Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan BHO - can't get rid of it using McAfee and MalwareBytes


  • This topic is locked This topic is locked
23 replies to this topic

#1 ragy

ragy

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 18 February 2011 - 02:47 PM

Hi,

I've had an on-going problem with Trojan BHO for a couple of days. Even after full system scans (McAfee and MalwareBytes), and running Malwarebytes in safe mode to delete them, they always come back on re-starting Internet Explorer (version 7).

I've read other entries on the forum that mention running e.g HijackThis, but then I am not clear from the logfile it produces which of the entries to fix, and I don't want to mess up.


First here's the McAfee AccessLogProtection.log that gets written when IE is started.
18/02/2011 16:52:12 Blocked by Access Protection rule GARY-62E2F3DD7D\Gary C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Local Settings\Temp\msfat32 Common Standard Protection:Prevent common programs from running files from the Temp folder Action blocked : Execute



Then here is the mbam logfile:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5799

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

18/02/2011 18:42:21
mbam-log-2011-02-18 (18-42-21).txt

Scan type: Quick scan
Objects scanned: 220809
Time elapsed: 8 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2ED2390A-E6F6-F895-FE75-013E2D97184A} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ED2390A-E6F6-F895-FE75-013E2D97184A} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




And then thirdly here is the HijackThis logfile:


Logfile of HijackThis v1.99.1
Scan saved at 18:52:14, on 18/02/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17095)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,C:\Program Files\SgKpSSOBtí°´Ëidyulfya.exe\idyulfya.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [raidhost.exe] raidhost.exe
O4 - HKLM\..\Run: [btbb_UninstallTracking] C:\DOCUME~1\GARY~1.GAR\LOCALS~1\Temp\IHU9E.tmp.exe /uninstalltrackingvendor=btbb
O4 - HKLM\..\Run: [Dell QuickSet] C:\program files\dell\quickset\quickset.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy 1.6.2\TeaTimer.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: text/html - {f504ad27-473d-4233-addc-d7626797c24e} - C:\DOCUME~1\GARY~1.GAR\LOCALS~1\Temp\msfat32.
O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: EFS - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apache2.2 - Unknown owner - C:\xampplite\apache\bin\httpd.exe" -k runservice (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate1ca40d9c7581580) (gupdate1ca40d9c7581580) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: MySQL - Unknown owner - c:\xampp\mysql\bin\mysqld.exe" --defaults-file="c:\xampp\mysql\bin\my.ini" MySQL (file missing)
O23 - Service: MySQL50 - Unknown owner - C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\MySQL\MySQL Server 5.0\my.ini" MySQL50 (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Seagate Sync Service - Unknown owner - C:\Program Files\Seagate\Sync\SeaSyncServices.exe (file missing)
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


Please note, re: entry
F2 - REG:system.ini: UserInit=userinit.exe,C:\Program Files\SgKpSSOBtí°´Ëidyulfya.exe\idyulfya.exe, I earlier today deleted the C:\Program Files\SgKpSSOBtí°´Ëidyulfya.exe\idyulfya.exe. But I'm guessing this registry entry needs sorting too?

Also the entry
O18 - Filter: text/html - {f504ad27-473d-4233-addc-d7626797c24e} - C:\DOCUME~1\GARY~1.GAR\LOCALS~1\Temp\msfat32
seems to refer to the McAfee AccessProtection.Log file entry which is thrown when the trojan becomes active on starting IE, but again I don't know if delete / fix this entry?



Advice needed on these / sorting the Trojan BHO. Thanks.

Edited by hamluis, 18 February 2011 - 02:57 PM.
Moved from XP forum to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:53 PM

Posted 18 February 2011 - 03:41 PM

Good evening. :)

Take a trip to this webpage for download links and instructions for running Combofix by sUBs.*

  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply.
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

So long, and thanks for all the fish.

 

 


#3 ragy

ragy
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 18 February 2011 - 08:33 PM

Hi Novociate, thanks for the advice re:Combofix, I've followed the instructions and the report is below.
Also I've just run IE and it didn't produce the error detection in McAfee as before - which is good. Maybe I'm clear, I'm not sure; but it would be good to hear your advice from the ComboFix lo... Gary



ComboFix 11-02-15.04 - Gary 19/02/2011 1:04.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3062.2513 [GMT 0:00]
Running from: c:\documents and settings\Gary.GARY-62E2F3DD7D\My Documents\My PC\PC maintenance and admin programmes\take care\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Gary.GARY-62E2F3DD7D\AdvBHO.dll
c:\documents and settings\Gary.GARY-62E2F3DD7D\Application Data\desktop.ini
c:\documents and settings\Gary.GARY-62E2F3DD7D\Application Data\xssend2
c:\program files\Internet Explorer\complete.dat
c:\program files\Internet Explorer\dmlconf.dat
c:\program files\Shared
c:\windows\system32\ccrpTmr6.dll

.
((((((((((((((((((((((((( Files Created from 2011-01-19 to 2011-02-19 )))))))))))))))))))))))))))))))
.

2011-02-18 17:28 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-02-18 13:09 . 2011-02-18 14:28 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\bDhFaPi17600
2011-02-12 12:28 . 2011-02-12 12:28 -------- d-----w- c:\program files\Common Files\Skype
2011-01-31 14:17 . 2011-02-19 00:35 -------- d-----w- c:\documents and settings\Gary.GARY-62E2F3DD7D\Application Data\Dropbox
2011-01-28 11:56 . 2011-01-28 11:56 -------- d-----w- c:\program files\IrfanView
2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-16 12:20 . 2004-08-04 10:00 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys
2011-01-21 14:44 . 2004-08-04 10:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 10:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-04 10:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:08 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:08 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08 . 2004-08-04 10:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08 . 2004-08-04 10:00 17408 ------w- c:\windows\system32\corpol.dll
2010-12-20 18:09 . 2010-09-14 12:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2010-09-14 12:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2004-08-04 10:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 10:00 389120 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-04 10:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2005-03-30 01:21 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2005-03-30 01:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Gary.GARY-62E2F3DD7D\Application Data\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Gary.GARY-62E2F3DD7D\Application Data\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Gary.GARY-62E2F3DD7D\Application Data\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Gary.GARY-62E2F3DD7D\Application Data\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2009-05-22 16:21 139264 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2009-05-22 16:21 139264 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2009-05-22 16:21 139264 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2009-05-22 16:21 139264 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy 1.6.2\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-03 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-29 198160]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 19968]
"Dell QuickSet"="c:\program files\dell\quickset\quickset.exe" [2006-06-29 1032192]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-05-22 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Gary.GARY-62E2F3DD7D\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Gary.GARY-62E2F3DD7D\Application Data\Dropbox\bin\Dropbox.exe [2011-2-18 23355096]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-22 113664]
Monitor Apache Servers.lnk - c:\program files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2009-9-28 41051]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2009-5-17 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2008-06-18 12:47 24692 ----a-w- c:\windows\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-12-13 16:44 98304 ----a-w- c:\windows\system32\igfxtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Apache Software Foundation\\Apache2.2\\bin\\httpd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Virtual PC\\Virtual PC.exe"=
"c:\\xampplite\\apache\\bin\\httpd.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=
"c:\\Program Files\\JetBrains\\IntelliJ IDEA 7.0.5\\bin\\idea.exe"=
"c:\\Program Files\\Java\\jdk1.5.0_22\\bin\\java.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Documents and Settings\\Gary.GARY-62E2F3DD7D\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server
"4100:UDP"= 4100:UDP:uPNP Router Control Port
"1284:TCP"= 1284:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [04/08/2004 10:00 14336]
R2 Apache2.2;Apache2.2;c:\xampplite\apache\bin\httpd.exe [02/02/2010 12:41 29416]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [18/06/2008 12:46 47504]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [01/05/2009 13:35 181544]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [18/06/2008 12:46 121136]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [18/06/2008 12:46 673872]
R3 BTHprint;Microsoft Bluetooth Printer Class;c:\windows\system32\drivers\bthprint.sys [14/09/2008 10:20 36480]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [18/06/2008 12:46 2235760]
S2 gupdate1ca40d9c7581580;Google Update Service (gupdate1ca40d9c7581580);c:\program files\Google\Update\GoogleUpdate.exe [29/09/2009 07:52 133104]
S2 MySQL50;MySQL50;c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe [18/01/2008 16:57 5750784]
S2 Seagate Sync Service;Seagate Sync Service;"c:\program files\Seagate\Sync\SeaSyncServices.exe" --> c:\program files\Seagate\Sync\SeaSyncServices.exe [?]
S3 6df38736-7f58-4785-bdae-c76ecbb8a713;6df38736-7f58-4785-bdae-c76ecbb8a713;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [10/03/2010 07:18 24216]
S3 Tomcat5;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe [01/07/2010 15:19 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-05-24 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe [2010-05-24 08:06]

2011-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-29 07:52]

2011-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-29 07:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uInternet Settings,ProxyServer = 127.0.0.1:8080
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
Trusted Zone: motive.com\pbttbc.bt
FF - ProfilePath - c:\documents and settings\Gary.GARY-62E2F3DD7D\Application Data\Mozilla\Firefox\Profiles\2apk8zzc.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: RankChecker: rankchecker@seobook.com - %profile%\extensions\rankchecker@seobook.com
FF - Ext: SEO For Firefox: seo4firefox@seobook.com - %profile%\extensions\seo4firefox@seobook.com
FF - Ext: Seo Toolbar: seotoolbar@seobook.com - %profile%\extensions\seotoolbar@seobook.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord\firefox\ext
FF - Ext: Identity Cloaker extension: identity-cloaker@identitycloaker.com - c:\identity cloaker\Firefox Extension
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
HKLM-Run-raidhost.exe - raidhost.exe
HKU-Default-Run-Network Packet Monitor - c:\windows\system32\packet.exe
Notify-EFS - (no file)
SafeBoot-klmdb.sys
AddRemove-HijackThis - c:\documents and settings\Gary.GARY-62E2F3DD7D\Desktop\PC maintenance and admin programmes\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-19 01:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-02-19 01:16:39
ComboFix-quarantined-files.txt 2011-02-19 01:16

Pre-Run: 4,599,926,784 bytes free
Post-Run: 5,465,976,832 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 102B7AF93E5C42C9834FFAC6219AE2D0

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:53 PM

Posted 19 February 2011 - 03:23 PM

Good evening. :)

I'd like you to run the PC for a day or two, throwing in at least one reboot, and then work through the following:

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button, read the info in the new window, check the appropriate box and click Start.
  • Accept the ActiveX download, and allow it to install.
  • Once this has been completed, you will see the Computer Scan settings page - ensure that you UNCHECK the "Remove found threats" box and then click Start.
  • The virus signature database will now need to be downloaded, so don't forget to instruct your firewall to permit it if it asks.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Follow steps 6, 7 and 8 here and post accordingly into this thread.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Let me know how the PC is behaving.

So long, and thanks for all the fish.

 

 


#5 ragy

ragy
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 21 February 2011 - 01:56 PM

I have just tried downloading ESET Online Scanner in IE, but my McAfee blocks the install with:

21/02/2011 18:51:10 Blocked by Access Protection rule GARY-62E2F3DD7D\Gary C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Local Settings\Temp\ICD1.tmp\ESETSmartInstaller.exe Common Standard Protection:Prevent common programs from running files from the Temp folder Action blocked : Execute

I am trying Firefox instead.

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:53 PM

Posted 21 February 2011 - 03:44 PM

Okey Dokey, let me know how you get on.

So long, and thanks for all the fish.

 

 


#7 ragy

ragy
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 21 February 2011 - 06:33 PM

ESET Online Scanner: No theats found. Scanned File. 267975. Infected Fles 0. Cleaned File 0. Total scan time 02:47:03.

Just to add, PC seems to be working ok. Only difference on start up is before Windows kicks in, it temporarily flashes up screen (black background, white text) with I think "Please select operating system to start" with options "Windows Recovery Mode" and "Windows XP", but it quickly / automatically goes into XP start up.

Otherwise all normal.

I will get with "Follow steps 6, 7 and 8 here and post accordingly into this thread." tomorrow / Tuesday.

#8 ragy

ragy
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 22 February 2011 - 07:53 AM

Hi,

I've followed the rest of the instructions. And have attached the log files for DDS, Attach and Ark (GMER)

In summary:

1)Defogger, did not find anything. It just ran and returned to the popup window. I have not as yet re-enabled CD Emulation. Please let me know when I can (I presume I just re-run DeFogger?).

2) DDS ran ok, log files attached.

3) ran GMER, just to say I got a Blue Screen of Death during the scan. On restart I noticed that I had no internet connection. I think the modem 'went'. I had to restart the modem. I can add that I have to restart modem and/or usually just the router generally everyday (rented accomodation, rented tv/internet equipment).

On restart of modem, all okay and I ran GMER ok - log file attached.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Gary at 11:57:48.93 on 22/02/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3062.2216 [GMT 0:00]

AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\xampplite\apache\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\xampplite\apache\bin\httpd.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\Logi_MwX.Exe
C:\program files\dell\quickset\quickset.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy 1.6.2\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uInternet Settings,ProxyServer = 127.0.0.1:8080
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No File
BHO: {2ED2390A-E6F6-F895-FE75-013E2D97184A} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - No File
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy 1.6.2\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\gary~1.gar\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\gary.gary-62e2f3dd7d\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\monito~1.lnk - c:\program files\apache software foundation\apache2.2\bin\ApacheMonitor.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
Trusted Zone: motive.com\pbttbc.bt
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://extranet.informa.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://extranet.informa.com/dana-cached/sc/JuniperSetupClient.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ckpNotify - ckpNotify.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gary~1.gar\applic~1\mozilla\firefox\profiles\2apk8zzc.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: RankChecker: rankchecker@seobook.com - %profile%\extensions\rankchecker@seobook.com
FF - Ext: SEO For Firefox: seo4firefox@seobook.com - %profile%\extensions\seo4firefox@seobook.com
FF - Ext: Seo Toolbar: seotoolbar@seobook.com - %profile%\extensions\seotoolbar@seobook.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord\firefox\ext
FF - Ext: Identity Cloaker extension: identity-cloaker@identitycloaker.com - c:\identity cloaker\Firefox Extension

============= SERVICES / DRIVERS ===============

R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-5-22 31816]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 Apache2.2;Apache2.2;c:\xampplite\apache\bin\httpd.exe [2010-2-2 29416]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2008-6-18 47504]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2010-9-15 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-5-22 144704]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-5-22 54608]
R2 MySQL50;MySQL50;c:\program files\mysql\mysql server 5.0\bin\mysqld-nt.exe [2008-1-18 5750784]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2008-6-18 121136]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2008-6-18 673872]
R3 BTHprint;Microsoft Bluetooth Printer Class;c:\windows\system32\drivers\bthprint.sys [2008-9-14 36480]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2008-6-18 2235760]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2010-9-15 72936]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2010-9-15 33960]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2010-9-15 174952]
S2 gupdate1ca40d9c7581580;Google Update Service (gupdate1ca40d9c7581580);c:\program files\google\update\GoogleUpdate.exe [2009-9-29 133104]
S2 Seagate Sync Service;Seagate Sync Service;"c:\program files\seagate\sync\seasyncservices.exe" --> c:\program files\seagate\sync\SeaSyncServices.exe [?]
S3 6df38736-7f58-4785-bdae-c76ecbb8a713;6df38736-7f58-4785-bdae-c76ecbb8a713;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-3-10 24216]
S3 Tomcat5;Apache Tomcat;c:\program files\apache software foundation\tomcat 5.5\bin\tomcat5.exe [2010-7-1 61440]

=============== Created Last 30 ================

2011-02-21 18:54:11 -------- d-----w- c:\program files\ESET
2011-02-19 00:49:43 -------- d-sha-r- C:\cmdcons
2011-02-19 00:44:51 98816 ----a-w- c:\windows\sed.exe
2011-02-19 00:44:51 89088 ----a-w- c:\windows\MBR.exe
2011-02-19 00:44:51 256512 ----a-w- c:\windows\PEV.exe
2011-02-19 00:44:51 161792 ----a-w- c:\windows\SWREG.exe
2011-02-18 17:28:49 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-02-18 13:09:18 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\bDhFaPi17600
2011-01-31 14:17:53 -------- d-----w- c:\docume~1\gary~1.gar\applic~1\Dropbox
2011-01-28 11:56:08 -------- d-----w- c:\program files\IrfanView

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:08:45 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:08:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08:45 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08:45 17408 ------w- c:\windows\system32\corpol.dll
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:25 389120 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 11:59:33.70 ===============

Attached Files


Edited by Noviciate, 22 February 2011 - 02:31 PM.
Added DDS.


#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:53 PM

Posted 22 February 2011 - 02:58 PM

Good evening. :)

Just to add, PC seems to be working ok. Only difference on start up is before Windows kicks in, it temporarily flashes up screen (black background, white text) with I think "Please select operating system to start" with options "Windows Recovery Mode" and "Windows XP", but it quickly / automatically goes into XP start up.

That's the only visual sign of the Recovery Console that ComboFix installed. As long as all is well, ignore the five second delay that now exists before your PC boots. Should Windows throw a wobbler, those five seconds should allow you to select the console and perhaps avoid a nasty reformat and reinstall.

ran GMER, just to say I got a Blue Screen of Death during the scan.

It's not unknown for blue screens with GMER, although i don't know what exactly causes them.

Please let me know when I can (I presume I just re-run DeFogger?).

After the scan at the end of this post, just run Defogger and let it sort things out.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

As you have HJT installed, we'll use that to tidy up.

Run HijackThis as you did to generate a log, but this time click on 'Scan'.
Place a checkmark in the boxes to the left of the following entries, by clicking on them:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,C:\Program Files\SgKpSSOBtí°´Ëidyulfya.exe\idyulfya.exe,

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)


CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

O18 - Filter: text/html - {f504ad27-473d-4233-addc-d7626797c24e} - C:\DOCUME~1\GARY~1.GAR\LOCALS~1\Temp\msfat32
seems to refer to the McAfee AccessProtection.Log file entry which is thrown when the trojan becomes active on starting IE, but again I don't know if delete / fix this entry?

I'm not familiar enough with McAfee to say, so i'm inclined to leave this alone.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your copy of Adobe Reader is out of date. You can get the latest version here, feel free to uncheck the McAfee download first, or you can update from within the program itself: Help > Check for Updates...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your version of Sun Java needs updating:

1) Go here and click on the Windows XP/Vista/2000/2003/2008 Offline link in the Windows section near the top and save it to your Desktop.

2) Download JavaRa from here and save it to your Desktop.
You will need to extract the file(s):

Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


***Please close any instances of Internet Explorer before continuing!***

  • Double-click JavaRa.exe to begin.
  • Pick your preferred language from the drop-down menu and click Select.
  • Click on Remove Older Versions to remove older version of Java - obvious really, isn't it!
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location, just in case you have any problems with Java afterwards.
3) Run the installer that you downloaded earlier.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The following steps will serve as a spring clean for your PC. Not all of them will be of benefit to your PC as this is a general post, but the overall effect should be positive.

1) Go to Start > Control Panel > Add/Remove Programs and remove any programs that you no longer use and then reboot your PC.

2) Download TFC by OldTimer from here and save it to your Desktop.
  • You will need to close all open programs and save any work as TFC will require a reboot.
  • Double-click TFC.exe to run it. (Note: If you are using Vista, right-click the file and select Run As Administrator from the menu that appears).
  • Click the Start button to begin. Depending on how often you clean temp files, execution time could be anywhere from a few seconds to a minute or two - just sit back and enjoy the view.
  • Once it has finished it should reboot your PC all by itself. If it does not, please manually reboot.
  • Once rebooted your PC will run like a Cray supercomputer, or at least have less junk on the hard drive - OT's not a miracle worker you know!
  • Please note that this tool will empty the Recycle Bin as part of it's actions. If you have anything in there that you haven't finished with, move it first.

3) Double click My Computer.
Right click the disc drive you wish to check.
Click Properties.
In the Properties dialog box, click the Tools Tab.
Under Error-checking, click the Check Now button.
In the "Check Disc Local Disk (C:)" dialog box, check both Automatically fix file system errors and Scan for and attempt recovery of bad sectors, and then click Start.

This will look for and attempt to repair any errors that your hard drive has.

4) Defragment your hard drive. A tutorial for disc defragmentation is available here.

I happen to prefer a third-party defrag tool to the one that Windows offers. You can read about it, and find a linky, here - it's free too!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Finally, i'd like one last tool to be run, just to check on something that I saw in a previous log.

Download OTL by OldTimer from here and save it to your Desktop.
  • Close all open program windows and then double click the file to run it.
  • Copy and paste the following into the Custom Scans/Fixes box at the bottom:

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    ndis.sys
    /md5stop
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT


  • Please don't change any of the settings.
  • Click the Quick Scan button and let it do it's thing - it shouldn't take too long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please paste the contents of these two files into your next reply, checking that all the data makes it into your post - large files may get cut off.

So long, and thanks for all the fish.

 

 


#10 ragy

ragy
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 22 February 2011 - 03:27 PM

I ran HijackThis:

is there a reason for not ticking these wo entries?
O2 - BHO: (no name) - {2ED2390A-E6F6-F895-FE75-013E2D97184A} - (no file)
O2 - BHO: (no name) - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - (no file)

which cross reference with MBAM Registry Keys Infected report at beginning of this process?

#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:53 PM

Posted 22 February 2011 - 04:44 PM

I didn't see them in the HJT log that you included in your first post, so I didn't include them in the list. If you can see them, fix them.

So long, and thanks for all the fish.

 

 


#12 ragy

ragy
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 22 February 2011 - 08:38 PM

Hi I can't seem to run the Error Check on the C:\ drive, as soon as I click start it says "The disk check utility needs exclusive access to some Windows files on the disk. These can be accessed only by re-starting Windows" - but after restart I get the same problem. Any ideas?

#13 ragy

ragy
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 23 February 2011 - 08:17 AM

Here are OTL logs....

OTL logfile created on: 23/02/2011 01:51:29 - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.80 Gb Total Space | 4.67 Gb Free Space | 8.37% Space Free | Partition Type: NTFS

Computer Name: GARY-62E2F3DD7D | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/23 01:50:45 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\OTL.exe
PRC - [2011/02/18 08:36:26 | 023,355,096 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2010/08/27 06:56:40 | 000,660,848 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2010/07/16 16:32:34 | 000,619,800 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/12/20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampplite\apache\bin\httpd.exe
PRC - [2009/09/29 07:55:29 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/05/01 13:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/05/01 13:35:10 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 1.6.2\TeaTimer.exe
PRC - [2008/06/18 12:46:54 | 002,691,185 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
PRC - [2008/06/18 12:46:52 | 000,036,982 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
PRC - [2008/06/18 12:46:50 | 000,106,613 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
PRC - [2008/05/22 19:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2008/05/22 19:50:00 | 000,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2008/05/22 19:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/18 16:57:54 | 005,750,784 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
PRC - [2007/10/25 14:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2007/10/25 09:05:40 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2007/10/25 09:04:56 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2007/10/25 09:03:28 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2007/06/25 21:20:47 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/06/29 12:13:32 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/24 16:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/19 14:52:32 | 000,114,688 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2005/10/19 14:31:52 | 000,749,568 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2005/10/07 13:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/07/27 15:41:08 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/06/28 22:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2003/03/04 01:50:00 | 000,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\LOGI_MWX.EXE


========== Modules (SafeList) ==========

MOD - [2011/02/23 01:50:45 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/09/29 07:56:25 | 000,102,400 | ---- | M] (RealPlayer) -- c:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2009/08/13 13:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2006/06/29 12:13:50 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2005/12/13 16:39:58 | 000,073,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hccutils.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Seagate Sync Service)
SRV - File not found [Auto | Stopped] -- -- (MySQL)
SRV - File not found [Auto | Stopped] -- -- (CTDevice_Srv)
SRV - File not found [Auto | Stopped] -- -- (Creative Service for CDROM Access)
SRV - [2011/01/06 11:52:23 | 003,129,432 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_dbc0250.dll -- (Akamai)
SRV - [2010/08/27 06:56:40 | 000,660,848 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2010/07/01 15:19:44 | 000,061,440 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe -- (Tomcat5)
SRV - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/12/20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampplite\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009/05/01 13:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/06/18 12:46:52 | 000,036,982 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe -- (SR_Watchdog)
SRV - [2008/06/18 12:46:50 | 000,106,613 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe -- (SR_Service)
SRV - [2008/05/22 19:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2008/05/22 19:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2008/01/18 16:57:54 | 005,750,784 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL50)
SRV - [2007/10/25 09:03:28 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/10/19 14:31:52 | 000,749,568 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2005/08/30 17:36:00 | 000,188,416 | ---- | M] (Cambridge Silicon Radio) [Disabled | Stopped] -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe -- (Bluetooth Hid Switch Service)


========== Driver Services (SafeList) ==========

DRV - [2010/03/10 07:18:20 | 000,024,216 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2009/12/09 13:10:40 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009/12/07 11:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/07 11:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/15 22:55:45 | 000,229,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2008/09/25 23:38:00 | 000,069,408 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2008/06/18 12:46:58 | 000,047,504 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\omdrv.sys -- (CP_OMDRV)
DRV - [2008/06/18 12:46:56 | 002,235,760 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fw.sys -- (FW1)
DRV - [2008/06/18 12:46:54 | 000,121,136 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vnasc.sys -- (VNASC)
DRV - [2008/06/18 12:46:52 | 000,673,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\vpn.sys -- (VPN-1)
DRV - [2008/05/22 19:50:00 | 000,174,952 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2008/05/22 19:50:00 | 000,072,936 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2008/05/22 19:50:00 | 000,064,232 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2008/05/22 19:50:00 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008/05/22 19:50:00 | 000,033,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/05/22 19:50:00 | 000,031,816 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2008/04/13 18:46:31 | 000,036,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bthprint.sys -- (BTHprint)
DRV - [2008/04/13 17:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/05 00:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2006/03/24 16:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/02/09 20:31:00 | 000,039,936 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/02/03 17:45:23 | 000,055,168 | ---- | M] (Macrovision Europe Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sdcplh.sys -- (sdcplh)
DRV - [2006/01/20 16:08:00 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/01/11 16:29:42 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/12/01 00:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 00:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 00:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/11/22 08:47:00 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/11/02 12:24:42 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/10/26 09:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/10/03 11:57:00 | 000,086,867 | R--- | M] (CSR) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCOREUSB.sys -- (BCOREUSB)
DRV - [2005/09/28 19:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/09/15 17:06:08 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/01 15:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 17:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/05/13 16:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2005/04/06 08:54:44 | 000,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/01/06 12:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2003/03/04 01:50:00 | 000,073,134 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lmouflt2.sys -- (LMouFlt2)
DRV - [2003/03/04 01:50:00 | 000,037,804 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb)
DRV - [2003/03/04 01:50:00 | 000,025,214 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2003/03/04 01:50:00 | 000,014,348 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LCCFLTR.SYS -- (LCcfltr)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/04/09 12:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/12 21:40:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/22 22:09:39 | 000,000,000 | ---D | M]

[2010/12/10 12:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Mozilla\Extensions
[2010/12/10 12:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2011/02/22 21:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Mozilla\Firefox\Profiles\2apk8zzc.default\extensions
[2010/05/21 11:49:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Mozilla\Firefox\Profiles\2apk8zzc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/28 19:13:28 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Mozilla\Firefox\Profiles\2apk8zzc.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2009/07/02 06:21:56 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Mozilla\Firefox\Profiles\2apk8zzc.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/12/06 17:34:38 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Mozilla\Firefox\Profiles\2apk8zzc.default\extensions\firebug@software.joehewitt.com
[2010/08/28 19:13:29 | 000,000,000 | ---D | M] ("RankChecker") -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Mozilla\Firefox\Profiles\2apk8zzc.default\extensions\rankchecker@seobook.com
[2010/08/28 11:51:44 | 000,000,000 | ---D | M] ("SEO For Firefox") -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Mozilla\Firefox\Profiles\2apk8zzc.default\extensions\seo4firefox@seobook.com
[2010/08/28 19:13:30 | 000,000,000 | ---D | M] ("Seo Toolbar") -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Mozilla\Firefox\Profiles\2apk8zzc.default\extensions\seotoolbar@seobook.com
[2011/02/22 22:12:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/26 17:40:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
[2011/02/22 22:09:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/22 22:09:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/11/13 11:07:55 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/11/13 11:07:55 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/11/13 11:07:55 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/11/13 11:07:55 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/02/22 15:47:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy 1.6.2\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O4 - Startup: C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (ckpginashim.dll) - C:\WINDOWS\System32\ckpginashim.dll (Check Point Software Technologies)
O20 - Winlogon\Notify\ckpNotify: DllName - ckpNotify.dll - C:\WINDOWS\System32\ckpNotify.dll (Check Point Software Technologies)
O20 - Winlogon\Notify\EFS: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: igfxtray - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - Reg Error: Value error.
SafeBootMin: MCODS -
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Reg Error: Value error.
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Reg Error: Value error.
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - Reg Error: Value error.
SafeBootNet: MCODS -
SafeBootNet: MpfService - Reg Error: Value error.
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/02/23 01:50:35 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\OTL.exe
[2011/02/23 01:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Auslogics
[2011/02/23 01:46:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Auslogics
[2011/02/23 01:46:02 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2011/02/22 22:12:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2011/02/22 20:34:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/02/22 20:29:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/02/21 18:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/02/19 00:49:43 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/19 00:44:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/19 00:44:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/19 00:44:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/19 00:44:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/19 00:44:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/02/19 00:43:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/18 17:28:49 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/02/18 13:09:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\bDhFaPi17600
[2011/02/12 12:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/01/31 14:29:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\My Documents\Dropbox
[2011/01/31 14:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Start Menu\Programs\Dropbox
[2011/01/31 14:17:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Dropbox
[2011/01/28 11:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2011/01/28 11:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\ICOFormat-1.6f9-win
[2011/01/27 10:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\gsitemap-04-java

========== Files - Modified Within 30 Days ==========

[2011/02/23 01:50:45 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\OTL.exe
[2011/02/23 01:32:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/23 01:31:02 | 000,000,330 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2011/02/23 01:29:55 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/23 01:29:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/23 01:25:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/22 20:43:12 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Reader X.lnk
[2011/02/22 15:47:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/22 11:48:58 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\defogger_reenable
[2011/02/21 18:22:32 | 000,001,764 | -H-- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\My Documents\Default.rdp
[2011/02/21 18:07:31 | 000,017,136 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\Email_template_bat.html
[2011/02/21 17:03:50 | 000,019,835 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\Irene_Mermegides.jpg
[2011/02/19 00:49:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/02/18 14:44:57 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/02/18 10:39:45 | 000,001,069 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Start Menu\Programs\Startup\Dropbox.lnk
[2011/02/18 10:39:45 | 000,001,069 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\Dropbox.lnk
[2011/02/16 13:23:38 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/02/15 16:51:22 | 001,733,632 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\Dad and Eva's Excellent Brazil Adventure.doc
[2011/02/14 14:17:48 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Local Settings\Application Data\PUTTY.RND
[2011/02/12 12:27:53 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/02/11 19:38:23 | 002,764,600 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\October%202010%20complete%20Low%20Res.pdf
[2011/02/11 19:14:36 | 000,003,633 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\formValidator.js
[2011/02/10 18:10:08 | 000,229,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/10 10:18:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/09 19:01:36 | 000,009,997 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\email_template_ftl_new.html
[2011/02/09 18:44:47 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\email_template_ftl.html
[2011/02/09 18:38:17 | 000,009,151 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\email_template_ftl_orig.html
[2011/02/09 18:32:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\Email_template_bat_new.html
[2011/02/09 14:57:23 | 000,014,256 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\Email_template_bat_orig.html
[2011/02/09 11:10:29 | 000,120,526 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\Sahra%20and%20Gary%20Feb.docx
[2011/02/08 11:07:24 | 000,017,553 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\googlenews.xml
[2011/02/07 17:09:47 | 000,014,492 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\DFDS-email-attachement.gif
[2011/02/07 17:08:42 | 000,014,492 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\dfds-url-image.gif
[2011/01/30 14:53:32 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Microsoft\Internet Explorer\Quick Launch\IrfanView.lnk
[2011/01/28 11:43:23 | 000,025,715 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\ICOFormat-1.6f9-win.zip
[2011/01/25 13:35:56 | 000,150,382 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\sahra-gibbon.jpg
[2011/01/24 14:13:54 | 000,011,350 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\consortia1.jpg
[2011/01/24 11:23:06 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Local Settings\Application Data\housecall.guid.cache
[2011/01/24 11:13:45 | 004,407,907 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\sahra-gibbon.psd
[2011/01/24 10:23:54 | 000,085,096 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\sahrapic.jpg

========== Files Created - No Company Name ==========

[2011/02/22 20:43:12 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Reader X.lnk
[2011/02/22 20:42:38 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Reader X.lnk
[2011/02/22 11:48:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\defogger_reenable
[2011/02/21 17:33:32 | 000,019,835 | ---- | C] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\Irene_Mermegides.jpg
[2011/02/19 00:49:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/02/19 00:49:47 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/02/19 00:44:51 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/19 00:44:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/19 00:44:51 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/19 00:44:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/19 00:44:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/15 16:51:21 | 001,733,632 | ---- | C] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\Dad and Eva's Excellent Brazil Adventure.doc
[2011/02/11 19:38:04 | 002,764,600 | ---- | C] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\October%202010%20complete%20Low%20Res.pdf
[2011/02/11 19:14:36 | 000,003,633 | ---- | C] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\formValidator.js
[2011/02/09 18:48:49 | 000,009,997 | ---- | C] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\email_template_ftl_new.html
[2011/02/09 18:43:44 | 000,017,136 | ---- | C] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\Email_template_bat.html
[2011/02/09 18:38:17 | 000,009,151 | ---- | C] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\email_template_ftl_orig.html
[2011/02/09 18:35:03 | 000,010,474 | ---- | C] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\email_template_ftl.html
[2011/02/09 18:32:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\Email_template_bat_new.html
[2011/02/09 14:57:22 | 000,014,256 | ---- | C] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\Email_template_bat_orig.html
[2011/02/09 11:10:28 | 000,120,526 | ---- | C] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\Sahra%20and%20Gary%20Feb.docx
[2011/02/08 11:07:24 | 000,017,553 | ---- | C] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\googlenews.xml
[2011/02/07 17:09:47 | 000,014,492 | ---- | C] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\DFDS-email-attachement.gif
[2011/02/07 17:09:00 | 000,014,492 | ---- | C] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\dfds-url-image.gif
[2011/01/31 14:29:34 | 000,001,069 | ---- | C] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\Dropbox.lnk
[2011/01/31 14:18:24 | 000,001,069 | ---- | C] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Start Menu\Programs\Startup\Dropbox.lnk
[2011/01/30 14:53:32 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Microsoft\Internet Explorer\Quick Launch\IrfanView.lnk
[2011/01/28 11:43:22 | 000,025,715 | ---- | C] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\ICOFormat-1.6f9-win.zip
[2011/01/24 14:13:54 | 000,011,350 | ---- | C] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\consortia1.jpg
[2011/01/24 11:23:06 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Local Settings\Application Data\housecall.guid.cache
[2011/01/24 11:13:45 | 004,407,907 | ---- | C] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\sahra-gibbon.psd
[2011/01/24 11:13:29 | 000,150,382 | ---- | C] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\sahra-gibbon.jpg
[2011/01/24 10:23:52 | 000,085,096 | ---- | C] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop\sahrapic.jpg
[2010/08/27 18:46:42 | 000,087,415 | ---- | C] () -- C:\WINDOWS\php-for-xampp.ini
[2010/08/23 22:31:07 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2010/07/28 12:43:15 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\bdfvconp.ini
[2010/05/24 21:14:22 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/05/24 16:35:50 | 000,000,206 | ---- | C] () -- C:\WINDOWS\hbcikrnl.ini
[2010/05/24 15:21:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2010/02/11 14:43:34 | 000,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/02/02 13:31:14 | 000,087,415 | ---- | C] () -- C:\WINDOWS\php-working.ini
[2010/02/02 11:11:33 | 000,087,415 | ---- | C] () -- C:\WINDOWS\php-for-joomla-20100202.ini
[2010/02/01 11:03:46 | 000,050,552 | ---- | C] () -- C:\WINDOWS\php-for-zend-20100201.ini
[2009/11/28 14:18:31 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/11/28 13:53:34 | 000,000,084 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2009/11/13 17:03:05 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Local Settings\Application Data\PUTTY.RND
[2009/09/24 17:47:52 | 000,017,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\CCDECODE.sys
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/17 07:50:40 | 000,013,024 | ---- | C] () -- C:\WINDOWS\tabinst.dll
[2009/05/17 07:50:40 | 000,004,032 | ---- | C] () -- C:\WINDOWS\tabins16.dll
[2009/04/18 15:22:55 | 000,000,023 | ---- | C] () -- C:\WINDOWS\SWFDecompiler.INI
[2008/12/24 10:56:00 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008/11/22 21:42:57 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/10/17 15:16:38 | 000,050,349 | ---- | C] () -- C:\WINDOWS\php.ini.ZendOptimizer-3.2.6_bak
[2008/06/18 12:47:02 | 000,004,133 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2008/06/18 12:46:50 | 000,106,588 | ---- | C] () -- C:\WINDOWS\System32\fwnetcfg.dll
[2008/01/30 22:34:15 | 000,050,643 | ---- | C] () -- C:\WINDOWS\php-for-wordpress-20100201.ini
[2008/01/28 21:51:12 | 001,623,202 | ---- | C] () -- C:\Program Files\sf_sandbox.gz
[2007/07/29 14:38:50 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
[2007/07/07 21:26:37 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/05 08:11:59 | 000,000,308 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2007/06/30 12:16:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/10 15:37:58 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QSLLPSVCShare
[2007/06/10 15:31:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/06/10 15:23:57 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/06/10 15:23:56 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2005/09/01 20:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 20:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/02/21 12:35:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2004/07/20 16:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 13:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/02/18 14:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\bDhFaPi17600
[2010/08/23 22:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BitDefender
[2009/09/25 16:21:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
[2009/04/08 18:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Juniper Networks
[2009/04/15 18:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2009/08/11 20:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Scientific Software
[2009/10/06 18:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Seagate
[2011/01/22 12:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2010/05/22 15:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/08/28 08:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/02 08:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\AMPSoft
[2011/02/23 01:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Auslogics
[2010/08/23 22:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\BitDefender
[2010/05/24 12:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware
[2007/09/13 21:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Ceedo
[2011/02/23 01:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Dropbox
[2009/11/28 14:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Eltima Software
[2008/12/24 11:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\eXPert PDF Editor
[2011/02/21 18:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\FileZilla
[2009/09/18 21:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\GetRightToGo
[2010/11/18 20:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Juniper Networks
[2009/10/06 18:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Leadertech
[2009/11/28 12:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Moyea
[2011/02/10 20:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\MySQL
[2009/05/19 22:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\NoteTab Light
[2010/04/22 12:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Scientific Software
[2010/08/26 01:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Subversion
[2010/08/24 17:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\TeamViewer
[2007/06/18 18:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\TextPad
[2010/05/24 15:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\WinBatch
[2010/05/24 12:53:44 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2011/02/22 21:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
[2010/04/22 11:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
[2007/06/20 20:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
[2009/04/15 18:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVS4YOU
[2011/02/18 14:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\bDhFaPi17600
[2010/08/23 22:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BitDefender
[2009/09/25 16:21:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
[2007/08/01 07:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Creative
[2009/03/08 11:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
[2009/04/08 18:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Juniper Networks
[2010/09/14 12:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/09/15 01:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
[2007/06/25 21:00:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
[2010/07/22 23:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Motive
[2009/04/15 18:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2010/08/18 16:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
[2009/09/29 08:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Real
[2009/08/11 20:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Scientific Software
[2009/10/06 18:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Seagate
[2008/10/20 17:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SiteAdvisor
[2010/12/12 15:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
[2009/11/19 14:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2011/02/22 22:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2011/01/22 12:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2008/12/07 19:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
[2010/05/22 15:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/08/28 08:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/02/04 12:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe
[2011/01/30 20:44:03 | 000,337,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA0000000001}\setup.exe
[2010/05/22 15:00:15 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
[2011/01/21 12:36:07 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

< %APPDATA%\*. >
[2011/02/22 20:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Adobe
[2009/07/02 08:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\AMPSoft
[2010/05/13 00:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Apple Computer
[2011/02/23 01:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Auslogics
[2009/04/15 18:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\AVS4YOU
[2010/08/23 22:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\BitDefender
[2010/05/24 12:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware
[2007/09/13 21:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Ceedo
[2007/07/31 22:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Creative
[2011/02/23 01:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Dropbox
[2009/11/28 14:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Eltima Software
[2008/12/24 11:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\eXPert PDF Editor
[2011/02/21 18:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\FileZilla
[2009/09/18 21:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\GetRightToGo
[2010/12/10 12:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Google
[2008/02/17 18:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Help
[2007/06/10 15:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Identities
[2010/11/18 20:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Juniper Networks
[2009/10/06 18:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Leadertech
[2009/04/18 15:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Macromedia
[2010/09/14 12:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Malwarebytes
[2011/02/22 20:43:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Microsoft
[2008/12/07 12:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Motive
[2009/11/28 12:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Moyea
[2008/12/24 11:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Mozilla
[2011/02/10 20:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\MySQL
[2009/05/19 22:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\NoteTab Light
[2010/08/18 16:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Office Genuine Advantage
[2009/09/29 07:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Real
[2010/04/22 12:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Scientific Software
[2011/02/16 14:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Skype
[2011/02/16 13:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\skypePM
[2007/06/12 20:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\SmartFTP
[2010/08/26 01:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Subversion
[2009/07/03 09:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Sun
[2010/08/24 17:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\TeamViewer
[2007/06/18 18:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\TextPad
[2010/09/01 19:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\TortoiseSVN
[2009/08/31 22:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\U3
[2010/02/09 11:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Vidalia
[2010/05/24 15:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\WinBatch

< %APPDATA%\*.exe /s >
[2010/05/24 13:59:31 | 003,016,336 | ---- | M] (Lenovo Group Limited ) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\2012541bae27a71568b0d102981b2b7a\7jgc08ww.exe
[2010/05/24 16:35:00 | 013,943,152 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\5b4e8af38e601d3c466cacc179f5fe84\driver_cardreader_o2_TC00192500D.exe
[2010/05/24 16:30:42 | 003,187,424 | ---- | M] (Hewlett-Packard Development Company, L.P. ) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\675ef0281f752d11965e19f7e4d9615e\sp40969.exe
[2006/04/20 12:53:40 | 000,253,952 | ---- | M] (O2Micro International L) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\6faddaa14cddb5ac0e91e7fcbd0b98d9\Cardbus_O2_5.1.2600.0_XPx86\Cardbus_O2_5.1.2600.0_XPx86\setup.exe
[1999/01/11 23:00:00 | 000,073,728 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\76ceb1f5913263540be42d71ed46f7e6\via_usb2_v258\USB2\SETUP.EXE
[1998/10/26 23:00:00 | 000,027,648 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\76ceb1f5913263540be42d71ed46f7e6\via_usb2_v258\USB2\_ISDEL.EXE
[2003/09/25 08:59:00 | 000,459,888 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\76ceb1f5913263540be42d71ed46f7e6\via_usb2_v258\USB2\QFE\Q810090_W2K_SP4_X86_AR.EXE
[2003/09/25 08:59:00 | 000,460,400 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\76ceb1f5913263540be42d71ed46f7e6\via_usb2_v258\USB2\QFE\Q810090_W2K_SP4_X86_BR.EXE
[2003/09/25 08:59:00 | 000,458,352 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\76ceb1f5913263540be42d71ed46f7e6\via_usb2_v258\USB2\QFE\Q810090_W2K_SP4_X86_CN.EXE
[2003/09/25 08:59:00 | 000,460,912 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\76ceb1f5913263540be42d71ed46f7e6\via_usb2_v258\USB2\QFE\Q810090_W2K_SP4_X86_CS.EXE
[2003/09/25 08:59:00 | 000,459,888 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\76ceb1f5913263540be42d71ed46f7e6\via_usb2_v258\USB2\QFE\Q810090_W2K_SP4_X86_DA.EXE
[2003/09/25 08:59:00 | 000,460,912 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\76ceb1f5913263540be42d71ed46f7e6\via_usb2_v258\USB2\QFE\Q810090_W2K_SP4_X86_DE.EXE
[2003/09/25 08:59:00 | 000,462,448 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\76ceb1f5913263540be42d71ed46f7e6\via_usb2_v258\USB2\QFE\Q810090_W2K_SP4_X86_EL.EXE
[2003/09/25 08:59:00 | 000,457,840 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\76ceb1f5913263540be42d71ed46f7e6\via_usb2_v258\USB2\QFE\Q810090_W2K_SP4_X86_EN.EXE
[2003/09/25 08:59:00 | 000,460,400 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\76ceb1f5913263540be42d71ed46f7e6\via_usb2_v258\USB2\QFE\Q810090_W2K_SP4_X86_ES.EXE
[2003/09/25 08:59:00 | 000,460,400 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\76ceb1f5913263540be42d71ed46f7e6\via_usb2_v258\USB2\QFE\Q810090_W2K_SP4_X86_FI.EXE
[2003/09/25 08:59:00 | 000,460,912 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\76ceb1f5913263540be42d71ed46f7e6\via_usb2_v258\USB2\QFE\Q810090_W2K_SP4_X86_FR.EXE
[2003/09/25 08:59:00 | 000,459,376 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\76ceb1f5913263540be42d71ed46f7e6\via_usb2_v258\USB2\QFE\Q810090_W2K_SP4_X86_HE.EXE
[2003/09/25 08:59:00 | 000,460,912 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\76ceb1f5913263540be42d71ed46f7e6\via_usb2_v258\USB2\QFE\Q810090_W2K_SP4_X86_HU.EXE
[2003/09/25 08:59:00 | 000,460,912 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\76ceb1f5913263540be42d71ed46f7e6\via_usb2_v258\USB2\QFE\Q810090_W2K_SP4_X86_IT.EXE
[2003/09/25 08:59:00 | 000,459,376 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\76ceb1f5913263540be42d71ed46f7e6\via_usb2_v258\USB2\QFE\Q810090_W2K_SP4_X86_JA.EXE
[2003/09/25 08:59:00 | 000,457,840 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\76ceb1f5913263540be42d71ed46f7e6\via_usb2_v258\USB2\QFE\Q810090_W2K_SP4_X86_KO.EXE
[2003/09/25 08:59:00 | 000,460,912 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\76ceb1f5913263540be42d71ed46f7e6\via_usb2_v258\USB2\QFE\Q810090_W2K_SP4_X86_NL.EXE
[2003/09/25 08:59:00 | 000,459,376 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\76ceb1f5913263540be42d71ed46f7e6\via_usb2_v258\USB2\QFE\Q810090_W2K_SP4_X86_NO.EXE
[2003/09/25 08:59:00 | 000,461,424 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\76ceb1f5913263540be42d71ed46f7e6\via_usb2_v258\USB2\QFE\Q810090_W2K_SP4_X86_PL.EXE
[2003/09/25 08:59:00 | 000,460,912 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\76ceb1f5913263540be42d71ed46f7e6\via_usb2_v258\USB2\QFE\Q810090_W2K_SP4_X86_PT.EXE
[2003/09/25 08:59:00 | 000,460,400 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\76ceb1f5913263540be42d71ed46f7e6\via_usb2_v258\USB2\QFE\Q810090_W2K_SP4_X86_RU.EXE
[2003/09/25 08:59:00 | 000,460,400 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\76ceb1f5913263540be42d71ed46f7e6\via_usb2_v258\USB2\QFE\Q810090_W2K_SP4_X86_SV.EXE
[2003/09/25 08:59:00 | 000,459,888 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\76ceb1f5913263540be42d71ed46f7e6\via_usb2_v258\USB2\QFE\Q810090_W2K_SP4_X86_TR.EXE
[2003/09/25 08:59:00 | 000,457,840 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\76ceb1f5913263540be42d71ed46f7e6\via_usb2_v258\USB2\QFE\Q810090_W2K_SP4_X86_TW.EXE
[2003/05/30 09:42:00 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\76ceb1f5913263540be42d71ed46f7e6\via_usb2_v258\USB2\WIN98&ME\VIACB.EXE
[2010/05/24 16:28:43 | 023,993,760 | ---- | M] (IBM Corporation ) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\7ff3c171c8c633e4affd84881589d277\gfiz11us.exe
[2010/05/24 16:14:36 | 010,830,968 | ---- | M] (Hewlett-Packard Company ) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\814cc9a56537738194b9e64d937bf7c8\sp24809.exe
[2010/05/24 14:04:09 | 000,469,235 | ---- | M] (Hewlett Packard ) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\84021c284b39003970732cd428056f10\sp27449.exe
[2010/05/24 14:12:01 | 002,638,675 | ---- | M] (IBM Corporation ) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\9076a43a7252a5aeec3c83c2044ad2a6\qi3z05us.exe
[2009/08/18 14:40:50 | 000,952,856 | ---- | M] (Intel Corporation) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\99d301d71c4affb96990940928ce17eb\Chipset\01_Chipset\Setup.exe
[2009/08/18 14:40:54 | 000,195,096 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\99d301d71c4affb96990940928ce17eb\Chipset\01_Chipset\ia64\Difx64.exe
[2009/08/18 14:40:56 | 000,106,008 | ---- | M] (Intel Corporation) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\99d301d71c4affb96990940928ce17eb\Chipset\01_Chipset\x64\Difx64.exe
[2010/05/24 13:53:59 | 002,824,728 | ---- | M] (Intel Corporation) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\a8eb6d8660ff14ee87b66b195a17b361\INF_allOS_9[1].1.0.1012_PV.exe
[2010/05/24 16:40:03 | 011,060,216 | ---- | M] (Compaq Computer Corporation ) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\cdcf419b3ab8e2f934ceddbd5efef08c\sp21424.exe
[2010/05/24 15:02:43 | 079,034,232 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\d649fa2c4cceb5a87018e07004b4edbb\driver_blutetooth_TC00201800H.exe
[2009/07/01 18:48:30 | 001,068,544 | ---- | M] (Asustek) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\AsusSetup.exe
[2009/07/01 18:48:30 | 001,068,544 | ---- | M] (Asustek) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\vista\AsusSetup.exe
[2009/07/03 00:52:08 | 000,412,176 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\vista\Setup.exe
[2009/07/01 18:48:30 | 001,068,544 | ---- | M] (Asustek) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\vista\Bin\AsusSetup.exe
[2009/07/03 00:52:10 | 000,297,488 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\vista\Bin\ATISetup.exe
[2008/06/11 08:27:14 | 001,105,920 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\vista\Bin\DownloadManager.exe
[2009/07/02 23:30:36 | 004,468,736 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\vista\Bin\InstallManagerApp.exe
[2009/07/03 00:52:12 | 000,412,176 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\vista\Bin\Setup.exe
[2009/07/01 18:48:30 | 001,068,544 | ---- | M] (Asustek) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\vista\Bin64\AsusSetup.exe
[2009/07/03 00:52:12 | 000,372,240 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\vista\Bin64\ATISetup.exe
[2008/06/11 08:27:18 | 001,633,280 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\vista\Bin64\DownloadManager.exe
[2009/07/02 23:33:28 | 005,204,480 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\vista\Bin64\InstallManagerApp.exe
[2009/07/03 00:52:24 | 000,577,040 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\vista\Bin64\Setup.exe
[2009/07/01 18:48:30 | 001,068,544 | ---- | M] (Asustek) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\XP\AsusSetup.exe
[2009/07/02 23:12:00 | 000,139,264 | ---- | M] (ATI Technologies Inc.) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\XP\AtiCimUn.exe
[2009/07/02 23:12:00 | 000,073,728 | ---- | M] (ATI Technologies Inc.) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\XP\CheckVer.exe
[2009/07/02 23:12:00 | 000,051,712 | ---- | M] (ATI Technologies Inc.) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\XP\DrvUI64A.exe
[2009/07/02 23:12:00 | 000,127,488 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\XP\issetup.exe
[2009/07/02 23:12:00 | 000,065,536 | ---- | M] (ATI Technologies Inc.) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\XP\setup.exe
[2006/07/13 01:34:18 | 000,229,376 | ---- | M] (ATI Technologies Inc. ) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\XP\ATIPCE\setup.exe
[2009/07/02 23:59:46 | 000,308,224 | ---- | M] (ATI Technologies Inc.) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\XP\BIN\atiicdxx.exe
[2009/07/03 00:00:32 | 000,123,392 | ---- | M] (ATI Technologies Inc.) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\XP\BIN\EnumDev.exe
[2009/07/03 00:00:38 | 000,128,512 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\XP\BIN\UpdatPnP.exe
[2003/11/11 06:55:38 | 000,116,880 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\XP\CCC\setup.exe
[2009/07/02 23:12:00 | 000,139,264 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\XP\Driver\Setup.exe
[2005/12/24 04:21:20 | 023,510,720 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\XP\NET32\dotnetfx.exe
[2007/09/14 02:39:58 | 000,131,072 | ---- | M] (ATI Technologies) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\XP\NET32\setupnet.exe
[2006/06/15 22:42:08 | 002,585,872 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\XP\NET32\WindowsInstaller-KB893803-v2-x86.exe
[2006/01/11 23:52:10 | 047,400,128 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\XP\NET64A\NetFx64.exe
[2007/09/14 02:39:58 | 000,131,072 | ---- | M] (ATI Technologies) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\XP\NET64A\setupnet.exe
[2003/11/11 07:55:38 | 000,116,880 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Blitware\DriverRobot\downloads\e380af0ddb78a5a6de9fdd4c3abc79f1\AMD_VGA_V863200_XPVistaWin7\VGA\XP\SBDrv\setup.exe
[2011/02/18 08:36:26 | 023,355,096 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Dropbox\bin\Dropbox.exe
[2011/02/18 08:36:54 | 000,155,424 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Dropbox\bin\Uninstall.exe
[2008/08/28 23:53:58 | 000,238,976 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Juniper Networks\Cache Cleaner 6.2.0\dsCacheCleaner.exe
[2008/08/28 23:54:00 | 000,043,976 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Juniper Networks\Cache Cleaner 6.2.0\uninstall.exe
[2009/12/09 13:31:14 | 000,304,424 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Juniper Networks\Cache Cleaner 6.5.0\dsCacheCleaner.exe
[2009/12/09 13:31:16 | 000,045,096 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Juniper Networks\Cache Cleaner 6.5.0\uninstall.exe
[2010/10/28 03:21:50 | 000,247,928 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Juniper Networks\Host Checker\64bitProxy.exe
[2010/08/27 00:19:36 | 000,029,552 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Juniper Networks\Host Checker\dsCCProc.exe
[2010/08/27 07:19:24 | 000,320,880 | ---- | M] (Juniper Networks") -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Juniper Networks\Host Checker\dsHostChecker.exe
[2010/08/27 07:19:26 | 000,247,152 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Juniper Networks\Host Checker\dsHostCheckerProxy.exe
[2010/08/27 07:19:26 | 000,169,328 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Juniper Networks\Host Checker\InstallHelper.exe
[2010/08/27 07:19:38 | 000,056,128 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Juniper Networks\Host Checker\uninstall.exe
[2009/11/13 01:59:04 | 000,220,040 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Juniper Networks\Secure Meeting 6.5.0\AccessServiceComponent.x86.exe
[2009/12/09 13:30:14 | 000,087,336 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Juniper Networks\Secure Meeting 6.5.0\dsCboxBroker.exe
[2009/12/09 13:30:12 | 000,701,736 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Juniper Networks\Secure Meeting 6.5.0\dsCboxUI.exe
[2009/12/09 13:30:16 | 000,183,608 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Juniper Networks\Secure Meeting 6.5.0\uninstall.exe
[2010/08/20 00:33:06 | 000,148,848 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Juniper Networks\Setup Client\dsmmf.exe
[2010/08/20 00:33:16 | 000,263,360 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Juniper Networks\Setup Client\JuniperCompMgrInstaller.exe
[2010/08/20 00:33:04 | 000,529,776 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Juniper Networks\Setup Client\JuniperSetupClient.exe
[2010/08/20 00:32:22 | 000,333,640 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe
[2010/08/20 00:21:54 | 000,223,320 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Juniper Networks\Setup Client\JuniperSetupXP.exe
[2010/08/20 00:33:18 | 000,050,840 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Juniper Networks\Setup Client\uninstall.exe
[2010/08/20 00:21:44 | 000,067,008 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Juniper Networks\Setup\dsmmf.exe
[2010/08/20 00:21:42 | 000,042,440 | R--- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Juniper Networks\Setup\JuniperSetupApp.exe
[2010/08/20 00:21:46 | 000,120,176 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Juniper Networks\Setup\JuniperSetupClient.exe
[2010/11/18 19:45:32 | 000,037,464 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Juniper Networks\Setup\uninstall.exe
[2009/05/23 09:27:36 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
[2006/12/14 09:00:02 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\U3\temp\cleanup.exe
[2007/02/12 16:46:54 | 003,096,576 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\U3\temp\Launchpad Removal.exe

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 00:11:54 | 000,344,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\hnetcfg.dll

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 10:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/02/02 16:19:30 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/02/02 16:19:30 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 10:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/02/02 16:19:30 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/02/02 16:19:30 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 10:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 10:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/05/11 16:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NDIS.SYS >
[2008/04/13 19:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008/04/13 19:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 19:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/04 05:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\i386\ndis.sys
[2004/08/04 10:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 10:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006/03/17 00:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 10:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 10:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< %systemroot%\system32\drivers\*.sys /90 >
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2011/02/16 12:20:29 | 000,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasacd.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/06/10 15:28:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/06/10 15:28:42 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/06/10 15:28:42 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 00:11:54 | 000,344,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\hnetcfg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:408F95E5
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D1B5B4F1

< End of report >







OTL Extras logfile created on: 23/02/2011 01:51:29 - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.80 Gb Total Space | 4.67 Gb Free Space | 8.37% Space Free | Partition Type: NTFS

Computer Name: GARY-62E2F3DD7D | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"86:TCP" = 86:TCP:*:Enabled:BroadCam Video Streaming Server Web Server
"4100:UDP" = 4100:UDP:*:Enabled:uPNP Router Control Port
"1046:TCP" = 1046:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- (Check Point Software Technologies)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Microsoft Virtual PC\Virtual PC.exe" = C:\Program Files\Microsoft Virtual PC\Virtual PC.exe:*:Enabled:Virtual PC 2007 SP1 -- (Microsoft Corporation)
"C:\xampplite\apache\bin\httpd.exe" = C:\xampplite\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\FileZilla FTP Client\filezilla.exe" = C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client -- (FileZilla Project)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- (Check Point Software Technologies)
"C:\Program Files\JetBrains\IntelliJ IDEA 7.0.5\bin\idea.exe" = C:\Program Files\JetBrains\IntelliJ IDEA 7.0.5\bin\idea.exe:*:Enabled:idea -- (JetBrains s.r.o)
"C:\Program Files\Java\jdk1.5.0_22\bin\java.exe" = C:\Program Files\Java\jdk1.5.0_22\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Gary.GARY-62E2F3DD7D\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A36CF15-DF66-4756-9482-A9ABF3DDACE6}_is1" = Driver Robot
"{1C53ADFA-15EE-4807-B0D6-5EC63ADC0D90}" = ATLAS.ti
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{231A1A09-FDF2-45F2-B3D1-964CECE372BC}" = Seagate Manager Installer
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48}" = OZ776 SCR CardBus Windows Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150220}" = J2SE Runtime Environment 5.0 Update 22
"{32A3A4F4-B792-11D6-A78A-00B0D0150220}" = J2SE Development Kit 5.0 Update 22
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{37E6733E-B051-4ED6-B13C-6560F091CF84}" = Free eXPert PDF Reader
"{401C93E0-C5CA-421B-9081-B35908932829}" = Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA2
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C24C6EB-FF40-4855-9C1D-42F8AFC75112}" = Zend Optimizer
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = MouseWare 9.76
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{608FFCC7-7237-47BB-ABD5-8341754A3BBA}" = MySQL Server 5.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.14
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A777CB31-A5EC-4E32-A462-2E24F45D4D4F}_is1" = Moyea FLV to Video Converter Pro 2 version: 2.0.15.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AD295405-ACB6-4E90-AF77-9412B3DF583F}" = O2Micro OZ776 SCR Driver
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{B9362DB5-C5E3-4AF2-9E74-D77339C81570}" = CardBus Installation Package V1.002
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DEC2C123-3CE0-4669-B119-61519130CACD}" = TortoiseSVN 1.6.10.19898 (32 bit)
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E6893BD0-F742-4259-9119-278250E52A42}" = Google AdWords Editor
"{EC561602-C0B9-4FAA-A175-1B3273639AC3}" = MySQL Tools for 5.0
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"Akamai" = Akamai NetSession Interface
"AMP Font Viewer" = AMP Font Viewer
"Apache Tomcat 5.5" = Apache Tomcat 5.5 (remove only)
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Cool Ruler" = Cool Ruler
"ESET Online Scanner" = ESET Online Scanner v3
"FlashFXP" = FlashFXP
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 1.99.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{231A1A09-FDF2-45F2-B3D1-964CECE372BC}" = Seagate Manager Installer
"InstallShield_{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48}" = OZ776 SCR CardBus Windows Driver
"InstallShield_{AD295405-ACB6-4E90-AF77-9412B3DF583F}" = O2Micro OZ776 SCR Driver
"InstallShield_{B9362DB5-C5E3-4AF2-9E74-D77339C81570}" = CardBus Installation Package V1.002
"IntelliJ IDEA 7.0.5" = IntelliJ IDEA 7.0.5
"IrfanView" = IrfanView (remove only)
"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
"Juniper Network Connect 7.0.0" = Juniper Networks Network Connect 7.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MultipleIEs_is1" = MultipleIEs
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NoteTab Light 6_is1" = NoteTab Light 6 (Remove only)
"OmniMark C/VM 5.5" = OmniMark C/VM 5.5
"PDF Split & Merge_is1" = PDF Split & Merge 1.02
"Prism" = Prism Video Converter
"RealPlayer 12.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.3
"Snosh_is1" = Snosh V2.1
"SQLTools 1.5" = SQLTools 1.5 (remove only)
"Tablet Driver" = Tablet
"TextPad 4" = TextPad 4
"ToolBox" = NCH Toolbox
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
"FileZilla Client" = FileZilla Client 3.3.5.1
"Identity Cloaker" = Identity Cloaker
"Juniper Secure Meeting 6.5.0" = Juniper Networks Secure Meeting 6.5.0
"Juniper_Networks_Cache_Cleaner 6.2.0" = Juniper Networks Cache Cleaner 6.2.0
"Juniper_Networks_Cache_Cleaner 6.5.0" = Juniper Networks Cache Cleaner 6.5.0
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"SugarSync" = SugarSync Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/02/2011 07:44:48 | Computer Name = GARY-62E2F3DD7D | Source = McLogEvent | ID = 259
Description = The file C:\WINDOWS\system32\drivers\rasacd.sys contains Patched-SYSFile.d
Trojan. Detected with Scan Engine 5400.1158 DAT version 6258.0000.

Error - 16/02/2011 07:44:50 | Computer Name = GARY-62E2F3DD7D | Source = McLogEvent | ID = 259
Description = The scan found detections. Scan engine version 5400.1158 DAT version
6258.

Error - 16/02/2011 08:06:44 | Computer Name = GARY-62E2F3DD7D | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
chrome.dll, version 9.0.597.98, fault address 0x000e7c26.

Error - 16/02/2011 08:41:12 | Computer Name = GARY-62E2F3DD7D | Source = McLogEvent | ID = 259
Description = The file C:\Program Files\Shared\shared.dll contains the BackDoor-EDY.b
Trojan. Undetermined clean error, delete failed. Detected using Scan engine version
5400.1158 DAT version 6258.0000.

Error - 17/02/2011 14:28:15 | Computer Name = GARY-62E2F3DD7D | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x05534680.

Error - 19/02/2011 11:58:05 | Computer Name = GARY-62E2F3DD7D | Source = Bonjour Service | ID = 100
Description = 236: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 19/02/2011 11:58:05 | Computer Name = GARY-62E2F3DD7D | Source = Bonjour Service | ID = 100
Description = 220: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 19/02/2011 11:58:05 | Computer Name = GARY-62E2F3DD7D | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 19/02/2011 11:58:05 | Computer Name = GARY-62E2F3DD7D | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ System Events ]
Error - 22/02/2011 21:13:58 | Computer Name = GARY-62E2F3DD7D | Source = Service Control Manager | ID = 7034
Description = The MySQL50 service terminated unexpectedly. It has done this 1 time(s).

Error - 22/02/2011 21:13:58 | Computer Name = GARY-62E2F3DD7D | Source = Service Control Manager | ID = 7034
Description = The McAfee Task Manager service terminated unexpectedly. It has done
this 1 time(s).

Error - 22/02/2011 21:18:32 | Computer Name = GARY-62E2F3DD7D | Source = Service Control Manager | ID = 7000
Description = The Creative Service for CDROM Access service failed to start due
to the following error: %%2

Error - 22/02/2011 21:18:32 | Computer Name = GARY-62E2F3DD7D | Source = Service Control Manager | ID = 7000
Description = The CT Device Query service service failed to start due to the following
error: %%2

Error - 22/02/2011 21:18:32 | Computer Name = GARY-62E2F3DD7D | Source = Service Control Manager | ID = 7000
Description = The MySQL service failed to start due to the following error: %%3

Error - 22/02/2011 21:20:29 | Computer Name = GARY-62E2F3DD7D | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.

Error - 22/02/2011 21:20:29 | Computer Name = GARY-62E2F3DD7D | Source = Service Control Manager | ID = 7000
Description = The HTTP SSL service failed to start due to the following error: %%1053

Error - 22/02/2011 21:31:16 | Computer Name = GARY-62E2F3DD7D | Source = Service Control Manager | ID = 7000
Description = The Creative Service for CDROM Access service failed to start due
to the following error: %%2

Error - 22/02/2011 21:31:16 | Computer Name = GARY-62E2F3DD7D | Source = Service Control Manager | ID = 7000
Description = The CT Device Query service service failed to start due to the following
error: %%2

Error - 22/02/2011 21:31:16 | Computer Name = GARY-62E2F3DD7D | Source = Service Control Manager | ID = 7000
Description = The MySQL service failed to start due to the following error: %%3


< End of report >

#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:53 PM

Posted 23 February 2011 - 04:09 PM

Good evening. :)

Hi I can't seem to run the Error Check on the C:\ drive, as soon as I click start it says "The disk check utility needs exclusive access to some Windows files on the disk. These can be accessed only by re-starting Windows" - but after restart I get the same problem. Any ideas?

Probably one of the programs on your system blocking access - it could be McAfee or Seagate Manager or another. Unless you have the will to start disabling/uninstalling, i'd skip this part as it's not really a necessity unless your drive is erroring up.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

There an oddly named folder that i'd like some further information on, but apart from that and some updates, you're done.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :dir
    C:\Documents and Settings\All Users.WINDOWS\Application Data\bDhFaPi17600 /s
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your copy of Adobe Reader is out of date. You can get the latest version here, feel free to uncheck the McAfee download first, or you can update from within the program itself: Help > Check for Updates...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your version of Sun Java needs updating:

1) Go here and click on the Windows XP/Vista/2000/2003/2008 Offline link in the Windows section near the top and save it to your Desktop.

2) Download JavaRa from here and save it to your Desktop.
You will need to extract the file(s):

Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


***Please close any instances of Internet Explorer before continuing!***

  • Double-click JavaRa.exe to begin.
  • Pick your preferred language from the drop-down menu and click Select.
  • Click on Remove Older Versions to remove older version of Java - obvious really, isn't it!
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location, just in case you have any problems with Java afterwards.
3) Run the installer that you downloaded earlier.

So long, and thanks for all the fish.

 

 


#15 ragy

ragy
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 23 February 2011 - 04:46 PM

SystemLook 04.09.10 by jpshortstuff
Log created at 21:43 on 23/02/2011 by Gary
Administrator - Elevation successful

========== dir ==========

C:\Documents and Settings\All Users.WINDOWS\Application Data\bDhFaPi17600 - Parameters: "/s"

---Files---
bDhFaPi17600 --a---- 98 bytes [13:09 18/02/2011] [14:10 18/02/2011]

No folders found.

-= EOF =-


Did you post the Adobe / Java update instructions again on purpose? I updated these yesterday, am I meant to run them again?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users