3F-1033-0108-07050622002c}\Update.exe" te-110-12-0000073 ()
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Save YouTube Video - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (Checkers Class)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/7/0...tualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} http://musicmix.messenger.msn.com/Medialogic.CAB (CMediaMix Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab (Minesweeper Flags Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (Reg Error: Key error.)
O16 - DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} http://download.microsoft.com/download/f/0...tualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (Reg Error: Key error.)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://richardalexander001.spaces.live.com...ad/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMesse...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} http://help.broadbandassist.com/bbdesktop/...tivePreQual.cab (PreQualifier Class)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} http://www.miniclip.com/igloader/igloader.CAB (igLoader Content on Demand)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://138.237.46.59/activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/zone/datafiles/heartbeat.cab (Reg Error: Key error.)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by106fd.bay106.hotmail.msn.com/activex/HMAtchmt.ocx (Hotmail Attachments Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cdefs {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} - C:\Program Files\Anuman Interactive\Train Set Builder\monki.dll File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Richard Alexander\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Richard Alexander\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\System32\ZWebAuth.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/13 22:25:40 | 000,000,025 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b352ff94-6752-11dc-a41d-0016e3994d71}\Shell - "" = AutoRun
O33 - MountPoints2\{b352ff94-6752-11dc-a41d-0016e3994d71}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b352ff94-6752-11dc-a41d-0016e3994d71}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f292bb66-0b0e-11de-b476-0016e3994d71}\Shell - "" = AutoRun
O33 - MountPoints2\{f292bb66-0b0e-11de-b476-0016e3994d71}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f292bb66-0b0e-11de-b476-0016e3994d71}\Shell\AutoRun\command - "" = E:\DPFMate.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/10 13:52:56 | 000,000,000 | ---D | M]
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: btbb_McciTrayApp - hkey= - key= - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Motive Communications, Inc.)
MsConfig - StartUpReg: btbb_wcm_McciTrayApp - hkey= - key= - C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe (Motive Communications, Inc.)
MsConfig - StartUpReg: DellSupportCenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig - StartUpReg: dscactivate - hkey= - key= - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe File not found
MsConfig - StartUpReg: IMJPMIG8.1 - hkey= - key= - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
MsConfig - StartUpReg: InCD - hkey= - key= - C:\Program Files\Ahead\InCD\InCD.exe File not found
MsConfig - StartUpReg: WD Button Manager - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2010/05/03 19:01:54 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Richard Alexander\Desktop\OTL.exe
[2010/05/02 13:47:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/02 13:47:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/02 13:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/02 12:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Alexander\Desktop\Autoruns
[2010/04/30 21:20:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Richard Alexander\Recent
[2010/04/30 19:04:56 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/30 19:04:56 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/30 19:04:54 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/30 19:04:52 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/30 19:04:50 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/30 19:04:50 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/30 19:04:50 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/30 19:04:35 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/30 19:04:35 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/30 19:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/30 19:04:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/29 17:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2010/04/29 17:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/29 17:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/29 16:45:00 | 001,396,831 | ---- | C] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\AegisE5.dll
[2010/04/29 16:45:00 | 001,314,922 | ---- | C] (BT Voyager Corporation) -- C:\WINDOWS\System32\bcmwlcpl.cpl
[2010/04/29 16:45:00 | 000,827,392 | ---- | C] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\AegisE2.dll
[2010/04/29 16:45:00 | 000,188,416 | ---- | C] (BT Voyager Corporation) -- C:\WINDOWS\System32\bcmwlu00.exe
[2010/04/29 16:45:00 | 000,081,920 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\wltrynt.dll
[2010/04/29 16:45:00 | 000,073,728 | ---- | C] (BT Voyager Corporation) -- C:\WINDOWS\System32\bcmwld2k.exe
[2010/04/29 16:45:00 | 000,061,440 | ---- | C] (BT Voyager Corporation) -- C:\WINDOWS\System32\bcmwlhom.exe
[2010/04/29 16:44:59 | 000,172,032 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\BCMLogon.dll
[2010/04/29 16:44:59 | 000,027,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\RNDISMPK.sys
[2010/04/29 16:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\BT Voyager
[2010/04/29 16:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\AudioCommander
[2010/04/29 16:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/04/29 16:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/04/29 16:10:16 | 000,000,000 | ---D | C] -- C:\DVDVideoSoft
[2010/04/29 15:40:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/04/29 13:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Alexander\Application Data\Malwarebytes
[2010/04/29 13:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/26 23:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\Flux
[2010/04/26 23:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Nomad Factory Inc
[2010/04/26 23:14:36 | 000,000,000 | ---D | C] -- C:\Program Files\Sonalksis
[2010/04/17 14:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Alexander\Application Data\TightVNC
[2010/04/17 14:55:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TightVNC
[2010/04/16 21:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/04/16 21:07:00 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger Plus! Live
[2010/04/15 01:38:15 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/04/13 23:30:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Alexander\Application Data\AVG9
[2010/04/13 21:50:53 | 000,000,000 | ---D | C] -- C:\Program Files\IK Multimedia
[2010/04/11 19:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Alexander\Application Data\Sibelius Software
[2010/04/06 18:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\WMV9_VCM
[2010/04/06 13:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/06 13:48:03 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/06 13:48:03 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/06 13:48:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/06 13:48:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/05 19:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/05 19:18:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/05 19:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/05 19:10:50 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/03 19:08:52 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/05/03 18:59:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/03 18:58:22 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/03 18:58:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/03 18:58:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/03 18:58:01 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/03 14:11:28 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard Alexander\Desktop\OTL.exe
[2010/05/02 16:23:55 | 015,810,560 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\ntuser.dat
[2010/05/02 16:23:32 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Richard Alexander\ntuser.ini
[2010/05/02 15:51:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/02 13:47:34 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/02 13:28:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2010/05/02 12:19:10 | 059,504,392 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/01 00:22:35 | 000,003,847 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\.ganttproject
[2010/04/30 19:04:57 | 000,001,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/30 19:04:51 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/29 18:54:45 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\Desktop\90xzc6nj.exe
[2010/04/29 18:15:14 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\Desktop\dds.scr
[2010/04/29 18:07:22 | 000,002,583 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\Desktop\HiJackThis.lnk
[2010/04/29 17:43:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\regsvr32
[2010/04/29 16:46:07 | 000,000,028 | ---- | M] () -- C:\WINDOWS\bcmwl.DMR
[2010/04/29 16:19:53 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/29 16:02:42 | 000,445,150 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/29 16:02:42 | 000,073,076 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 20:57:37 | 000,012,678 | -HS- | M] () -- C:\Documents and Settings\Richard Alexander\Local Settings\Application Data\6EUB
[2010/04/28 20:57:37 | 000,012,678 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6EUB
[2010/04/28 16:56:13 | 000,060,928 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\Desktop\Log.doc
[2010/04/28 00:08:48 | 000,000,192 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss
[2010/04/28 00:08:48 | 000,000,192 | ---- | M] () -- C:\WINDOWS\msocreg32.dat
[2010/04/26 23:14:36 | 000,010,553 | ---- | M] () -- C:\WINDOWS\unins000.dat
[2010/04/26 21:36:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/20 16:46:25 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/18 14:37:33 | 000,001,141 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/16 22:53:53 | 000,077,348 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/16 21:03:40 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/16 20:57:59 | 000,001,865 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\Desktop\Audio Converter Pro.lnk
[2010/04/16 20:56:49 | 000,103,680 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/16 20:54:21 | 000,359,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/16 20:46:26 | 000,001,849 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\Desktop\Windows Live Messenger.lnk
[2010/04/16 13:17:15 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/15 01:25:32 | 000,000,192 | ---- | M] () -- C:\WINDOWS\System32\msvcsv60.dll
[2010/04/14 17:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/14 17:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/14 17:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/14 17:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/14 17:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/14 17:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/14 17:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/14 17:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/14 17:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/06 19:31:56 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\Desktop\Video Cleaner Pro.lnk
[2010/04/06 19:27:55 | 000,160,373 | ---- | M] () -- C:\WINDOWS\MPEG-4 Booster Pack Uninstaller.exe
[2010/04/06 19:17:14 | 000,166,361 | ---- | M] () -- C:\WINDOWS\Video Cleaner Pro Uninstaller.exe
[2010/04/06 16:51:03 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/04/06 13:47:46 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/04/06 13:47:46 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/06 13:47:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/06 13:47:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/06 13:47:46 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/02 13:47:34 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/30 19:04:57 | 000,001,710 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/30 07:54:33 | 1071,796,224 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/29 18:54:45 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Richard Alexander\Desktop\90xzc6nj.exe
[2010/04/29 18:15:13 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Richard Alexander\Desktop\dds.scr
[2010/04/29 17:43:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Richard Alexander\regsvr32
[2010/04/29 17:39:36 | 000,002,583 | ---- | C] () -- C:\Documents and Settings\Richard Alexander\Desktop\HiJackThis.lnk
[2010/04/29 16:45:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2010/04/29 16:45:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\AegisI2.exe
[2010/04/29 16:45:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\wltrysvc.exe
[2010/04/29 16:45:00 | 000,003,126 | ---- | C] () -- C:\WINDOWS\System32\bcmwlhom.ini
[2010/04/29 16:45:00 | 000,002,238 | ---- | C] () -- C:\WINDOWS\System32\BT.ico
[2010/04/29 16:44:59 | 000,031,185 | ---- | C] () -- C:\WINDOWS\System32\drivers\bcmrndis.inf
[2010/04/29 16:44:59 | 000,007,417 | ---- | C] () -- C:\WINDOWS\System32\drivers\bcm43xx.cat
[2010/04/28 20:55:36 | 000,012,678 | -HS- | C] () -- C:\Documents and Settings\Richard Alexander\Local Settings\Application Data\6EUB
[2010/04/28 20:55:36 | 000,012,678 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6EUB
[2010/04/28 16:56:12 | 000,060,928 | ---- | C] () -- C:\Documents and Settings\Richard Alexander\Desktop\Log.doc
[2010/04/26 23:14:35 | 000,010,553 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2010/04/24 22:08:54 | 015,810,560 | ---- | C] () -- C:\Documents and Settings\Richard Alexander\ntuser.dat
[2010/04/18 13:55:23 | 000,001,141 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/16 20:46:26 | 000,001,849 | ---- | C] () -- C:\Documents and Settings\Richard Alexander\Desktop\Windows Live Messenger.lnk
[2010/04/06 19:31:56 | 000,000,931 | ---- | C] () -- C:\Documents and Settings\Richard Alexander\Desktop\Video Cleaner Pro.lnk
[2010/04/06 19:27:55 | 000,160,373 | ---- | C] () -- C:\WINDOWS\MPEG-4 Booster Pack Uninstaller.exe
[2010/04/06 19:17:14 | 000,166,361 | ---- | C] () -- C:\WINDOWS\Video Cleaner Pro Uninstaller.exe
[2010/04/05 19:19:50 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/05 19:15:20 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/26 22:55:43 | 000,000,005 | ---- | C] () -- C:\WINDOWS\dngkicce.ini
[2010/03/26 22:37:30 | 006,500,352 | ---- | C] () -- C:\WINDOWS\System32\PSP VintageWarmer2.dll
[2010/03/26 22:37:30 | 006,496,256 | ---- | C] () -- C:\WINDOWS\System32\PSP VintageWarmer.dll
[2010/03/26 22:25:43 | 006,080,000 | ---- | C] () -- C:\WINDOWS\System32\PSP oldTimer.dll
[2010/03/26 22:21:25 | 002,949,120 | ---- | C] () -- C:\WINDOWS\System32\PSP 84.dll
[2010/03/26 22:18:20 | 003,175,424 | ---- | C] () -- C:\WINDOWS\System32\PSP Nitro.dll
[2010/03/26 22:11:05 | 001,683,456 | ---- | C] () -- C:\WINDOWS\System32\Lexicon PSP42.dll
[2010/03/18 19:48:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\DigiPlatformSupport.dll
[2010/03/10 20:38:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2010/01/02 21:39:05 | 000,001,769 | ---- | C] () -- C:\WINDOWS\TrueRTA.INI
[2009/03/10 19:53:38 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2009/01/31 13:12:20 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2009/01/18 21:59:56 | 000,000,354 | ---- | C] () -- C:\WINDOWS\Ripper.INI
[2008/12/17 21:11:38 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/17 21:11:38 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/17 21:11:36 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/15 14:34:17 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\SQSDRVRM.SYS
[2008/11/15 14:32:10 | 000,000,074 | ---- | C] () -- C:\WINDOWS\RipEditBurn.ini
[2008/11/15 14:31:44 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\drvlock.sys
[2008/11/15 14:31:44 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\symbios.sys
[2008/09/20 15:10:19 | 000,004,158 | ---- | C] () -- C:\WINDOWS\estwn323.ini
[2008/09/20 15:07:31 | 000,000,110 | ---- | C] () -- C:\WINDOWS\Epscan2.INI
[2008/09/10 22:49:48 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/08/29 21:20:47 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\vburner.sys
[2008/08/16 12:42:04 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/07/10 14:11:35 | 000,000,160 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2007/12/30 13:55:01 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2007/11/20 20:28:51 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/11/20 20:28:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2007/11/20 20:27:42 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.dll
[2007/11/20 20:27:42 | 000,003,456 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.sys
[2007/11/20 20:27:23 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\sptlib01.dll
[2007/11/20 20:27:23 | 000,249,856 | R--- | C] () -- C:\WINDOWS\System32\sptlib02.dll
[2007/11/03 12:42:51 | 002,729,472 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll
[2007/11/02 20:47:13 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/07/15 16:45:12 | 000,000,028 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini
[2007/04/02 12:51:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DMM.INI
[2007/03/09 20:30:13 | 000,046,592 | R--- | C] () -- C:\WINDOWS\System32\drivers\tshd4_kern_i386.sys
[2007/03/09 20:30:13 | 000,044,416 | R--- | C] () -- C:\WINDOWS\System32\drivers\Surroundhp_kern_i386.sys
[2007/03/09 20:30:13 | 000,037,760 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter_i386.sys
[2007/03/09 20:30:13 | 000,037,248 | R--- | C] () -- C:\WINDOWS\System32\drivers\csiidecoder_kern_i386.sys
[2007/01/15 17:53:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/07 01:57:41 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/08 20:22:41 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/12/08 20:22:41 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/11/21 14:27:35 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/10/31 21:48:24 | 000,009,206 | ---- | C] () -- C:\WINDOWS\NTTuner.ini
[2006/10/31 21:42:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\HCWxds.dll
[2006/10/13 12:30:10 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/07/17 12:57:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\FxShared.dll
[2006/07/17 12:57:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\com.fxpansion.fxshared.dll
[2006/05/01 19:38:34 | 000,000,635 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/18 16:19:22 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2006/03/12 17:24:00 | 000,000,281 | ---- | C] () -- C:\WINDOWS\irremote.ini
[2006/02/26 21:21:29 | 000,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2006/02/25 12:19:41 | 000,000,091 | ---- | C] () -- C:\WINDOWS\CDGUIDE.INI
[2006/02/15 21:02:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/01/30 22:45:51 | 000,021,758 | ---- | C] () -- C:\WINDOWS\PHONE.INI
[2006/01/30 22:45:51 | 000,005,176 | ---- | C] () -- C:\WINDOWS\AIRMOS.INI
[2006/01/30 22:45:51 | 000,004,374 | ---- | C] () -- C:\WINDOWS\AIRWIN.INI
[2006/01/30 22:45:51 | 000,001,253 | ---- | C] () -- C:\WINDOWS\REMOTE.INI
[2006/01/30 22:45:51 | 000,000,198 | ---- | C] () -- C:\WINDOWS\PROFILE.INI
[2006/01/30 22:45:51 | 000,000,131 | ---- | C] () -- C:\WINDOWS\APP2SOCK.INI
[2006/01/30 22:45:36 | 000,000,040 | ---- | C] () -- C:\WINDOWS\CYBER.INI
[2006/01/14 20:42:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/12/26 18:12:39 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2005/12/21 19:51:32 | 000,000,177 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/12/20 22:14:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/12/19 22:49:42 | 000,029,724 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/12/06 05:19:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/06 04:50:20 | 000,000,402 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/16 11:15:04 | 000,164,112 | ---- | C] () -- C:\WINDOWS\System32\awmpi.dll
[2004/08/10 14:12:05 | 000,000,885 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/05/11 11:04:20 | 000,000,241 | ---- | C] () -- C:\WINDOWS\System32\BELKIN.ini
[2002/09/06 20:57:38 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[2001/11/19 20:05:18 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2001/07/25 12:00:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\HWINV.DLL
[2001/07/25 12:00:10 | 000,026,572 | ---- | C] () -- C:\WINDOWS\System32\INV16.DLL
[1999/09/01 13:04:42 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\INETWH32.DLL
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== Custom Scans ==========


< %appdata%\*.* >
[2008/08/19 23:21:44 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\Application Data\AutoGK.ini
[2004/08/10 13:57:42 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Richard Alexander\Application Data\desktop.ini
[2006/11/25 01:04:52 | 000,000,023 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\Application Data\inifile41.ini
[2006/12/06 18:42:26 | 000,000,382 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\Application Data\internaldb1942.dat
[2006/12/17 22:11:00 | 000,000,049 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\Application Data\internaldb41.dat
[2006/12/02 10:22:40 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\Application Data\internaldb4827.dat
[2006/11/25 01:04:59 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\Application Data\internaldb5436.dat
[2006/11/25 01:05:19 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\Application Data\internaldb6334.dat
[2006/11/25 01:05:19 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\Application Data\internaldb8467.dat
[2009/01/10 21:07:36 | 000,310,808 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\Application Data\ReplayMusicLog.log
[2010/03/11 16:13:17 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\Application Data\winscp.rnd

< %systemroot%\system32\*.dll /lockedfiles >
[2009/09/30 03:20:58 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >
[2005/10/31 16:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe


< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/20 20:17:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/20 20:17:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

< MD5 for: BEEP.SYS >
[2004/08/04 06:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\i386\beep.sys
[2004/08/04 06:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/04/25 14:28:14 | 000,871,040 | ---- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\dell\MEDIAEXE\RepFiles\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/04 06:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\i386\proquota.exe
[2004/08/04 06:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/14 01:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/14 01:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 06:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\i386\sfcfiles.dll
[2004/08/04 06:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/14 01:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/14 01:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 821 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08279447
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdsp.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WPDShServiceObj.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdshextautoplay.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WpdShext.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdmtpus.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdmtp.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdconns.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpd_ci.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVXENCD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVSENCD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVSDECD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVENCOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmvdmoe2.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmvdmod.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVDECOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmvcore.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVADVE.DLL:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVADVD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMSPDMOE.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMSPDMOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmsdmoe2.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmsdmod.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMNetMgr.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmidx.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdrmsdk.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdrmnet.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdrmdev.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdmps.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdmlog.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmasf.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMADMOE.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmadmod.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wdfmgr.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wdfapi.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\uwdf.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\SET159.tmp:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\SET14C.tmp:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\SET140.tmp:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\SET13E.tmp:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\qasf.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceWMDRM.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceWiaCompat.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceTypes.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceClassExtension.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceApi.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\mswmdm.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\msscp.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\mspmsp.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\mspmsnsv.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\msnetobj.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MRT.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MPG4DMOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MPG4DECD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MP4SDMOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MP4SDECD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MP43DMOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MP43DECD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MFPLAT.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\logagent.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\LAPRXY.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drmv2clt.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drmupgds.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drivers\wpdusb.sys:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drivers\UMDF\wpdmtpdr.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wmvdmoe2.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wmvdmod.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wmvcore.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\WMSPDMOE.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\WMSPDMOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wmsdmoe2.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wmsdmod.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\WMNetMgr.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wmidx.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wmdmps.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wmdmlog.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\WMASF.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\WMADMOE.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\WMADMOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\qasf.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\mswmdm.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\msscp.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\mspmsp.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\mspmsnsv.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\msnetobj.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\logagent.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\LAPRXY.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\drmv2clt.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\cewmdm.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\blackbox.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\cewmdm.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\blackbox.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\audiodev.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Documents and Settings\Richard Alexander\Desktop\Sound Production Graded Unit 1 - Student Support Pack.doc:AFP_AfpInfo
@Alternate Data Stream - 1274 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:uwmPiXhlfKAn4WvhGjVUAKCP
@Alternate Data Stream - 1266 bytes -> C:\Program Files\Common Files\System:ocXnup7vNGh3swH6IlbbtLG
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05D195EC
@Alternate Data Stream - 1222 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:0q8oEL4lQbXXeefVIZSSocnI5NaZ
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:242231A9
@Alternate Data Stream - 1184 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:dSU6IgKaTuEQONUoDXC7Ofa
@Alternate Data Stream - 1182 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:MawS3cP1BziLOeWRvqB9tyO8BJ
@Alternate Data Stream - 1175 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:xnf0u36i6aDindP0gaDtYoc
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 1155 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:VOkKoni6gfknoPCRRQ0lKg
@Alternate Data Stream - 1154 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:FKqNJzrwCzr0cE435nSlchj1ol
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9D8E22
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C45B1B5
@Alternate Data Stream - 1058 bytes -> C:\Program Files\Common Files\System:T4B8seUETvMRBZqY2LD6M
@Alternate Data Stream - 1045 bytes -> C:\Program Files\Outlook Express:7LA8nsBcAhmYJApqcJYrw7svwT5
@Alternate Data Stream - 1037 bytes -> C:\Documents and Settings\Richard Alexander\Local Settings\Application Data\LXfMtfML6tMLb:DeW1qTbfRe76Ih7ysB
@Alternate Data Stream - 1032 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:zr2dRklgeizqdeEn3x8abxeG1hti
< End of report >


Extras.txt

OTL Extras logfile created on: 03/05/2010 19:09:49 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Richard Alexander\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 523.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.76 Gb Total Space | 196.22 Gb Free Space | 85.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICHARD
Current User Name: Richard Alexander
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-2511884834-3954942267-3643776504-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"4100:UDP" = 4100:UDP:*:Enabled:uPNP Router Control Port

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\ypager.exe" = C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Sienzo\DMM\DMM.exe" = C:\Program Files\Sienzo\DMM\DMM.exe:*:Enabled:DMM -- File not found
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- File not found
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager -- File not found
"C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- File not found
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi -- File not found
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin -- File not found
"C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe" = C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe:*:Enabled:artpschd -- File not found
"C:\Program Files\Microsoft Games\Combat Flight Simulator 2\cfs2.icd" = C:\Program Files\Microsoft Games\Combat Flight Simulator 2\cfs2.icd:*:Enabled:Microsoft Combat Flight Simulator Module -- File not found
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Documents and Settings\Richard Alexander\Local Settings\Temp\WZSE0.TMP\SymNRT.exe" = C:\Documents and Settings\Richard Alexander\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Symantec Removal Utility -- File not found
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\Mini-stream\Mini-stream Ripper\Ripper.exe" = C:\Program Files\Mini-stream\Mini-stream Ripper\Ripper.exe:*:Enabled:Mini-stream Ripper -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe" = C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- File not found
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)
"C:\Documents and Settings\Richard Alexander\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Richard Alexander\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\TightVNC\WinVNC.exe" = C:\Program Files\TightVNC\WinVNC.exe:*:Enabled:TightVNC Win32 Server -- File not found
"E:\Halo Custom Edition\haloce.exe" = E:\Halo Custom Edition\haloce.exe:*:Enabled:Halo -- File not found
"C:\Documents and Settings\Richard Alexander\Desktop\Halo Custom Edition\haloce.exe" = C:\Documents and Settings\Richard Alexander\Desktop\Halo Custom Edition\haloce.exe:*:Enabled:Halo -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\River Past\Video Cleaner Pro\VideoCleaner.exe" = C:\Program Files\River Past\Video Cleaner Pro\VideoCleaner.exe:*:Enabled:River Past Video Cleaner Pro -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\TightVNC\tvnserver.exe" = C:\Program Files\TightVNC\tvnserver.exe:*:Enabled:TightVNC Server -- File not found
"C:\Program Files\TightVNC\vncviewer.exe" = C:\Program Files\TightVNC\vncviewer.exe:*:Enabled:TightVNC Viewer -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06053AB3-B607-B752-3252-4A2EA9E9761E}" = CCC Help Dutch
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0B4A8658-43F1-50CA-AF30-C67E3AE2C9ED}" = CCC Help Greek
"{0CC61470-D776-2353-D5CB-C7BC20204863}" = CCC Help Finnish
"{0F52F370-B2ED-43E4-8545-F7810D349390}" = T-RackS 3 Brickwall Limiter
"{0FD0FF9D-C87C-47C4-AEC5-98C760E783E7}" = BT Voyager Wireless Utility
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12655AB3-9285-A2F0-5BBC-C5C45E4D718C}" = CCC Help Czech
"{1306C737-0AF4-46C7-B282-64E099304712}" = Smart Menus (Windows Live Toolbar)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2420EC98-1F4A-4375-A2F0-6DCB6A0441AE}" = T-RackS 3 Metering
"{24700C01-3A72-29D4-001B-6EE6BF71EB5E}" = CCC Help Korean
"{26262388-95BF-58B0-CD46-A8F957BB67BF}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2E309E7D-F7AD-4D5B-9505-9DAAFCC1C22A}" = T-RackS 3 Linear Phase EQ
"{328420FA-7638-4AB1-81DF-E0FECEFF24E3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{329376FB-FB6C-C587-F483-07E3418456F5}" = ccc-utility
"{33A38A8B-9E1E-BCBB-EA87-CE797EC75080}" = CCC Help Chinese Traditional
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{369EEB32-64D1-F22A-1B2C-A3E81582E767}" = CCC Help Japanese
"{37EF63D9-3E31-45A9-A90F-BDE07CE88095}" = Sibelius Scorch (all browsers)
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FCD8F30-057D-C96F-AEF4-B0D77DE9730C}" = CCC Help Portuguese
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46605BDE-7F82-DB0F-7906-3279A7E639BE}" = Catalyst Control Center Localization All
"{480A8E00-D808-7D79-977B-CEBBB3BEB409}" = CCC Help French
"{48C7FD10-D6AD-8EE0-2E8E-0480C4EEB1BD}" = Catalyst Control Center HydraVision Full
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{506A08D9-6AE4-4D02-9535-A6D4839F849A}" = T-RackS 3 Classic Clipper
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{53CE99DF-C3D1-41AE-ACD7-2964347AC4FF}" = MacDrive 8
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{59932D51-F260-4EF6-A784-4F69659F1A62}" = Map Button (Windows Live Toolbar)
"{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}" = SnagIt 9
"{5CA7ABC3-5F89-3A1D-A113-046EA4C7FCEB}" = ccc-core-static
"{5FA1C51C-6E35-42C1-B2EC-DC9FA1E20694}" = OpenMG Secure Module 3.3.01
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66034137-F1CE-4CEF-8180-46553C54DB18}" = Popup Blocker (Windows Live Toolbar)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D18A0F2-4A5E-4CC1-915E-B91B85BEC762}" = T-RackS 3 Opto Compressor
"{6F77AD48-BA04-F868-2D04-FC1BFF5E00BA}" = Catalyst Control Center Graphics Light
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71CB529E-21A4-42AD-BF38-564F08988633}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{788907C5-C83B-9785-A1F0-67050017324E}" = CCC Help Spanish
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0901)
"{7F5F1767-88C6-CBFC-5DD3-D853343FD5AE}" = CCC Help German
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82D48AB1-8E7F-4AA5-A5FA-47FA58A48110}" = Free Bomb Factory Plug-Ins 7.3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{84D67E65-18B5-4AED-8405-04FA3CD588EC}" = Highlight Viewer (Windows Live Toolbar)
"{84DE3702-3262-BE38-27E8-5ED423D803C6}" = CCC Help Chinese Standard
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A0BD487-D185-4316-92CE-9E415C3AC6DB}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{94BD5EE2-317F-48D3-BC04-8ED90BF56108}" = T-RackS 3 Classic Compressor
"{95053B5A-42E0-830E-85BD-733FAFC28BA7}" = ccc-core-preinstall
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97F40ED6-C2F9-422F-BFDC-BDABAD01675A}" = T-RackS 3 Vintage Compressor 670
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9B40D533-4F38-893D-EE5A-17226104BBC2}" = Skins
"{9CEF84F6-1AE8-49EF-8D02-D3884E9CD694}" = T-RackS 3 Classic Multiband Limiter
"{9FCB2876-554D-491D-A2CD-58F8252D6C64}" = Ink
"{A08CB73B-5DEA-185D-5D98-2230004D75ED}" = CCC Help Danish
"{A15B3CF2-7FB7-4102-BBC9-9680B7F0825F}" = InterLok Driver Kit
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A22D91C3-E7BD-CBEE-7CDC-DE4C42FA27B7}" = CCC Help Hungarian
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3AC50F5-8209-43F1-84B7-5CF732A51862}" = T-RackS 3 Program EQ 1A
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD0DD974-ADC2-8C10-DFA6-C1203A6E5106}" = CCC Help Polish
"{AFE354A5-640F-4A23-94C8-0B441E8967CA}" = Digidesign Shared Plug-Ins 7.3.1
"{B014F739-B305-5319-D996-6612BD60ED74}" = CCC Help Swedish
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C570CAF4-D734-5412-C842-9AB150803074}" = Catalyst Control Center Core Implementation
"{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}" = Sibelius Scorch (ActiveX Only)
"{C994D98C-293D-4825-958E-EB684B4D413F}" = MSN Toolbar
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01F5B2C-2776-6C46-441C-E819C08DF4FF}" = CCC Help Turkish
"{D2FCA53F-F568-D08A-458F-F7C9769A30ED}" = CCC Help Norwegian
"{D3F28364-8B10-45F1-8C2D-0037F4538BBB}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D4576E0D-2295-4B8E-B663-B68086B00EE5}" = Sonic CinePlayer DVD Pack
"{D89B70AB-CF91-36A4-8658-FACA3AF6A654}" = Catalyst Control Center Graphics Previews Common
"{DF1274DC-02D4-B2D7-6197-5D24E1EF84B1}" = CCC Help Thai
"{DF821FC5-C198-452B-A0D4-82433EFEAE9B}" = OneCare Advisor (Windows Live Toolbar)
"{E000D42E-5842-20A6-EEB1-6DED8C2746C5}" = CCC Help Italian
"{E0C18BB0-32CA-4679-B422-9B9FA825378F}" = HP Deskjet Printer Driver Software 9.0
"{E209F988-EF49-4B3D-84A6-3CBB67F058AC}" = Google SketchUp 7
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E33A4D86-8941-41CB-9DF7-466FACB3ADF2}" = Belkin F5U249 Driver and Icon
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7679B31-21F5-4AAE-1620-0DFACF702325}" = Catalyst Control Center Graphics Full New
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EAE7B6DB-A9AE-4E77-9E63-EA18216828BA}" = T-RackS 3 Classic Equalizer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF2F3EF2-A1CC-4ACD-BCAE-92CAC8D5613A}" = Digidesign Pro Tools LE 7.3.1cs7
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F83491F9-7CDF-46A7-9994-9E002CE5CE75}" = CCC Help Russian
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FDE409B1-1FF3-DC39-083E-C0F4ED496D5E}" = CCC Help English
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Audio Converter Pro" = River Past Audio Converter Pro
"avast5" = avast! Free Antivirus
"AVG9Uninstall" = AVG Free 9.0
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BT Home Hub" = BT Home Hub
"BT Wireless Connection Manager" = BT Wireless Connection Manager
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free Studio_is1" = Free Studio version 4.2
"GanttProject" = GanttProject
"Google Updater" = Google Updater
"Guitar Pro 5_is1" = Guitar Pro 5.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"igLoader" = igLoader
"iZotope Alloy_is1" = iZotope Alloy
"iZotope Ozone 4_is1" = iZotope Ozone 4
"iZotope Trash_is1" = iZotope Trash
"Lexicon PSP42 1.4" = Lexicon PSP42 1.4
"LimeWire" = LimeWire 5.3.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mirage Driver_is1" = Mirage Driver 1.1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MPEG-4 Booster Pack" = River Past MPEG-4 Booster Pack
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenMG HotFix3.3-03-08-26-01" = OpenMG Limited Patch 3.3-03-09-03-01
"PROSet" = Intel® PRO Network Connections Drivers
"PSP Nitro 1.1.1" = PSP Nitro 1.1.1
"PSP oldTimer 1.0.8 32bit" = PSP oldTimer 1.0.8 32bit
"PSP VintageWarmer2 2.3.1 32bit" = PSP VintageWarmer2 2.3.1 32bit
"PSP84 1.4" = PSP84 1.4
"Spotify" = Spotify
"Uninstall_is1" = Uninstall 1.0.0.1
"Video Cleaner Pro" = River Past Video Cleaner Pro
"Wave Arts Tube Saturator" = Wave Arts Tube Saturator
"Waves SSL Collection v1.2" = Waves SSL Collection v1.2
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XiphQT" = Xiph QuickTime Components
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2511884834-3954942267-3643776504-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/04/2010 11:22:01 | Computer Name = RICHARD | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 26/04/2010 11:22:01 | Computer Name = RICHARD | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3017078

Error - 26/04/2010 11:22:01 | Computer Name = RICHARD | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3017078

Error - 28/04/2010 18:19:27 | Computer Name = RICHARD | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 28/04/2010 18:19:27 | Computer Name = RICHARD | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 29/04/2010 06:35:16 | Computer Name = RICHARD | Source = pctsSvc.exe | ID = 0
Description =

Error - 29/04/2010 07:50:14 | Computer Name = RICHARD | Source = Bonjour Service | ID = 100
Description = ERROR: accept: 10022 (An invalid argument was supplied.)

Error - 30/04/2010 11:51:05 | Computer Name = RICHARD | Source = Google Update | ID = 20
Description =

Error - 30/04/2010 14:24:55 | Computer Name = RICHARD | Source = Bonjour Service | ID = 100
Description = 276: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 30/04/2010 14:24:55 | Computer Name = RICHARD | Source = Bonjour Service | ID = 100
Description = 272: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ System Events ]
Error - 02/05/2010 10:22:41 | Computer Name = RICHARD | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 02/05/2010 10:23:19 | Computer Name = RICHARD | Source = Service Control Manager | ID = 7000
Description = The SAA7130 TV Card service failed to start due to the following error:
%%1058

Error - 02/05/2010 10:23:19 | Computer Name = RICHARD | Source = Service Control Manager | ID = 7000
Description = The Client IP-IPX service failed to start due to the following error:
%%2

Error - 02/05/2010 10:23:26 | Computer Name = RICHARD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
vburner

Error - 03/05/2010 13:58:08 | Computer Name = RICHARD | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 03/05/2010 13:58:08 | Computer Name = RICHARD | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 03/05/2010 13:58:55 | Computer Name = RICHARD | Source = Service Control Manager | ID = 7000
Description = The SAA7130 TV Card service failed to start due to the following error:
%%1058

Error - 03/05/2010 13:58:55 | Computer Name = RICHARD | Source = Service Control Manager | ID = 7000
Description = The Client IP-IPX service failed to start due to the following error:
%%2

Error - 03/05/2010 14:10:15 | Computer Name = RICHARD | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 03/05/2010 14:10:15 | Computer Name = RICHARD | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:57 PM

Posted 03 May 2010 - 02:11 PM

Hi Richardflea,


I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG or Avast.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (Client IP-IPX)
    SRV - File not found [Auto | Stopped] -- -- (CardBusService)
    O3 - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006..\Run: [eyeBeam SIP Client] File not found
    O4 - HKLM..\RunServices: [SchedulingAgent] C:\WINDOWS\System32\mstask.exe File not found
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: {C06C25D5-0D3F-1033-1013-05050622002c} = "C:\Program Files\Common Files\{C06C25D5-0D3F-1033-1013-05050622002c}\Update.exe" te-110-12-0000073 File not found
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (Reg Error: Key error.)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (Reg Error: Key error.)
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://138.237.46.59/activex/AMC.cab (Reg Error: Key error.)
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/zone/datafiles/heartbeat.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\cdefs {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} - C:\Program Files\Anuman Interactive\Train Set Builder\monki.dll File not found
    O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
    MsConfig - StartUpReg: WD Button Manager - hkey= - key= - File not found
    [2010/04/28 20:57:37 | 000,012,678 | -HS- | M] () -- C:\Documents and Settings\Richard Alexander\Local Settings\Application Data\6EUB
    [2010/04/28 20:57:37 | 000,012,678 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6EUB@Alternate Data Stream - 1274 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:uwmPiXhlfKAn4WvhGjVUAKCP
    @Alternate Data Stream - 1266 bytes -> C:\Program Files\Common Files\System:ocXnup7vNGh3swH6IlbbtLG
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05D195EC
    @Alternate Data Stream - 1222 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:0q8oEL4lQbXXeefVIZSSocnI5NaZ
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:242231A9
    @Alternate Data Stream - 1184 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:dSU6IgKaTuEQONUoDXC7Ofa
    @Alternate Data Stream - 1182 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:MawS3cP1BziLOeWRvqB9tyO8BJ
    @Alternate Data Stream - 1175 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:xnf0u36i6aDindP0gaDtYoc
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    @Alternate Data Stream - 1155 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:VOkKoni6gfknoPCRRQ0lKg
    @Alternate Data Stream - 1154 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:FKqNJzrwCzr0cE435nSlchj1ol
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9D8E22
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C45B1B5
    @Alternate Data Stream - 1058 bytes -> C:\Program Files\Common Files\System:T4B8seUETvMRBZqY2LD6M
    @Alternate Data Stream - 1045 bytes -> C:\Program Files\Outlook Express:7LA8nsBcAhmYJApqcJYrw7svwT5
    @Alternate Data Stream - 1037 bytes -> C:\Documents and Settings\Richard Alexander\Local Settings\Application Data\LXfMtfML6tMLb:DeW1qTbfRe76Ih7ysB
    @Alternate Data Stream - 1032 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:zr2dRklgeizqdeEn3x8abxeG1hti
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.



Download and Run MBR Rootkit Scan
  • Please download MBR Rootkit Detector and save it on your desktop.
  • Go to Start >> Run then copy and paste the following line into the run box
    "%userprofile%\desktop\mbr.exe" -t

  • Select Run when you recieve a Security Warning
  • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
  • A log file will the be created on your desktop where you ran mbr.exe from.
  • Copy and paste the contents of mbr.log on your next reply.


Then please post back here with the following logs:
  • OTL results
  • New OTL log
  • mbr.log

Thanks

unite.jpg


#5 Richardflea

Richardflea
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Markinch, Fife, UK
  • Local time:12:57 PM

Posted 03 May 2010 - 02:49 PM

Thanks for the antivirus info. Avast has been removed. AVG remains installed.


OTL "Run Fix" log

All processes killed
========== OTL ==========
Service Client IP-IPX stopped successfully!
Service Client IP-IPX deleted successfully!
Service CardBusService stopped successfully!
Service CardBusService deleted successfully!
Registry value HKEY_USERS\S-1-5-21-2511884834-3954942267-3643776504-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-2511884834-3954942267-3643776504-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-2511884834-3954942267-3643776504-1006\Software\Microsoft\Windows\CurrentVersion\Run\\eyeBeam SIP Client deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\\SchedulingAgent deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{C06C25D5-0D3F-1033-1013-05050622002c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C06C25D5-0D3F-1033-1013-05050622002c}\ not found.
Starting removal of ActiveX control {39B0684F-D7BF-4743-B050-FDC3F48F7E3B}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ not found.
Starting removal of ActiveX control {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
C:\WINDOWS\Downloaded Program Files\DivXPlugin.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Starting removal of ActiveX control {6B75345B-AA36-438A-BBE6-4078B4C6984D}
C:\WINDOWS\Downloaded Program Files\setup.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6B75345B-AA36-438A-BBE6-4078B4C6984D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B75345B-AA36-438A-BBE6-4078B4C6984D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6B75345B-AA36-438A-BBE6-4078B4C6984D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B75345B-AA36-438A-BBE6-4078B4C6984D}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {A8F2B9BD-A6A0-486A-9744-18920D898429}
C:\WINDOWS\Downloaded Program Files\SETUP.INF not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found.
Starting removal of ActiveX control {DE625294-70E6-45ED-B895-CFFA13AEB044}
C:\WINDOWS\Downloaded Program Files\setup.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DE625294-70E6-45ED-B895-CFFA13AEB044}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE625294-70E6-45ED-B895-CFFA13AEB044}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DE625294-70E6-45ED-B895-CFFA13AEB044}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE625294-70E6-45ED-B895-CFFA13AEB044}\ not found.
Starting removal of ActiveX control {E5D419D6-A846-4514-9FAD-97E826C84822}
C:\WINDOWS\Downloaded Program Files\heartbeat.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E5D419D6-A846-4514-9FAD-97E826C84822}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D419D6-A846-4514-9FAD-97E826C84822}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E5D419D6-A846-4514-9FAD-97E826C84822}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D419D6-A846-4514-9FAD-97E826C84822}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\cdefs\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3}\ deleted successfully.
File {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} - C:\Program Files\Anuman Interactive\Train Set Builder\monki.dll File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\WD Button Manager\ deleted successfully.
C:\Documents and Settings\Richard Alexander\Local Settings\Application Data\6EUB moved successfully.
File C:\Documents and Settings\All Users\Application Data\6EUB@Alternate Data Stream - 1274 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:uwmPiXhlfKAn4WvhGjVUAKCP not found.
ADS C:\Program Files\Common Files\System:ocXnup7vNGh3swH6IlbbtLG deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:05D195EC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:0q8oEL4lQbXXeefVIZSSocnI5NaZ deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:242231A9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:dSU6IgKaTuEQONUoDXC7Ofa deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:MawS3cP1BziLOeWRvqB9tyO8BJ deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:xnf0u36i6aDindP0gaDtYoc deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:VOkKoni6gfknoPCRRQ0lKg deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:FKqNJzrwCzr0cE435nSlchj1ol deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B9D8E22 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6C45B1B5 deleted successfully.
ADS C:\Program Files\Common Files\System:T4B8seUETvMRBZqY2LD6M deleted successfully.
ADS C:\Program Files\Outlook Express:7LA8nsBcAhmYJApqcJYrw7svwT5 deleted successfully.
ADS C:\Documents and Settings\Richard Alexander\Local Settings\Application Data\LXfMtfML6tMLb:DeW1qTbfRe76Ih7ysB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:zr2dRklgeizqdeEn3x8abxeG1hti deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 125792 bytes

User: Administrator.RICHARD
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 312517 bytes

User: All Users

User: Application Data

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41661 bytes

User: lalexander
->Temp folder emptied: 66948503 bytes
->Temporary Internet Files folder emptied: 202351526 bytes
->Java cache emptied: 450240 bytes
->FireFox cache emptied: 89709999 bytes
->Flash cache emptied: 9494 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 34565 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6730905 bytes

User: Richard Alexander
->Temp folder emptied: 154664599 bytes
->Temporary Internet Files folder emptied: 2387000 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 2180180 bytes
->Flash cache emptied: 2822109 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 491376 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 7137280 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 251762 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10954206 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 610244 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 523.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.RICHARD

User: All Users

User: Application Data

User: Default User
->Flash cache emptied: 0 bytes

User: lalexander
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Richard Alexander
->Flash cache emptied: 0 bytes

User: TEMP
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05032010_202748

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


OTL new scan log

OTL logfile created on: 03/05/2010 20:36:47 - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Richard Alexander\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 489.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.76 Gb Total Space | 196.86 Gb Free Space | 85.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICHARD
Current User Name: Richard Alexander
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/03 14:11:28 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard Alexander\Desktop\OTL.exe
PRC - [2010/04/20 16:46:34 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/20 16:46:23 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/02 17:53:50 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/16 15:23:43 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/16 15:23:28 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/16 15:23:15 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/16 15:23:15 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/09/23 14:13:40 | 000,150,528 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
PRC - [2009/06/15 12:08:44 | 000,202,328 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/14 01:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/15 10:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2006/12/09 02:17:32 | 000,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2006/07/25 02:01:00 | 000,114,688 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic Shared\CineTray.exe
PRC - [2005/08/11 14:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/08/04 06:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2002/12/16 11:02:08 | 000,039,936 | ---- | M] (Standard Microsystems Corp.) -- C:\Program Files\Icons\SetIcon.exe


========== Modules (SafeList) ==========

MOD - [2010/05/03 14:11:28 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard Alexander\Desktop\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/16 15:23:28 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/16 15:23:15 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/09/23 14:13:40 | 000,150,528 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/04/14 01:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2008/04/14 01:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/14 01:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2007/11/15 10:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2006/12/09 02:17:32 | 000,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2006/12/09 00:13:06 | 000,122,880 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2004/08/04 06:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2004/08/04 06:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)
SRV - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/07/28 18:31:14 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe -- (SPTISRV)


========== Driver Services (SafeList) ==========

DRV - [2010/04/20 16:46:25 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/16 15:23:41 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/16 15:23:15 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/09/30 05:18:22 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/09/28 15:02:18 | 000,259,176 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2009/07/31 17:07:16 | 000,027,488 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV - [2009/05/11 23:38:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/05/11 23:38:23 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/04/07 13:45:24 | 000,012,416 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ekauio.sys -- (Ekauio)
DRV - [2009/01/06 08:38:52 | 000,035,328 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ax88772.sys -- (AX88772)
DRV - [2008/08/16 12:41:28 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/04/13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 19:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 19:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/26 11:19:28 | 000,015,872 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vburner.sys -- (vburner)
DRV - [2007/02/23 15:06:06 | 000,037,760 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV - [2007/02/06 16:05:14 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)
DRV - [2006/12/14 04:34:40 | 001,171,456 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerBDA3x.sys -- (AVerBDA3x)
DRV - [2006/12/08 23:50:34 | 000,011,776 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\diginet.sys -- (DigiNet)
DRV - [2006/12/08 23:50:30 | 000,016,384 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\DigiFilt.sys -- (DigiFilter)
DRV - [2006/12/08 23:49:58 | 000,015,232 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbx2midk.sys -- (MBX2MIDK)
DRV - [2006/12/08 23:49:42 | 000,015,488 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbx2dfu.sys -- (MBX2DFU)
DRV - [2006/12/08 23:48:38 | 000,109,056 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2006/12/08 15:49:56 | 000,015,360 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2006/10/05 18:07:28 | 000,072,608 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TPkd.sys -- (TPkd)
DRV - [2006/05/29 07:07:33 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2006/05/04 12:02:06 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2005/06/14 23:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/04/25 12:10:20 | 000,033,538 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2005/03/15 13:00:00 | 000,277,504 | ---- | M] (Philips Semiconductors) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SAA713x.sys -- (713xTVCard)
DRV - [2005/03/02 18:44:00 | 000,465,988 | R--- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HCWBT8XX.sys -- (HCWBT8xx)
DRV - [2005/02/08 21:57:06 | 000,059,649 | R--- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RDWM1053.SYS -- (RDID1053)
DRV - [2005/01/19 12:01:26 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2005/01/05 06:05:08 | 000,082,768 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabser.sys -- (slabser)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/05/13 14:00:04 | 000,111,808 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/05/13 12:19:36 | 000,079,488 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004/03/22 18:24:00 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/12/01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/11/17 22:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 22:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 22:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:07:20 | 000,019,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PhilTune.sys -- (PhilTune)
DRV - [2001/08/17 15:05:20 | 000,031,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OVCE.sys -- (QCEmerald)
DRV - [2001/08/17 15:05:06 | 000,025,216 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OVSound2.sys -- (lusbaudio)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 14:46:40 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enum1394.sys -- (ENUM1394)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:\PROGRA~1\SPEEDB~1\proxy.pac

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:\PROGRA~1\SPEEDB~1\proxy.pac



IE - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
IE - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C CF F2 D5 80 E8 C9 01 [binary data]
IE - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/20 17:49:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/29 16:09:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/29 16:09:58 | 000,000,000 | ---D | M]

[2010/04/29 16:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Alexander\Application Data\Mozilla\Extensions
[2009/08/21 17:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Alexander\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/04/29 16:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Alexander\Application Data\Mozilla\Firefox\Profiles\jg8d4r3j.default\extensions
[2010/04/29 16:11:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard Alexander\Application Data\Mozilla\Firefox\Profiles\jg8d4r3j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/29 16:11:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard Alexander\Application Data\Mozilla\Firefox\Profiles\jg8d4r3j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/29 16:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Alexander\Application Data\Mozilla\Firefox\Profiles\jg8d4r3j.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/04/29 16:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Alexander\Application Data\Mozilla\Firefox(2)\Profiles(2)\gmrw87b1.default\extensions
[2010/04/29 16:09:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Richard Alexander\Application Data\Mozilla\Firefox(2)\Profiles(2)\gmrw87b1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2010/04/29 16:09:50 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Richard Alexander\Application Data\Mozilla\Firefox(2)\Profiles(2)\gmrw87b1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2010/04/29 16:09:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/05/27 20:46:20 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/02/12 20:30:16 | 000,164,352 | ---- | M] (Indiepath Ltd) -- C:\Program Files\Mozilla Firefox\plugins\npigl.dll
[2006/08/09 11:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npWebLaunch.dll
[2009/08/09 01:11:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2009/08/09 01:30:36 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll

O1 HOSTS File: ([2008/09/03 23:36:03 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [Getting started with MacDrive 8] C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe (HP)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe (Standard Microsystems Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Documents and Settings\Richard Alexander\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: {C06C25D5-0D3F-1033-0108-07050622002c} = "C:\Program Files\Common Files\{C06C25D5-0D3F-1033-0108-07050622002c}\Update.exe" te-110-12-0000073 ()
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: {C06C25D5-0D3F-1033-0108-07050622002c} = "C:\Program Files\Common Files\{C06C25D5-0D3F-1033-0108-07050622002c}\Update.exe" te-110-12-0000073 ()
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2511884834-3954942267-3643776504-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Save YouTube Video - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (Checkers Class)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/7/0...tualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} http://musicmix.messenger.msn.com/Medialogic.CAB (CMediaMix Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab (Minesweeper Flags Class)
O16 - DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} http://download.microsoft.com/download/f/0...tualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://richardalexander001.spaces.live.com...ad/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMesse...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} http://help.broadbandassist.com/bbdesktop/...tivePreQual.cab (PreQualifier Class)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} http://www.miniclip.com/igloader/igloader.CAB (igLoader Content on Demand)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by106fd.bay106.hotmail.msn.com/activex/HMAtchmt.ocx (Hotmail Attachments Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Richard Alexander\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Richard Alexander\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\System32\ZWebAuth.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/13 22:25:40 | 000,000,025 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b352ff94-6752-11dc-a41d-0016e3994d71}\Shell - "" = AutoRun
O33 - MountPoints2\{b352ff94-6752-11dc-a41d-0016e3994d71}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b352ff94-6752-11dc-a41d-0016e3994d71}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f292bb66-0b0e-11de-b476-0016e3994d71}\Shell - "" = AutoRun
O33 - MountPoints2\{f292bb66-0b0e-11de-b476-0016e3994d71}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f292bb66-0b0e-11de-b476-0016e3994d71}\Shell\AutoRun\command - "" = E:\DPFMate.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/03 20:27:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/03 19:01:54 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Richard Alexander\Desktop\OTL.exe
[2010/05/02 13:47:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/02 13:47:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/02 13:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/02 12:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Alexander\Desktop\Autoruns
[2010/04/30 21:20:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Richard Alexander\Recent
[2010/04/30 19:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/30 19:04:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/29 17:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2010/04/29 17:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/29 17:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/29 16:45:00 | 001,396,831 | ---- | C] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\AegisE5.dll
[2010/04/29 16:45:00 | 001,314,922 | ---- | C] (BT Voyager Corporation) -- C:\WINDOWS\System32\bcmwlcpl.cpl
[2010/04/29 16:45:00 | 000,827,392 | ---- | C] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\AegisE2.dll
[2010/04/29 16:45:00 | 000,188,416 | ---- | C] (BT Voyager Corporation) -- C:\WINDOWS\System32\bcmwlu00.exe
[2010/04/29 16:45:00 | 000,081,920 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\wltrynt.dll
[2010/04/29 16:45:00 | 000,073,728 | ---- | C] (BT Voyager Corporation) -- C:\WINDOWS\System32\bcmwld2k.exe
[2010/04/29 16:45:00 | 000,061,440 | ---- | C] (BT Voyager Corporation) -- C:\WINDOWS\System32\bcmwlhom.exe
[2010/04/29 16:44:59 | 000,172,032 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\BCMLogon.dll
[2010/04/29 16:44:59 | 000,027,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\RNDISMPK.sys
[2010/04/29 16:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\BT Voyager
[2010/04/29 16:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\AudioCommander
[2010/04/29 16:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/04/29 16:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/04/29 16:10:16 | 000,000,000 | ---D | C] -- C:\DVDVideoSoft
[2010/04/29 15:40:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/04/29 13:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Alexander\Application Data\Malwarebytes
[2010/04/29 13:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/26 23:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\Flux
[2010/04/26 23:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Nomad Factory Inc
[2010/04/26 23:14:36 | 000,000,000 | ---D | C] -- C:\Program Files\Sonalksis
[2010/04/17 14:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Alexander\Application Data\TightVNC
[2010/04/17 14:55:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TightVNC
[2010/04/16 21:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/04/16 21:07:00 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger Plus! Live
[2010/04/15 01:38:15 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/04/13 23:30:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Alexander\Application Data\AVG9
[2010/04/13 21:50:53 | 000,000,000 | ---D | C] -- C:\Program Files\IK Multimedia
[2010/04/11 19:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Alexander\Application Data\Sibelius Software
[2010/04/06 18:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\WMV9_VCM
[2010/04/06 13:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/06 13:48:03 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/06 13:48:03 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/06 13:48:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/06 13:48:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/05 19:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/05 19:18:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/05 19:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/05 19:10:50 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

========== Files - Modified Within 30 Days ==========

[2010/05/03 20:33:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/03 20:33:13 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/05/03 20:33:09 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/03 20:32:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/03 20:32:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/03 20:32:49 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/03 20:31:55 | 015,810,560 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\ntuser.dat
[2010/05/03 20:31:55 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Richard Alexander\ntuser.ini
[2010/05/03 20:18:48 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/03 14:11:28 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard Alexander\Desktop\OTL.exe
[2010/05/02 15:51:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/02 13:47:34 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/02 13:28:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2010/05/02 12:19:10 | 059,504,392 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/01 00:22:35 | 000,003,847 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\.ganttproject
[2010/04/29 18:54:45 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\Desktop\90xzc6nj.exe
[2010/04/29 18:15:14 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\Desktop\dds.scr
[2010/04/29 18:07:22 | 000,002,583 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\Desktop\HiJackThis.lnk
[2010/04/29 17:43:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\regsvr32
[2010/04/29 16:46:07 | 000,000,028 | ---- | M] () -- C:\WINDOWS\bcmwl.DMR
[2010/04/29 16:19:53 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/29 16:02:42 | 000,445,150 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/29 16:02:42 | 000,073,076 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 20:57:37 | 000,012,678 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6EUB
[2010/04/28 16:56:13 | 000,060,928 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\Desktop\Log.doc
[2010/04/28 00:08:48 | 000,000,192 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss
[2010/04/28 00:08:48 | 000,000,192 | ---- | M] () -- C:\WINDOWS\msocreg32.dat
[2010/04/26 23:14:36 | 000,010,553 | ---- | M] () -- C:\WINDOWS\unins000.dat
[2010/04/26 21:36:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/20 16:46:25 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/18 14:37:33 | 000,001,141 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/16 22:53:53 | 000,077,348 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/16 21:03:40 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/16 20:57:59 | 000,001,865 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\Desktop\Audio Converter Pro.lnk
[2010/04/16 20:56:49 | 000,103,680 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/16 20:54:21 | 000,359,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/16 20:46:26 | 000,001,849 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\Desktop\Windows Live Messenger.lnk
[2010/04/16 13:17:15 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/15 01:25:32 | 000,000,192 | ---- | M] () -- C:\WINDOWS\System32\msvcsv60.dll
[2010/04/06 19:31:56 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\Richard Alexander\Desktop\Video Cleaner Pro.lnk
[2010/04/06 19:27:55 | 000,160,373 | ---- | M] () -- C:\WINDOWS\MPEG-4 Booster Pack Uninstaller.exe
[2010/04/06 19:17:14 | 000,166,361 | ---- | M] () -- C:\WINDOWS\Video Cleaner Pro Uninstaller.exe
[2010/04/06 16:51:03 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/04/06 13:47:46 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/04/06 13:47:46 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/06 13:47:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/06 13:47:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/06 13:47:46 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

========== Files Created - No Company Name ==========

[2010/05/02 13:47:34 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/30 07:54:33 | 1071,796,224 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/29 18:54:45 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Richard Alexander\Desktop\90xzc6nj.exe
[2010/04/29 18:15:13 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Richard Alexander\Desktop\dds.scr
[2010/04/29 17:43:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Richard Alexander\regsvr32
[2010/04/29 17:39:36 | 000,002,583 | ---- | C] () -- C:\Documents and Settings\Richard Alexander\Desktop\HiJackThis.lnk
[2010/04/29 16:45:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2010/04/29 16:45:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\AegisI2.exe
[2010/04/29 16:45:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\wltrysvc.exe
[2010/04/29 16:45:00 | 000,003,126 | ---- | C] () -- C:\WINDOWS\System32\bcmwlhom.ini
[2010/04/29 16:45:00 | 000,002,238 | ---- | C] () -- C:\WINDOWS\System32\BT.ico
[2010/04/29 16:44:59 | 000,031,185 | ---- | C] () -- C:\WINDOWS\System32\drivers\bcmrndis.inf
[2010/04/29 16:44:59 | 000,007,417 | ---- | C] () -- C:\WINDOWS\System32\drivers\bcm43xx.cat
[2010/04/28 20:55:36 | 000,012,678 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6EUB
[2010/04/28 16:56:12 | 000,060,928 | ---- | C] () -- C:\Documents and Settings\Richard Alexander\Desktop\Log.doc
[2010/04/26 23:14:35 | 000,010,553 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2010/04/24 22:08:54 | 015,810,560 | ---- | C] () -- C:\Documents and Settings\Richard Alexander\ntuser.dat
[2010/04/18 13:55:23 | 000,001,141 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/16 20:46:26 | 000,001,849 | ---- | C] () -- C:\Documents and Settings\Richard Alexander\Desktop\Windows Live Messenger.lnk
[2010/04/06 19:31:56 | 000,000,931 | ---- | C] () -- C:\Documents and Settings\Richard Alexander\Desktop\Video Cleaner Pro.lnk
[2010/04/06 19:27:55 | 000,160,373 | ---- | C] () -- C:\WINDOWS\MPEG-4 Booster Pack Uninstaller.exe
[2010/04/06 19:17:14 | 000,166,361 | ---- | C] () -- C:\WINDOWS\Video Cleaner Pro Uninstaller.exe
[2010/04/05 19:19:50 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/05 19:15:20 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/26 22:55:43 | 000,000,005 | ---- | C] () -- C:\WINDOWS\dngkicce.ini
[2010/03/26 22:37:30 | 006,500,352 | ---- | C] () -- C:\WINDOWS\System32\PSP VintageWarmer2.dll
[2010/03/26 22:37:30 | 006,496,256 | ---- | C] () -- C:\WINDOWS\System32\PSP VintageWarmer.dll
[2010/03/26 22:25:43 | 006,080,000 | ---- | C] () -- C:\WINDOWS\System32\PSP oldTimer.dll
[2010/03/26 22:21:25 | 002,949,120 | ---- | C] () -- C:\WINDOWS\System32\PSP 84.dll
[2010/03/26 22:18:20 | 003,175,424 | ---- | C] () -- C:\WINDOWS\System32\PSP Nitro.dll
[2010/03/26 22:11:05 | 001,683,456 | ---- | C] () -- C:\WINDOWS\System32\Lexicon PSP42.dll
[2010/03/18 19:48:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\DigiPlatformSupport.dll
[2010/03/10 20:38:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2010/01/02 21:39:05 | 000,001,769 | ---- | C] () -- C:\WINDOWS\TrueRTA.INI
[2009/03/10 19:53:38 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2009/01/31 13:12:20 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2009/01/18 21:59:56 | 000,000,354 | ---- | C] () -- C:\WINDOWS\Ripper.INI
[2008/12/17 21:11:38 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/17 21:11:38 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/17 21:11:36 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/15 14:34:17 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\SQSDRVRM.SYS
[2008/11/15 14:32:10 | 000,000,074 | ---- | C] () -- C:\WINDOWS\RipEditBurn.ini
[2008/11/15 14:31:44 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\drvlock.sys
[2008/11/15 14:31:44 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\symbios.sys
[2008/09/20 15:10:19 | 000,004,158 | ---- | C] () -- C:\WINDOWS\estwn323.ini
[2008/09/20 15:07:31 | 000,000,110 | ---- | C] () -- C:\WINDOWS\Epscan2.INI
[2008/09/10 22:49:48 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/08/29 21:20:47 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\vburner.sys
[2008/08/16 12:42:04 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/07/10 14:11:35 | 000,000,160 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2007/12/30 13:55:01 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2007/11/20 20:28:51 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/11/20 20:28:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2007/11/20 20:27:42 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.dll
[2007/11/20 20:27:42 | 000,003,456 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.sys
[2007/11/20 20:27:23 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\sptlib01.dll
[2007/11/20 20:27:23 | 000,249,856 | R--- | C] () -- C:\WINDOWS\System32\sptlib02.dll
[2007/11/03 12:42:51 | 002,729,472 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll
[2007/11/02 20:47:13 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/07/15 16:45:12 | 000,000,028 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini
[2007/04/02 12:51:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DMM.INI
[2007/03/09 20:30:13 | 000,046,592 | R--- | C] () -- C:\WINDOWS\System32\drivers\tshd4_kern_i386.sys
[2007/03/09 20:30:13 | 000,044,416 | R--- | C] () -- C:\WINDOWS\System32\drivers\Surroundhp_kern_i386.sys
[2007/03/09 20:30:13 | 000,037,760 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter_i386.sys
[2007/03/09 20:30:13 | 000,037,248 | R--- | C] () -- C:\WINDOWS\System32\drivers\csiidecoder_kern_i386.sys
[2007/01/15 17:53:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/07 01:57:41 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/08 20:22:41 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/12/08 20:22:41 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/11/21 14:27:35 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/10/31 21:48:24 | 000,009,206 | ---- | C] () -- C:\WINDOWS\NTTuner.ini
[2006/10/31 21:42:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\HCWxds.dll
[2006/10/13 12:30:10 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/07/17 12:57:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\FxShared.dll
[2006/07/17 12:57:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\com.fxpansion.fxshared.dll
[2006/05/01 19:38:34 | 000,000,635 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/18 16:19:22 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2006/03/12 17:24:00 | 000,000,281 | ---- | C] () -- C:\WINDOWS\irremote.ini
[2006/02/26 21:21:29 | 000,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2006/02/25 12:19:41 | 000,000,091 | ---- | C] () -- C:\WINDOWS\CDGUIDE.INI
[2006/02/15 21:02:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/01/30 22:45:51 | 000,021,758 | ---- | C] () -- C:\WINDOWS\PHONE.INI
[2006/01/30 22:45:51 | 000,005,176 | ---- | C] () -- C:\WINDOWS\AIRMOS.INI
[2006/01/30 22:45:51 | 000,004,374 | ---- | C] () -- C:\WINDOWS\AIRWIN.INI
[2006/01/30 22:45:51 | 000,001,253 | ---- | C] () -- C:\WINDOWS\REMOTE.INI
[2006/01/30 22:45:51 | 000,000,198 | ---- | C] () -- C:\WINDOWS\PROFILE.INI
[2006/01/30 22:45:51 | 000,000,131 | ---- | C] () -- C:\WINDOWS\APP2SOCK.INI
[2006/01/30 22:45:36 | 000,000,040 | ---- | C] () -- C:\WINDOWS\CYBER.INI
[2006/01/14 20:42:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/12/26 18:12:39 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2005/12/21 19:51:32 | 000,000,177 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/12/20 22:14:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/12/19 22:49:42 | 000,029,724 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/12/06 05:19:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/06 04:50:20 | 000,000,402 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/16 11:15:04 | 000,164,112 | ---- | C] () -- C:\WINDOWS\System32\awmpi.dll
[2004/08/10 14:12:05 | 000,000,885 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/05/11 11:04:20 | 000,000,241 | ---- | C] () -- C:\WINDOWS\System32\BELKIN.ini
[2002/09/06 20:57:38 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[2001/11/19 20:05:18 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2001/07/25 12:00:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\HWINV.DLL
[2001/07/25 12:00:10 | 000,026,572 | ---- | C] () -- C:\WINDOWS\System32\INV16.DLL
[1999/09/01 13:04:42 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\INETWH32.DLL
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 821 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08279447
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdsp.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WPDShServiceObj.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdshextautoplay.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WpdShext.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdmtpus.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdmtp.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdconns.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpd_ci.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVXENCD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVSENCD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVSDECD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVENCOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmvdmoe2.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmvdmod.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVDECOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmvcore.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVADVE.DLL:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVADVD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMSPDMOE.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMSPDMOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmsdmoe2.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmsdmod.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMNetMgr.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmidx.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdrmsdk.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdrmnet.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdrmdev.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdmps.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdmlog.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmasf.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMADMOE.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmadmod.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wdfmgr.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wdfapi.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\uwdf.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\qasf.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceWMDRM.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceWiaCompat.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceTypes.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceClassExtension.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceApi.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\mswmdm.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\msscp.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\mspmsp.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\mspmsnsv.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\msnetobj.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MRT.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MPG4DMOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MPG4DECD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MP4SDMOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MP4SDECD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MP43DMOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MP43DECD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MFPLAT.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\logagent.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\LAPRXY.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drmv2clt.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drmupgds.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drivers\wpdusb.sys:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drivers\UMDF\wpdmtpdr.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wmvdmoe2.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wmvdmod.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wmvcore.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\WMSPDMOE.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\WMSPDMOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wmsdmoe2.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wmsdmod.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\WMNetMgr.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wmidx.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wmdmps.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wmdmlog.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\WMASF.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\WMADMOE.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\WMADMOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\qasf.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\mswmdm.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\msscp.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\mspmsp.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\mspmsnsv.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\msnetobj.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\logagent.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\LAPRXY.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\drmv2clt.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\cewmdm.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\blackbox.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\cewmdm.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\blackbox.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\audiodev.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Documents and Settings\Richard Alexander\Desktop\Sound Production Graded Unit 1 - Student Support Pack.doc:AFP_AfpInfo
@Alternate Data Stream - 1274 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:uwmPiXhlfKAn4WvhGjVUAKCP
< End of report >


mbr log

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x83D01EE4]<<
kernel: MBR read successfully
user & kernel MBR OK



Thanks!

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:57 PM

Posted 03 May 2010 - 04:57 PM

Hi,

Unfortunately your logs show you have a rootkit infection, so you should be aware of the following information.

One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.



Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#7 Richardflea

Richardflea
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Markinch, Fife, UK
  • Local time:12:57 PM

Posted 04 May 2010 - 11:52 AM

I have noticed that google is working well now in IE, however during the process of all the various scans, Mozilla Firefox has stopped opening. With the task manager on screen, I click on the Firefox icon to open and I can see the process appear in the list, however it disappears within a second. I cannot uninstall Firefox because the uninstaller does the same thing (closes immediately).

I have decided to go ahead with the combofix. Here's the log:


ComboFix 10-05-03.06 - Richard Alexander 04/05/2010 17:30:56.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.582 [GMT 1:00]
Running from: c:\documents and settings\Richard Alexander\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Richard Alexander\System
c:\documents and settings\Richard Alexander\System\win_qs8.jqx
c:\progra~1\COMMON~1\{306C2~1
c:\progra~1\COMMON~1\{306C2~1\Bar888.dll
c:\progra~1\COMMON~1\{306C2~1\UnInstall.exe
c:\progra~1\COMMON~1\{C06C2~3
c:\progra~1\COMMON~1\{C06C2~3\Update.exe
c:\program files\INSTALL.LOG
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\eSellerateEngine.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\msvcsv60.dll
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

Infected copy of c:\windows\system32\drivers\isapnp.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-04-04 to 2010-05-04 )))))))))))))))))))))))))))))))
.

2010-05-03 19:27 . 2010-05-03 19:27 -------- d-----w- C:\_OTL
2010-05-02 12:47 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-02 12:47 . 2010-05-02 12:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-02 12:47 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-30 18:04 . 2010-04-30 18:04 -------- d-----w- c:\program files\Alwil Software
2010-04-30 18:04 . 2010-04-30 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-29 16:40 . 2010-04-29 16:40 388096 ----a-r- c:\documents and settings\Richard Alexander\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-29 16:39 . 2010-04-29 16:39 -------- d-----w- c:\program files\Trend Micro
2010-04-29 16:02 . 2010-04-29 16:02 -------- d-----w- c:\program files\CCleaner
2010-04-29 15:45 . 2010-04-29 15:45 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-04-29 15:45 . 2005-01-29 01:09 876649 ----a-w- c:\windows\system32\bcmwltry.exe
2010-04-29 15:45 . 2005-01-29 01:09 73728 ----a-w- c:\windows\system32\bcmwld2k.exe
2010-04-29 15:45 . 2005-01-29 01:09 696422 ----a-w- c:\windows\system32\wltray.exe
2010-04-29 15:45 . 2005-01-29 01:09 61440 ----a-w- c:\windows\system32\bcmwlhom.exe
2010-04-29 15:45 . 2005-01-29 01:09 188416 ----a-w- c:\windows\system32\bcmwlu00.exe
2010-04-29 15:45 . 2005-01-19 10:01 827392 ----a-w- c:\windows\system32\AegisE2.dll
2010-04-29 15:45 . 2005-01-19 10:01 192512 ----a-w- c:\windows\system32\AegisI5.exe
2010-04-29 15:45 . 2005-01-19 10:01 1396831 ----a-w- c:\windows\system32\AegisE5.dll
2010-04-29 15:45 . 2005-01-19 10:01 114688 ----a-w- c:\windows\system32\AegisI2.exe
2010-04-29 15:45 . 2005-01-19 10:01 81920 ----a-w- c:\windows\system32\wltrynt.dll
2010-04-29 15:45 . 2005-01-19 10:01 65536 ----a-w- c:\windows\system32\wltrysvc.exe
2010-04-29 15:44 . 2010-04-29 15:44 -------- d-----w- c:\program files\BT Voyager
2010-04-29 15:44 . 2005-01-19 10:01 27264 ----a-w- c:\windows\system32\drivers\RNDISMPK.sys
2010-04-29 15:44 . 2005-01-19 10:01 172032 ----a-w- c:\windows\system32\BCMLogon.dll
2010-04-29 15:12 . 2010-04-29 15:12 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-29 15:10 . 2010-04-29 15:10 -------- d-----w- c:\program files\AudioCommander
2010-04-29 15:10 . 2010-04-29 15:10 -------- d-----w- c:\program files\Common Files\Real
2010-04-29 15:10 . 2010-04-29 15:10 -------- d-----w- C:\DVDVideoSoft
2010-04-29 14:40 . 2010-04-29 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-04-29 12:08 . 2010-04-29 12:08 -------- d-----w- c:\documents and settings\Richard Alexander\Application Data\Malwarebytes
2010-04-29 12:07 . 2010-04-29 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-26 22:16 . 2010-04-26 22:16 -------- d-----w- c:\program files\Flux
2010-04-26 22:15 . 2010-04-26 22:15 -------- d-----w- c:\program files\Nomad Factory Inc
2010-04-26 22:14 . 2010-04-26 22:14 -------- d-----w- c:\program files\Sonalksis
2010-04-26 22:14 . 2010-04-26 22:14 10553 ----a-w- c:\windows\unins000.dat
2010-04-17 13:57 . 2010-04-17 13:57 -------- d-----w- c:\documents and settings\Richard Alexander\Application Data\TightVNC
2010-04-17 13:55 . 2010-04-17 13:55 -------- d-----w- c:\documents and settings\LocalService\Application Data\TightVNC
2010-04-16 20:07 . 2010-04-16 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2010-04-16 20:07 . 2010-04-16 20:07 -------- d-----w- c:\program files\Messenger Plus! Live
2010-04-13 22:30 . 2010-04-13 22:30 -------- d-----w- c:\documents and settings\Richard Alexander\Application Data\AVG9
2010-04-13 20:50 . 2010-04-13 20:50 -------- d-----w- c:\program files\IK Multimedia
2010-04-11 18:43 . 2010-04-11 18:43 -------- d-----w- c:\documents and settings\Richard Alexander\Application Data\Sibelius Software
2010-04-09 12:02 . 2010-04-09 12:03 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-04-06 18:27 . 2010-04-06 18:27 160373 ----a-w- c:\windows\MPEG-4 Booster Pack Uninstaller.exe
2010-04-06 18:17 . 2010-04-06 18:17 166361 ----a-w- c:\windows\Video Cleaner Pro Uninstaller.exe
2010-04-06 17:56 . 2010-04-06 17:56 -------- d-----w- c:\program files\WMV9_VCM
2010-04-06 12:48 . 2010-04-06 12:48 -------- d-----w- c:\program files\Common Files\Java
2010-04-05 18:18 . 2010-04-05 18:18 -------- d-----w- c:\program files\iPod
2010-04-05 18:18 . 2010-04-05 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-05 18:18 . 2010-04-05 18:19 -------- d-----w- c:\program files\iTunes
2010-04-05 18:10 . 2010-04-05 18:10 -------- d-----w- c:\program files\Bonjour
2010-04-05 18:05 . 2010-04-05 18:05 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-03 17:59 . 2008-11-18 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-30 20:42 . 2009-11-02 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-29 20:48 . 2008-09-03 20:53 103680 -c--a-w- c:\documents and settings\Administrator.RICHARD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-29 15:44 . 2005-12-06 04:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-29 15:35 . 2007-06-09 16:26 -------- d-----w- c:\documents and settings\Richard Alexander\Application Data\GetRightToGo
2010-04-29 10:36 . 2007-06-09 16:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-27 23:33 . 2010-03-20 19:50 -------- d-----w- c:\documents and settings\Richard Alexander\Application Data\Digidesign
2010-04-27 23:08 . 2009-03-10 18:53 192 -c--a-w- c:\windows\msocreg32.dat
2010-04-20 15:46 . 2008-08-31 12:10 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-16 21:53 . 2009-09-21 11:17 77348 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-16 19:56 . 2005-12-21 18:57 103680 -c--a-w- c:\documents and settings\Richard Alexander\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-16 19:43 . 2007-09-15 11:50 -------- d-----w- c:\program files\Windows Live
2010-04-15 23:14 . 2010-03-26 21:18 -------- d-----w- c:\program files\PSPaudioware
2010-04-15 23:13 . 2006-05-02 13:03 -------- d-----w- c:\program files\Sibelius Software
2010-04-12 14:13 . 2009-09-01 18:18 -------- d-----w- c:\documents and settings\Richard Alexander\Application Data\Spotify
2010-04-10 12:41 . 2008-09-24 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-06 18:27 . 2010-02-25 19:32 -------- d-----w- c:\program files\Common Files\River Past
2010-04-06 18:27 . 2010-02-25 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\River Past G5
2010-04-06 18:27 . 2010-02-25 19:32 -------- d-----w- c:\program files\River Past
2010-04-06 17:56 . 2010-02-25 19:32 -------- d-----w- c:\documents and settings\Richard Alexander\Application Data\River Past G5
2010-04-06 17:53 . 2008-03-30 11:56 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-04-06 17:52 . 2008-03-30 11:57 -------- d-----w- c:\documents and settings\Richard Alexander\Application Data\AVS4YOU
2010-04-06 12:47 . 2008-11-25 16:55 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-05 18:18 . 2008-08-09 21:02 -------- d-----w- c:\program files\Common Files\Apple
2010-04-05 18:15 . 2008-09-13 22:15 -------- d-----w- c:\program files\QuickTime
2010-03-28 22:32 . 2010-03-26 21:26 -------- d-----w- c:\program files\iZotope
2010-03-28 21:29 . 2010-03-28 21:29 -------- d-----w- c:\documents and settings\Richard Alexander\Application Data\Waves Audio
2010-03-28 21:29 . 2010-03-28 21:29 -------- d-----w- c:\program files\Waves
2010-03-26 22:03 . 2010-03-26 21:28 -------- d-----w- c:\documents and settings\Richard Alexander\Application Data\iZotope
2010-03-26 21:54 . 2010-03-26 21:54 -------- d-----w- c:\program files\Wave Arts
2010-03-26 21:45 . 2010-03-26 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\iZotope
2010-03-26 21:37 . 2010-03-26 21:37 6500352 ----a-w- c:\windows\system32\PSP VintageWarmer2.dll
2010-03-26 21:37 . 2010-03-26 21:37 6496256 ----a-w- c:\windows\system32\PSP VintageWarmer.dll
2010-03-26 21:27 . 2010-03-20 19:01 -------- d-----w- c:\documents and settings\Richard Alexander\Application Data\PACE Anti-Piracy
2010-03-26 21:27 . 2007-02-17 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2010-03-26 21:25 . 2010-03-26 21:25 6080000 ----a-w- c:\windows\system32\PSP oldTimer.dll
2010-03-26 21:18 . 2010-03-26 21:18 3175424 ----a-w- c:\windows\system32\PSP Nitro.dll
2010-03-20 19:43 . 2010-03-20 19:43 -------- d-----w- c:\program files\InterLok
2010-03-20 19:42 . 2010-03-20 19:41 -------- d-----w- c:\program files\Digidesign
2010-03-20 19:41 . 2010-03-20 19:41 -------- d-----w- c:\program files\Common Files\Digidesign
2010-03-16 14:23 . 2010-03-16 14:23 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-16 14:23 . 2008-08-31 12:10 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-16 14:23 . 2008-08-31 12:10 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-11 12:38 . 2004-08-10 12:51 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-04-09 18:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-10 12:50 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-10 20:24 . 2010-03-10 20:15 364544 ----a-w- c:\windows\system32\WDBtnMgr.exe
2010-03-09 11:09 . 2004-08-10 12:51 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 21:30 . 2010-03-06 21:30 -------- d-----w- c:\program files\Lavalys
2010-03-06 16:30 . 2005-12-21 19:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-06 16:26 . 2010-03-06 16:26 86016 -c--a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-03-06 15:58 . 2007-12-03 17:17 -------- d-----w- c:\program files\HP
2010-03-06 15:58 . 2010-03-06 15:58 609792 -c--a-r- c:\documents and settings\Richard Alexander\Application Data\Microsoft\Installer\{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}\Icon59991D183.exe
2010-03-06 15:57 . 2010-03-06 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2010-03-06 15:57 . 2010-03-06 15:57 -------- d-----w- c:\program files\TechSmith
2010-03-06 15:55 . 2010-02-15 15:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-25 19:32 . 2010-02-25 19:32 165073 ----a-w- c:\windows\Audio Converter Pro Uninstaller.exe
2010-02-24 13:11 . 2005-12-06 03:49 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2004-08-10 12:51 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:46 . 2010-02-12 10:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46 . 2010-02-12 10:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 10:03 . 2010-02-28 23:16 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-08-10 12:50 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-10 12:51 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2009-08-09 00:11 . 2009-08-09 00:11 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-08-09 00:30 . 2009-08-09 00:30 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2009-06-15 202328]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2009-03-31 141312]
"SetIcon"="c:\program files\Icons\SetIcon.exe" [2002-12-16 39936]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2006-12-09 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"wltray.exe"="c:\windows\system32\wltray.exe" [2005-01-29 696422]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Richard Alexander\Start Menu\Programs\Startup\
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2006-7-25 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-16 14:23 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=RDDV1053.DLL
"midi2"=RDDV1053.DLL
"wave5"=Digi32.dll
"MIDI10"=diomidi.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2009-05-11 22:38 1548288 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_wcm_McciTrayApp]
2009-05-11 22:39 1516032 ----a-w- c:\program files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2007-11-15 09:23 202544 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 09:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 05:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Documents and Settings\\Richard Alexander\\Desktop\\Halo Custom Edition\\haloce.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"4100:UDP"= 4100:UDP:uPNP Router Control Port

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [20/03/2010 20:43 16384]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [28/09/2009 15:02 259176]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [31/07/2009 17:07 27488]
R0 vburner;vburner;c:\windows\system32\drivers\vburner.sys [29/08/2008 21:20 15872]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [31/08/2008 13:10 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [31/08/2008 13:10 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [16/03/2010 15:23 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [16/03/2010 15:23 308064]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [20/03/2010 20:41 11776]
R2 Ekauio;Ekahau NDIS Usermode I/O Protocol;c:\windows\system32\drivers\ekauio.sys [07/04/2009 13:45 12416]
R2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [23/09/2009 14:13 150528]
R3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [30/12/2005 20:24 31872]
S2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [15/03/2005 13:00 277504]
S2 gupdate1c99fe14b83cb5a;Google Update Service (gupdate1c99fe14b83cb5a);c:\program files\Google\Update\GoogleUpdate.exe [08/03/2009 12:30 133104]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [20/11/2007 20:28 1171456]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [20/03/2010 20:41 109056]
S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [15/07/2007 16:41 465988]
S3 jatmlano;jatmlano;\??\c:\docume~1\RICHAR~1\LOCALS~1\Temp\jatmlano.sys --> c:\docume~1\RICHAR~1\LOCALS~1\Temp\jatmlano.sys [?]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [20/03/2010 20:41 15488]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [20/03/2010 20:41 15232]
S3 PhilTune;Philips TV Tuner;c:\windows\system32\drivers\PhilTune.sys [04/03/2008 18:47 19840]
S3 RDID1053;EDIROL PC-50;c:\windows\system32\drivers\RDWM1053.SYS [20/02/2006 22:13 59649]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2010-05-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-05-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-15 22:10]

2010-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-08 11:30]

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-08 11:30]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: {{B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - c:\program files\PartyGaming\PartyBingo\RunBingo.exe
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Richard Alexander\Start Menu\Programs\IMVU\Run IMVU.lnk
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
HKLM-Run-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe
HKU-Default-Explorer_Run-{C06C25D5-0D3F-1033-0108-07050622002c} - c:\program files\Common Files\{C06C25D5-0D3F-1033-0108-07050622002c}\Update.exe
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-InCD - c:\program files\Ahead\InCD\InCD.exe
AddRemove-Lexicon PSP42 1.4 - c:\progra~1\LEXICO~1\UNWISE.EXE
AddRemove-Mirage Driver_is1 - c:\program files\DemoForge\Mirage Driver\uninst\unins000.exe
AddRemove-PSP84 1.4 - c:\progra~1\PSP84~1\UNWISE.EXE
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Richard Alexander\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
AddRemove-{A0F43BC6-E685-49CB-BF91-851F62628343} - c:\documents and settings\Richard Alexander\Local Settings\Application Data\{A9609760-A609-46DE-893D-55E123A7086F}\setup_ac.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-04 17:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\RDDV1053.DLL

- - - - - - - > 'explorer.exe'(1068)
c:\windows\system32\WININET.dll
c:\program files\Mediafour\MacDrive 8\MDVolumeIcons.dll
c:\program files\Mediafour\MacDrive 8\MACDRAPI.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\System32\snmp.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-05-04 17:47:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-04 16:47

Pre-Run: 211,215,597,568 bytes free
Post-Run: 211,051,655,168 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 44E428362DAEB534B0F702A479EAD6D6

Edited by Richardflea, 04 May 2010 - 11:58 AM.


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:57 PM

Posted 04 May 2010 - 04:39 PM

Have you tried downloading the latest version of firefox then installing it over your current copy?

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE
Driver::
jatmlano
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the button.
  • Check
  • Click the button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push


Then in your next reply, please let me know if you are having any more problems and post back here with the following logs:
  • Combofix.txt
  • ESEt report

Thanks

unite.jpg


#9 Richardflea

Richardflea
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Markinch, Fife, UK
  • Local time:12:57 PM

Posted 05 May 2010 - 01:12 PM

I managed to get Firefox running again and Google is still working well.
I noticed that after the first ComboFix run, a lot of old icons appeared on the desktop for programs that were deleted a long long time ago; are these icons safe to delete?

Combofix.txt

ComboFix 10-05-04.06 - Richard Alexander 05/05/2010 16:50:05.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.446 [GMT 1:00]
Running from: c:\documents and settings\Richard Alexander\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Richard Alexander\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JATMLANO
-------\Service_jatmlano


((((((((((((((((((((((((( Files Created from 2010-04-05 to 2010-05-05 )))))))))))))))))))))))))))))))
.

2010-05-03 19:27 . 2010-05-03 19:27 -------- d-----w- C:\_OTL
2010-05-02 12:47 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-02 12:47 . 2010-05-02 12:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-02 12:47 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-30 18:04 . 2010-04-30 18:04 -------- d-----w- c:\program files\Alwil Software
2010-04-30 18:04 . 2010-04-30 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-29 16:40 . 2010-04-29 16:40 388096 ----a-r- c:\documents and settings\Richard Alexander\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-29 16:39 . 2010-04-29 16:39 -------- d-----w- c:\program files\Trend Micro
2010-04-29 16:02 . 2010-04-29 16:02 -------- d-----w- c:\program files\CCleaner
2010-04-29 15:45 . 2010-04-29 15:45 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-04-29 15:45 . 2005-01-29 01:09 876649 ----a-w- c:\windows\system32\bcmwltry.exe
2010-04-29 15:45 . 2005-01-29 01:09 73728 ----a-w- c:\windows\system32\bcmwld2k.exe
2010-04-29 15:45 . 2005-01-29 01:09 696422 ----a-w- c:\windows\system32\wltray.exe
2010-04-29 15:45 . 2005-01-29 01:09 61440 ----a-w- c:\windows\system32\bcmwlhom.exe
2010-04-29 15:45 . 2005-01-29 01:09 188416 ----a-w- c:\windows\system32\bcmwlu00.exe
2010-04-29 15:45 . 2005-01-19 10:01 827392 ----a-w- c:\windows\system32\AegisE2.dll
2010-04-29 15:45 . 2005-01-19 10:01 192512 ----a-w- c:\windows\system32\AegisI5.exe
2010-04-29 15:45 . 2005-01-19 10:01 1396831 ----a-w- c:\windows\system32\AegisE5.dll
2010-04-29 15:45 . 2005-01-19 10:01 114688 ----a-w- c:\windows\system32\AegisI2.exe
2010-04-29 15:45 . 2005-01-19 10:01 81920 ----a-w- c:\windows\system32\wltrynt.dll
2010-04-29 15:45 . 2005-01-19 10:01 65536 ----a-w- c:\windows\system32\wltrysvc.exe
2010-04-29 15:44 . 2010-04-29 15:44 -------- d-----w- c:\program files\BT Voyager
2010-04-29 15:44 . 2005-01-19 10:01 27264 ----a-w- c:\windows\system32\drivers\RNDISMPK.sys
2010-04-29 15:44 . 2005-01-19 10:01 172032 ----a-w- c:\windows\system32\BCMLogon.dll
2010-04-29 15:12 . 2010-04-29 15:12 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-29 15:10 . 2010-04-29 15:10 -------- d-----w- c:\program files\AudioCommander
2010-04-29 15:10 . 2010-04-29 15:10 -------- d-----w- c:\program files\Common Files\Real
2010-04-29 15:10 . 2010-04-29 15:10 -------- d-----w- C:\DVDVideoSoft
2010-04-29 14:40 . 2010-04-29 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-04-29 12:08 . 2010-04-29 12:08 -------- d-----w- c:\documents and settings\Richard Alexander\Application Data\Malwarebytes
2010-04-29 12:07 . 2010-04-29 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-26 22:16 . 2010-04-26 22:16 -------- d-----w- c:\program files\Flux
2010-04-26 22:15 . 2010-04-26 22:15 -------- d-----w- c:\program files\Nomad Factory Inc
2010-04-26 22:14 . 2010-04-26 22:14 -------- d-----w- c:\program files\Sonalksis
2010-04-26 22:14 . 2010-04-26 22:14 10553 ----a-w- c:\windows\unins000.dat
2010-04-17 13:57 . 2010-04-17 13:57 -------- d-----w- c:\documents and settings\Richard Alexander\Application Data\TightVNC
2010-04-17 13:55 . 2010-04-17 13:55 -------- d-----w- c:\documents and settings\LocalService\Application Data\TightVNC
2010-04-16 20:07 . 2010-04-16 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2010-04-16 20:07 . 2010-04-16 20:07 -------- d-----w- c:\program files\Messenger Plus! Live
2010-04-13 22:30 . 2010-04-13 22:30 -------- d-----w- c:\documents and settings\Richard Alexander\Application Data\AVG9
2010-04-13 20:50 . 2010-04-13 20:50 -------- d-----w- c:\program files\IK Multimedia
2010-04-11 18:43 . 2010-04-11 18:43 -------- d-----w- c:\documents and settings\Richard Alexander\Application Data\Sibelius Software
2010-04-09 12:02 . 2010-04-09 12:03 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-04-06 18:27 . 2010-04-06 18:27 160373 ----a-w- c:\windows\MPEG-4 Booster Pack Uninstaller.exe
2010-04-06 18:17 . 2010-04-06 18:17 166361 ----a-w- c:\windows\Video Cleaner Pro Uninstaller.exe
2010-04-06 17:56 . 2010-04-06 17:56 -------- d-----w- c:\program files\WMV9_VCM
2010-04-06 12:48 . 2010-04-06 12:48 -------- d-----w- c:\program files\Common Files\Java
2010-04-05 18:18 . 2010-04-05 18:18 -------- d-----w- c:\program files\iPod
2010-04-05 18:18 . 2010-04-05 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-05 18:18 . 2010-04-05 18:19 -------- d-----w- c:\program files\iTunes
2010-04-05 18:10 . 2010-04-05 18:10 -------- d-----w- c:\program files\Bonjour
2010-04-05 18:05 . 2010-04-05 18:05 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-05 15:35 . 2008-11-18 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-30 20:42 . 2009-11-02 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-29 20:48 . 2008-09-03 20:53 103680 -c--a-w- c:\documents and settings\Administrator.RICHARD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-29 15:44 . 2005-12-06 04:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-29 15:35 . 2007-06-09 16:26 -------- d-----w- c:\documents and settings\Richard Alexander\Application Data\GetRightToGo
2010-04-29 10:36 . 2007-06-09 16:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-27 23:33 . 2010-03-20 19:50 -------- d-----w- c:\documents and settings\Richard Alexander\Application Data\Digidesign
2010-04-27 23:08 . 2009-03-10 18:53 192 -c--a-w- c:\windows\msocreg32.dat
2010-04-20 15:46 . 2008-08-31 12:10 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-16 21:53 . 2009-09-21 11:17 77348 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-16 19:56 . 2005-12-21 18:57 103680 -c--a-w- c:\documents and settings\Richard Alexander\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-16 19:43 . 2007-09-15 11:50 -------- d-----w- c:\program files\Windows Live
2010-04-15 23:14 . 2010-03-26 21:18 -------- d-----w- c:\program files\PSPaudioware
2010-04-15 23:13 . 2006-05-02 13:03 -------- d-----w- c:\program files\Sibelius Software
2010-04-12 14:13 . 2009-09-01 18:18 -------- d-----w- c:\documents and settings\Richard Alexander\Application Data\Spotify
2010-04-10 12:41 . 2008-09-24 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-06 18:27 . 2010-02-25 19:32 -------- d-----w- c:\program files\Common Files\River Past
2010-04-06 18:27 . 2010-02-25 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\River Past G5
2010-04-06 18:27 . 2010-02-25 19:32 -------- d-----w- c:\program files\River Past
2010-04-06 17:56 . 2010-02-25 19:32 -------- d-----w- c:\documents and settings\Richard Alexander\Application Data\River Past G5
2010-04-06 17:53 . 2008-03-30 11:56 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-04-06 17:52 . 2008-03-30 11:57 -------- d-----w- c:\documents and settings\Richard Alexander\Application Data\AVS4YOU
2010-04-06 12:47 . 2008-11-25 16:55 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-05 18:18 . 2008-08-09 21:02 -------- d-----w- c:\program files\Common Files\Apple
2010-04-05 18:15 . 2008-09-13 22:15 -------- d-----w- c:\program files\QuickTime
2010-03-28 22:32 . 2010-03-26 21:26 -------- d-----w- c:\program files\iZotope
2010-03-28 21:29 . 2010-03-28 21:29 -------- d-----w- c:\documents and settings\Richard Alexander\Application Data\Waves Audio
2010-03-28 21:29 . 2010-03-28 21:29 -------- d-----w- c:\program files\Waves
2010-03-26 22:03 . 2010-03-26 21:28 -------- d-----w- c:\documents and settings\Richard Alexander\Application Data\iZotope
2010-03-26 21:54 . 2010-03-26 21:54 -------- d-----w- c:\program files\Wave Arts
2010-03-26 21:45 . 2010-03-26 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\iZotope
2010-03-26 21:37 . 2010-03-26 21:37 6500352 ----a-w- c:\windows\system32\PSP VintageWarmer2.dll
2010-03-26 21:37 . 2010-03-26 21:37 6496256 ----a-w- c:\windows\system32\PSP VintageWarmer.dll
2010-03-26 21:27 . 2010-03-20 19:01 -------- d-----w- c:\documents and settings\Richard Alexander\Application Data\PACE Anti-Piracy
2010-03-26 21:27 . 2007-02-17 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2010-03-26 21:25 . 2010-03-26 21:25 6080000 ----a-w- c:\windows\system32\PSP oldTimer.dll
2010-03-26 21:18 . 2010-03-26 21:18 3175424 ----a-w- c:\windows\system32\PSP Nitro.dll
2010-03-20 19:43 . 2010-03-20 19:43 -------- d-----w- c:\program files\InterLok
2010-03-20 19:42 . 2010-03-20 19:41 -------- d-----w- c:\program files\Digidesign
2010-03-20 19:41 . 2010-03-20 19:41 -------- d-----w- c:\program files\Common Files\Digidesign
2010-03-16 14:23 . 2010-03-16 14:23 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-16 14:23 . 2008-08-31 12:10 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-16 14:23 . 2008-08-31 12:10 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-11 12:38 . 2004-08-10 12:51 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-04-09 18:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-10 12:50 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-10 20:24 . 2010-03-10 20:15 364544 ----a-w- c:\windows\system32\WDBtnMgr.exe
2010-03-09 11:09 . 2004-08-10 12:51 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 21:30 . 2010-03-06 21:30 -------- d-----w- c:\program files\Lavalys
2010-03-06 16:30 . 2005-12-21 19:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-06 16:26 . 2010-03-06 16:26 86016 -c--a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-03-06 15:58 . 2010-03-06 15:58 609792 -c--a-r- c:\documents and settings\Richard Alexander\Application Data\Microsoft\Installer\{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}\Icon59991D183.exe
2010-02-25 19:32 . 2010-02-25 19:32 165073 ----a-w- c:\windows\Audio Converter Pro Uninstaller.exe
2010-02-24 13:11 . 2005-12-06 03:49 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2004-08-10 12:51 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:46 . 2010-02-12 10:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46 . 2010-02-12 10:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 10:03 . 2010-02-28 23:16 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-08-10 12:50 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-10 12:51 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2009-06-15 202328]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2009-03-31 141312]
"SetIcon"="c:\program files\Icons\SetIcon.exe" [2002-12-16 39936]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2006-12-09 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"wltray.exe"="c:\windows\system32\wltray.exe" [2005-01-29 696422]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Richard Alexander\Start Menu\Programs\Startup\
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2006-7-25 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-16 14:23 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=RDDV1053.DLL
"midi2"=RDDV1053.DLL
"wave5"=Digi32.dll
"MIDI10"=diomidi.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2009-05-11 22:38 1548288 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_wcm_McciTrayApp]
2009-05-11 22:39 1516032 ----a-w- c:\program files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2007-11-15 09:23 202544 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 09:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 05:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Documents and Settings\\Richard Alexander\\Desktop\\Halo Custom Edition\\haloce.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"4100:UDP"= 4100:UDP:uPNP Router Control Port

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [20/03/2010 20:43 16384]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [28/09/2009 15:02 259176]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [31/07/2009 17:07 27488]
R0 vburner;vburner;c:\windows\system32\drivers\vburner.sys [29/08/2008 21:20 15872]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [31/08/2008 13:10 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [31/08/2008 13:10 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [16/03/2010 15:23 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [16/03/2010 15:23 308064]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [20/03/2010 20:41 11776]
R2 Ekauio;Ekahau NDIS Usermode I/O Protocol;c:\windows\system32\drivers\ekauio.sys [07/04/2009 13:45 12416]
R2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [23/09/2009 14:13 150528]
R3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [30/12/2005 20:24 31872]
S2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [15/03/2005 13:00 277504]
S2 gupdate1c99fe14b83cb5a;Google Update Service (gupdate1c99fe14b83cb5a);c:\program files\Google\Update\GoogleUpdate.exe [08/03/2009 12:30 133104]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [20/11/2007 20:28 1171456]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [20/03/2010 20:41 109056]
S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [15/07/2007 16:41 465988]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [20/03/2010 20:41 15488]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [20/03/2010 20:41 15232]
S3 PhilTune;Philips TV Tuner;c:\windows\system32\drivers\PhilTune.sys [04/03/2008 18:47 19840]
S3 RDID1053;EDIROL PC-50;c:\windows\system32\drivers\RDWM1053.SYS [20/02/2006 22:13 59649]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2010-05-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-05-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-15 22:10]

2010-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-08 11:30]

2010-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-08 11:30]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: {{B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - c:\program files\PartyGaming\PartyBingo\RunBingo.exe
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Richard Alexander\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Richard Alexander\Application Data\Mozilla\Firefox\Profiles\zjyvc46x.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-05 16:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\RDDV1053.DLL

- - - - - - - > 'explorer.exe'(2232)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2010-05-05 17:04:42 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-05 16:04
ComboFix2.txt 2010-05-04 16:47

Pre-Run: 210,953,097,216 bytes free
Post-Run: 210,915,344,384 bytes free

- - End Of File - - 59163D4BE4C0DD171CBA33804B3C6427


ESET report

C:\i386\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000750.ocx probably a variant of Win32/Adware.Agent application cleaned by deleting - quarantined
C:\WINDOWS\Motive\btbb\UninstallHelper.exe probably a variant of Win32/Adware.Agent application cleaned by deleting - quarantined


#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:57 PM

Posted 05 May 2010 - 06:14 PM

QUOTE
a lot of old icons appeared on the desktop for programs that were deleted a long long time ago; are these icons safe to delete?


I have no idea why they have turned up, I would think it's fine to delete them. Your logs are looking fine to me now.

Uninstall ComboFix
  • Click START then RUN
  • Now type Combofix /uninstall in the run box and click OK. Note the space between the X and the /, it needs to be there.



Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Congratulations! You now appear clean! thumbup.gif

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Keeping Windows updated
It is extremely important to keep windows up to date with the latest service pack and patches. This will prevent you
from getting the malware which uses vulnerabilities found in windows to exploit your computer. The easiest way to
do this this is by making sure that Automatic Updates are always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not
update your antivirus software then it will not be able to catch any of the new variants that may come out. If you
use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your
subscription runs out, you may not be able to update the programs virus definitions.

Make sure all programs are updated
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly
patched to fix vulnerabilities. You can check these by visiting Calendar of Updates or you can install Secunia PSI.

Install a Firewall
I can not stress how important it is that you use a third party Firewall on your computer. Without a firewall your computer
is susceptible to being hacked and taken over. Windows firewall is good for blocking inbound connections but it does
not block outbound connections. So if Malware manages to get onto your computer it will be able to send data out when
it wants. Here are some free firewalls, you only need to install one of these.

Zone Alarm
Outpost
PC Tools

After you install the third party firewall disable your Windows firewall. Go to My Computer >> Control Panel >> Windows Firewall
and choose Off (not recommended) option. Then click Apply and Ok.

Install an AntiSpyware Program
It is recommended that you have an Anti Spyware program installed alongside your Ani Virus, to add an extra layer of
protection. You should update and scan with it as you would with your Anti Virus, Most Anti Spyware programs don't
have active protection, unless you have a paid version, so in that case you can have more than one installed for
scanning purposes but you also don't want to bloat your computer with these programs, so I would recommend having
no more than two installed.

SuperAntiSpyware
Spybot - Search & Destroy
Ad-aware

Install Sanboxie
Sandboxie is a great program to help protect you against malware, working inside Sandboxie will basically mean that,
what you are doing will not make a permenant changes to your system, unless you allow it too. So you can be surfing
the web inside Sandboxie then if you happen to stumble upon a bad site and get infected, you can simply delete the
Sanbox and all is gone. Having said that, it can not be considered 100% secure as no program can be, but it can be
a great help and is an excellent program. You can find a download link and more information about the program here.

Secure your browsing
Firefox is generally considered to be a lot safer that Internet Explorer, I would recommend that you install Firefox and
install some addons that will make the browser even safer. You can download the latest version of Firefox here, if
you already have firefox these are some good addons.

Recommended addons
NoScript
Adblock Plus
WOT

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs. You can find a tutorial and download link here.

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions here.


Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing smile.gif
Syler


unite.jpg


#11 Richardflea

Richardflea
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Markinch, Fife, UK
  • Local time:12:57 PM

Posted 06 May 2010 - 07:43 AM

Hey! Thanks for all your help.

Everything is working well and I'm so glad!

Thanks again for your help!

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:57 PM

Posted 06 May 2010 - 07:56 AM

You're very welcome smile.gif

unite.jpg


#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:57 PM

Posted 07 May 2010 - 06:54 PM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users