Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE Google Redirecting + MBR Rootkit Detected


  • This topic is locked This topic is locked
17 replies to this topic

#1 MaccaUK

MaccaUK

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:01 AM

Posted 22 May 2011 - 05:58 AM

Hi there,

Great site! I've been a lurker/reader of posts for awhile and always found everything here very helpful.

I've joined up and now become a member of your community :thumbup2:

Having a few problems with Internet Explorer redirecting when using Google to unwanted sites.

Also when i run IE from desktop by double clicking it can take several attempts before it actually opens,
i get this message alot "Internet Explorer Has Stopped Working"

Pretty sure i've somehow ended up with the MBR Rootkit on my PC.

I've run gmer.exe and got these two lines..

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior <-- ROOTKIT !!!


If anyone can help i would be very grateful.
How do!

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:01 AM

Posted 22 May 2011 - 09:40 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Note:
If you are unable to run a Gmer scan due the fact you are running a64bit machine please run the following tool and post its log.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Thanks and again sorry for the delay.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 MaccaUK

MaccaUK
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:01 AM

Posted 22 May 2011 - 07:12 PM

Many thanks for replying, much appreciated.

I'm still having the same problems as previously stated unfortunately.

I've included the text from the DDS log below plus i've attached the Attach.txt and the GMER.log

Thanks in advance for any help with my PC problems.

MaccaUK



.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.19048
Run by StephenLouise at 23:30:53 on 2011-05-22
Microsoft« Windows VistaÖ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1071 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Radio Downloader\Radio Downloader.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\AVG\AVG10\avgsrmax.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\StephenLouise\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = Preserve
uStart Page = hxxp://www.digitalspy.co.uk/
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [Radio Downloader] "c:\program files\radio downloader\Radio Downloader.exe" /hidemainwindow
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus Photo RX585 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticle.exe /fu "c:\users\stephe~1\appdata\local\temp\E_S36F9.tmp" /EF "HKCU"
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30618; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.habbo.co.uk/shockwave_client"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [TVEService] "c:\program files\homecinema\tv enhance\TVEService.exe"
mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
mRun: [CCUTRAYICON] c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [DMXLauncher] "c:\program files\roxio\media experience\DMXLauncher.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [Wireless Manager] "c:\program files\virgin broadband wireless\Wireless Manager.exe" startup
mRun: [ALDI Photo Service] "c:\program files\aldi photo service\aldi_photo_service\FotoSuite.exe" /autorun
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\users\stephe~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {678940D3-080C-4FCE-A54D-D443E1177F01} - hxxps://www.coolroom.com/ActiveX/ax.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2007-2-12 208896]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-2-8 21504]
R2 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2007-6-27 157912]
R2 NMSCore;Intel® NMSCore;c:\program files\common files\intel\inteldh\nms\nmscore\NMSCore.exe [2007-6-27 317656]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2007-2-18 5376]
R2 QualityManager;Intel® Quality Manager;c:\program files\intel\inteldh\intel media server\media server\bin\QualityManager.exe [2007-6-27 272600]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\homecinema\tv enhance\kernel\tv\TVECapSvc.exe [2008-2-7 290909]
R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\homecinema\tv enhance\kernel\tv\TVESched.exe [2008-2-7 114779]
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2008-2-7 1302368]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-11-8 5632]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2007-10-8 554496]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2007-10-8 13976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 DHTRACE;Intel® DHTrace Controller;c:\program files\common files\intel\inteldh\bin\DHTraceController.exe [2007-6-27 39640]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-5-4 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-3-13 30192]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2009-2-23 23096]
S3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [2009-2-23 3768]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
SUnknown Normandy;Normandy; [x]
.
=============== Created Last 30 ================
.
2011-05-22 13:44:30 -------- d-----w- c:\users\stephenlouise\appdata\local\{3CF01CED-6E29-4010-A126-ADCCB6A8E377}
2011-05-22 02:00:41 -------- d--h--w- C:\$AVG
2011-05-22 00:52:25 -------- d-----w- c:\users\stephenlouise\appdata\roaming\AVG10
2011-05-22 00:51:01 -------- d-----w- c:\windows\system32\drivers\AVG
2011-05-22 00:51:01 -------- d-----w- c:\programdata\AVG10
2011-05-22 00:23:52 -------- d--h--w- c:\programdata\Common Files
2011-05-22 00:23:06 -------- d-----w- c:\programdata\MFAData
2011-05-21 14:31:26 -------- d-----w- c:\users\stephenlouise\appdata\local\{9170A321-D9A0-4AC4-9087-3FBE20FDDC00}
2011-05-21 14:30:28 -------- d-----w- c:\users\stephenlouise\appdata\local\{BBFD3B51-86DE-41C0-BF5B-6FE32E5CBA85}
2011-05-17 23:40:48 -------- d-----w- c:\users\stephenlouise\appdata\local\{E317EA47-9B1E-45B6-AB42-0CE0CA3F9A73}
2011-05-16 15:03:05 -------- d-----w- c:\users\stephenlouise\appdata\local\{C2CDBC52-70B9-451E-BC0E-8A3996D27EFF}
2011-05-15 22:05:54 -------- d-----w- c:\users\stephenlouise\appdata\local\{7BE27D35-2131-4556-BBB8-B1900EF6632F}
2011-05-14 22:05:52 -------- d-----w- c:\users\stephenlouise\appdata\local\{90754768-6612-4C88-8E43-3679AD0DF23E}
2011-05-14 12:42:50 -------- d-----w- c:\users\stephenlouise\appdata\local\{22299146-9E59-4341-947B-1FA46FA283E0}
2011-05-14 11:00:18 -------- d-----w- c:\users\stephenlouise\appdata\local\{FC3A1553-3168-41D4-95EF-3E29C230EA22}
2011-05-13 12:50:53 -------- d-----w- c:\users\stephenlouise\appdata\local\{4DBC773A-3266-4F23-8A34-8157FA023039}
2011-05-12 21:49:46 -------- d-----w- c:\users\stephenlouise\appdata\local\{DABFEA44-4A36-4DB6-A9C2-8420188463DA}
2011-05-11 12:41:05 -------- d-----w- c:\program files\PC Tools Security
2011-05-10 22:22:12 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-05-03 23:06:12 -------- d-----w- c:\windows\en
2011-05-03 23:05:55 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-05-03 23:02:17 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-05-03 23:02:17 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-05-03 23:02:17 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-05-03 23:01:27 469256 ----a-w- c:\program files\common files\windows live\.cache\79cc8b01cc09e62b\InstallManager_WLE_WLE.exe
2011-05-03 23:01:10 15712 ----a-w- c:\program files\common files\windows live\.cache\fde76eb01cc09e51f\MeshBetaRemover.exe
2011-05-03 23:00:53 94040 ----a-w- c:\program files\common files\windows live\.cache\f3f46f701cc09e518\DSETUP.dll
2011-05-03 23:00:53 525656 ----a-w- c:\program files\common files\windows live\.cache\f3f46f701cc09e518\DXSETUP.exe
2011-05-03 23:00:53 1691480 ----a-w- c:\program files\common files\windows live\.cache\f3f46f701cc09e518\dsetup32.dll
2011-05-03 23:00:52 94040 ----a-w- c:\program files\common files\windows live\.cache\f25936001cc09e517\DSETUP.dll
2011-05-03 23:00:52 525656 ----a-w- c:\program files\common files\windows live\.cache\f25936001cc09e517\DXSETUP.exe
2011-05-03 23:00:52 1691480 ----a-w- c:\program files\common files\windows live\.cache\f25936001cc09e517\dsetup32.dll
2011-05-03 23:00:05 -------- d-----w- c:\users\stephenlouise\appdata\local\Windows Live
2011-05-03 22:56:52 -------- d-----w- c:\program files\Radio Downloader
2011-05-01 09:31:49 754688 ----a-w- c:\windows\system32\webservices.dll
2011-05-01 09:08:38 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-05-01 09:03:56 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-05-01 08:37:21 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-01 08:36:29 -------- d-----w- c:\programdata\Hitman Pro
2011-04-30 23:25:38 -------- d-----w- c:\programdata\PC Tools
2011-04-29 10:12:03 7071056 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{54d03c86-2b1d-410b-91c7-eb5788583265}\mpengine.dll
2011-04-27 06:43:19 784136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2011-04-27 00:04:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 00:04:23 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 00:04:17 876032 ----a-w- c:\windows\system32\XpsPrint.dll
.
==================== Find3M ====================
.
2011-05-19 15:00:02 89680 ----a-w- c:\users\stephenlouise\MSSSerif120.fon
2011-04-14 20:28:18 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-04-04 23:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-03-16 15:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-22 13:24:10 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-22 13:24:02 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-22 13:23:59 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-22 13:23:55 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-22 07:12:38 22992 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-02-22 06:21:28 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 06:17:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 06:16:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 06:16:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-02-22 06:16:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-02-22 05:20:39 385024 ----a-w- c:\windows\system32\html.iec
2011-02-22 04:43:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-02-22 04:42:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 23:31:35.71 ===============

Attached Files


How do!

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:01 AM

Posted 22 May 2011 - 07:35 PM

Hello MaccaUK,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

2.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

3.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

4.
Install HijackThis:

You can download the latest version of HijackThis by clicking HERE.
Should you be prompted to save to a certain directory, please choose the desktop.
Note:Only this file should be saved to the desktop. During the installation process, you must allow HijackThis to install into its own directory.

Once you download the HijackThis Installer from the above link:

  • Double-click the new HJTInstall.exe icon on your desktop or your default download location.
  • An install window will appear, please accept all the default locations and settings. (Vista users may need to approve a notification from windows. Please accept this warning if it appears, and allow the instalation)
  • Once installed, you will be presented with a list of options, please select 'Do a system scan and save a logfile'. (Vista users: you may need to close the program, then Right-click the HijackThis icon, choosing 'Run as Administrator')
  • Once he scan has completed, a 'Notepad' window will appear. This is the log i require.
  • In the notepad window, select 'Edit' from the top row, then 'Select all'
  • Again, in the notepad window, select 'Edit' again, this time choosing 'copy'
  • Close HijackThis by clicking the red X in the top right hand corner of the programs window.
  • Please reply to this message. In the reply window, please Right click, and select Paste
  • Once your log is posted, please close the Notepad window. You may also delete HJTInstall.exe from your desktop, as it is no longer required.

Note: DO NOT have HijackThis fix anything yet! Most of what it finds is legitimate, and DANGEROUS if misinterpreted!!
DO NOT use this program unless told to by a Trained Malware Removal Expert, and make sure you understand and follow ALL instructions. If you don't understand STOP and ASK!!!



Things to include in your next reply::
TDssKiller log
aswMbr log
HIJackThis log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 MaccaUK

MaccaUK
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:01 AM

Posted 23 May 2011 - 04:22 AM

Hi again,

Many thanks for your latest reply, you're a gent! :)

Firstly i clicked on Windows Defender and it's already switched off currently.

Also i've carefully followed steps 2, 3 & 4 and will copy and paste all the logs below.

My PC seems to be running okay at the moment plus i've tried a few searches on google and not been redirected once yet since you've been helping me.

MaccaUK


2011/05/23 09:40:18.0905 7184 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/23 09:40:19.0225 7184 ================================================================================
2011/05/23 09:40:19.0225 7184 SystemInfo:
2011/05/23 09:40:19.0225 7184
2011/05/23 09:40:19.0225 7184 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/23 09:40:19.0225 7184 Product type: Workstation
2011/05/23 09:40:19.0225 7184 ComputerName: STEPHENLOO-PC
2011/05/23 09:40:19.0225 7184 UserName: StephenLouise
2011/05/23 09:40:19.0226 7184 Windows directory: C:\Windows
2011/05/23 09:40:19.0226 7184 System windows directory: C:\Windows
2011/05/23 09:40:19.0226 7184 Processor architecture: Intel x86
2011/05/23 09:40:19.0226 7184 Number of processors: 4
2011/05/23 09:40:19.0226 7184 Page size: 0x1000
2011/05/23 09:40:19.0226 7184 Boot type: Normal boot
2011/05/23 09:40:19.0226 7184 ================================================================================
2011/05/23 09:40:20.0191 7184 Initialize success
2011/05/23 09:41:10.0955 6844 ================================================================================
2011/05/23 09:41:10.0955 6844 Scan started
2011/05/23 09:41:10.0955 6844 Mode: Manual;
2011/05/23 09:41:10.0955 6844 ================================================================================
2011/05/23 09:41:11.0685 6844 3xHybrid (651c54ac4ec5c5397c5aff5d575ca45b) C:\Windows\system32\DRIVERS\3xHybrid.sys
2011/05/23 09:41:11.0864 6844 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
2011/05/23 09:41:11.0918 6844 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/23 09:41:11.0990 6844 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/05/23 09:41:12.0041 6844 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/05/23 09:41:12.0073 6844 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/05/23 09:41:12.0104 6844 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/05/23 09:41:12.0183 6844 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/23 09:41:12.0329 6844 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\AFGSp50.sys
2011/05/23 09:41:12.0400 6844 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/23 09:41:12.0474 6844 aliide (496eda16a127ac9a38bb285bef17dbb5) C:\Windows\system32\drivers\aliide.sys
2011/05/23 09:41:12.0535 6844 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/05/23 09:41:12.0583 6844 amdide (6f65f4147c54398d7280b18cebbed215) C:\Windows\system32\drivers\amdide.sys
2011/05/23 09:41:12.0641 6844 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/05/23 09:41:12.0687 6844 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/05/23 09:41:12.0799 6844 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/05/23 09:41:12.0863 6844 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/05/23 09:41:12.0976 6844 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\Aspi32.sys
2011/05/23 09:41:13.0048 6844 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/23 09:41:13.0110 6844 atapi (78620bda3ec87816e5d1fa86f920bc3a) C:\Windows\system32\drivers\atapi.sys
2011/05/23 09:41:13.0216 6844 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
2011/05/23 09:41:13.0319 6844 AVGIDSDriver (97824e8c95d9717777abd46a7b632310) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/05/23 09:41:13.0386 6844 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/05/23 09:41:13.0431 6844 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/05/23 09:41:13.0460 6844 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/05/23 09:41:13.0513 6844 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/05/23 09:41:13.0565 6844 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/05/23 09:41:13.0653 6844 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/05/23 09:41:13.0699 6844 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/05/23 09:41:13.0774 6844 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/23 09:41:13.0904 6844 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/23 09:41:13.0984 6844 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/23 09:41:14.0027 6844 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/23 09:41:14.0104 6844 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/23 09:41:14.0178 6844 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/23 09:41:14.0204 6844 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/23 09:41:14.0237 6844 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/23 09:41:14.0290 6844 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/23 09:41:14.0352 6844 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/23 09:41:14.0386 6844 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/23 09:41:14.0437 6844 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/05/23 09:41:14.0491 6844 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/23 09:41:14.0586 6844 cmdide (59172a0724f2ab769f31d61b0571d75b) C:\Windows\system32\drivers\cmdide.sys
2011/05/23 09:41:14.0622 6844 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/05/23 09:41:14.0659 6844 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/23 09:41:14.0710 6844 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/05/23 09:41:14.0783 6844 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/23 09:41:14.0854 6844 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/23 09:41:14.0917 6844 DLABMFSM (7a1e8f722479ef934d71798ac3617ed7) C:\Windows\system32\DLA\DLABMFSM.SYS
2011/05/23 09:41:14.0972 6844 DLABOIOM (2281b5c596c04645426b3771a3bd5657) C:\Windows\system32\DLA\DLABOIOM.SYS
2011/05/23 09:41:15.0023 6844 DLACDBHM (43749294a1d9f22fe164a62c1a42919d) C:\Windows\system32\Drivers\DLACDBHM.SYS
2011/05/23 09:41:15.0042 6844 DLADResM (54a3f9ebd1ddc975736f8e18a9b8fce9) C:\Windows\system32\DLA\DLADResM.SYS
2011/05/23 09:41:15.0079 6844 DLAIFS_M (e0fbaf0146bfceec29f31f07452db4ad) C:\Windows\system32\DLA\DLAIFS_M.SYS
2011/05/23 09:41:15.0122 6844 DLAOPIOM (d3ce0c76496a5332032399639485774f) C:\Windows\system32\DLA\DLAOPIOM.SYS
2011/05/23 09:41:15.0165 6844 DLAPoolM (fce1882364d4c324b937a841ef9c58ac) C:\Windows\system32\DLA\DLAPoolM.SYS
2011/05/23 09:41:15.0220 6844 DLARTL_M (14183a8eff683eb0c1774802578ed0f4) C:\Windows\system32\Drivers\DLARTL_M.SYS
2011/05/23 09:41:15.0265 6844 DLAUDFAM (2ef8c92ab8411589387845f58534c7d9) C:\Windows\system32\DLA\DLAUDFAM.SYS
2011/05/23 09:41:15.0304 6844 DLAUDF_M (a2096fd7b5037085a3dc580e2891d2c4) C:\Windows\system32\DLA\DLAUDF_M.SYS
2011/05/23 09:41:15.0424 6844 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/23 09:41:15.0477 6844 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS
2011/05/23 09:41:15.0533 6844 DRVNDDM (9628dfa16b1a47615c65318f8776f233) C:\Windows\system32\Drivers\DRVNDDM.SYS
2011/05/23 09:41:15.0606 6844 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/23 09:41:15.0730 6844 e1express (476d9f2f0789cde89acee2a2fb21ec5a) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/05/23 09:41:15.0790 6844 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/23 09:41:15.0879 6844 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/23 09:41:16.0025 6844 ElbyCDIO (aaa8999a169e39fb8b48ae49cd6ac30a) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/05/23 09:41:16.0099 6844 ElbyDelay (e205c313417da6fa7afe85912a310a65) C:\Windows\system32\Drivers\ElbyDelay.sys
2011/05/23 09:41:16.0172 6844 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/05/23 09:41:16.0295 6844 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/23 09:41:16.0356 6844 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/23 09:41:16.0409 6844 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/23 09:41:16.0473 6844 FETNDIS (b2b2c38e916184ff8523c7439ddd417f) C:\Windows\system32\DRIVERS\fetnd5.sys
2011/05/23 09:41:16.0544 6844 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/23 09:41:16.0565 6844 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/23 09:41:16.0600 6844 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/23 09:41:16.0672 6844 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/23 09:41:16.0775 6844 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/05/23 09:41:16.0820 6844 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/23 09:41:16.0890 6844 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/23 09:41:16.0932 6844 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/23 09:41:17.0037 6844 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/23 09:41:17.0106 6844 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/23 09:41:17.0175 6844 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/23 09:41:17.0222 6844 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/23 09:41:17.0261 6844 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/23 09:41:17.0360 6844 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/05/23 09:41:17.0423 6844 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/23 09:41:17.0473 6844 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/05/23 09:41:17.0540 6844 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/23 09:41:17.0612 6844 iaStor (28aae599496b4930b3f19026f2083bc4) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/23 09:41:17.0702 6844 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/05/23 09:41:17.0789 6844 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/23 09:41:17.0947 6844 IntcAzAudAddService (56661beae591e59067710b6cbca78184) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/23 09:41:18.0104 6844 IntelDH (7f440f8ced849fcdfa85bb3521b4f048) C:\Windows\system32\Drivers\IntelDH.sys
2011/05/23 09:41:18.0157 6844 intelide (e5ea1c17da5065032e346591ff64f3af) C:\Windows\system32\drivers\intelide.sys
2011/05/23 09:41:18.0227 6844 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/23 09:41:18.0315 6844 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/23 09:41:18.0405 6844 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/23 09:41:18.0448 6844 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/23 09:41:18.0501 6844 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/23 09:41:18.0537 6844 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/05/23 09:41:18.0583 6844 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/23 09:41:18.0646 6844 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/23 09:41:18.0686 6844 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/23 09:41:18.0734 6844 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/23 09:41:18.0773 6844 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/23 09:41:18.0865 6844 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/23 09:41:18.0945 6844 L8042Kbd (d88846f9f4f27ae9be584a6e5b6b8753) C:\Windows\system32\DRIVERS\L8042Kbd.sys
2011/05/23 09:41:19.0033 6844 L8042mou (bea61fda2103f6f51b14eb0872e8a050) C:\Windows\system32\DRIVERS\L8042mou.Sys
2011/05/23 09:41:19.0124 6844 LHidFilt (dd83dc92463fce6324fd30a13d17d0da) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/05/23 09:41:19.0169 6844 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/23 09:41:19.0235 6844 LMouFilt (8fe0008e183ff0293a925b78a5581c5f) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/05/23 09:41:19.0293 6844 LMouKE (cab504e38fced9a56d87d838e9ba13e9) C:\Windows\system32\DRIVERS\LMouKE.Sys
2011/05/23 09:41:19.0386 6844 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/23 09:41:19.0428 6844 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/23 09:41:19.0483 6844 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/23 09:41:19.0537 6844 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/23 09:41:19.0590 6844 LUsbFilt (ca26e46ec8891058c9e10363df4e4650) C:\Windows\system32\Drivers\LUsbFilt.Sys
2011/05/23 09:41:19.0686 6844 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/05/23 09:41:19.0737 6844 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/23 09:41:19.0771 6844 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/23 09:41:19.0813 6844 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/23 09:41:19.0853 6844 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/23 09:41:19.0906 6844 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/23 09:41:19.0958 6844 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/05/23 09:41:19.0996 6844 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/23 09:41:20.0048 6844 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/23 09:41:20.0148 6844 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/23 09:41:20.0293 6844 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/23 09:41:20.0359 6844 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/23 09:41:20.0385 6844 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/23 09:41:20.0415 6844 msahci (86068b8b54a5eb092f51657f00b2222a) C:\Windows\system32\drivers\msahci.sys
2011/05/23 09:41:20.0459 6844 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/05/23 09:41:20.0531 6844 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
2011/05/23 09:41:20.0571 6844 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/23 09:41:20.0698 6844 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/23 09:41:20.0758 6844 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/23 09:41:20.0802 6844 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/23 09:41:20.0843 6844 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/23 09:41:20.0895 6844 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/23 09:41:20.0942 6844 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/23 09:41:20.0977 6844 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/23 09:41:21.0012 6844 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/23 09:41:21.0070 6844 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/23 09:41:21.0142 6844 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/23 09:41:21.0190 6844 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/23 09:41:21.0241 6844 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/23 09:41:21.0313 6844 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/23 09:41:21.0364 6844 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/23 09:41:21.0416 6844 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/23 09:41:21.0460 6844 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/23 09:41:21.0557 6844 netr28u (9ba2f93e4f01ec58e722b36639e0ce5d) C:\Windows\system32\DRIVERS\netr28u.sys
2011/05/23 09:41:21.0623 6844 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/23 09:41:21.0705 6844 nmsunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\nmsunidr.sys
2011/05/23 09:41:21.0754 6844 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/23 09:41:21.0797 6844 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/23 09:41:21.0873 6844 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/23 09:41:21.0940 6844 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/23 09:41:21.0970 6844 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/23 09:41:22.0224 6844 nvlddmkm (c5823e05f760ff5b4c698752b1b8030d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/23 09:41:22.0484 6844 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/05/23 09:41:22.0525 6844 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/05/23 09:41:22.0551 6844 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/05/23 09:41:22.0668 6844 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/23 09:41:22.0729 6844 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
2011/05/23 09:41:22.0792 6844 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/23 09:41:22.0829 6844 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/23 09:41:22.0959 6844 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/23 09:41:23.0007 6844 pciide (304048c2565a803d091cca1ac945f593) C:\Windows\system32\drivers\pciide.sys
2011/05/23 09:41:23.0048 6844 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/23 09:41:23.0129 6844 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/05/23 09:41:23.0205 6844 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/23 09:41:23.0329 6844 pfc (957b82ec80ad7ead64e5e47df6b0dc40) C:\Windows\system32\drivers\pfc.sys
2011/05/23 09:41:23.0416 6844 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/23 09:41:23.0457 6844 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/05/23 09:41:23.0516 6844 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/23 09:41:23.0578 6844 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/23 09:41:23.0654 6844 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/05/23 09:41:23.0721 6844 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/23 09:41:23.0780 6844 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/23 09:41:24.0101 6844 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/23 09:41:24.0250 6844 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/23 09:41:24.0319 6844 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/23 09:41:24.0547 6844 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/23 09:41:24.0618 6844 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/23 09:41:24.0675 6844 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/23 09:41:24.0728 6844 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/23 09:41:24.0792 6844 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/05/23 09:41:24.0813 6844 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/23 09:41:24.0868 6844 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/23 09:41:24.0993 6844 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/23 09:41:25.0041 6844 RxFilter (78f204f3a885de987d41b12f9bb8dffb) C:\Windows\system32\DRIVERS\RxFilter.sys
2011/05/23 09:41:25.0102 6844 s116bus (815445f4676cc96bc9aeec303c727e19) C:\Windows\system32\DRIVERS\s116bus.sys
2011/05/23 09:41:25.0186 6844 s116mdfl (333d1e0743e6de1779c3c418ac601c3a) C:\Windows\system32\DRIVERS\s116mdfl.sys
2011/05/23 09:41:25.0235 6844 s116mdm (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\Windows\system32\DRIVERS\s116mdm.sys
2011/05/23 09:41:25.0297 6844 s116mgmt (1589aa53e43f8d193a7d4d580d3ffa95) C:\Windows\system32\DRIVERS\s116mgmt.sys
2011/05/23 09:41:25.0364 6844 s116nd5 (306f85733671fe507470f0273025e768) C:\Windows\system32\DRIVERS\s116nd5.sys
2011/05/23 09:41:25.0424 6844 s116obex (ec32601f04a5a5de89315d0f55e73d66) C:\Windows\system32\DRIVERS\s116obex.sys
2011/05/23 09:41:25.0498 6844 s116unic (32e3ecb4b2b5887426eaf241a8149cde) C:\Windows\system32\DRIVERS\s116unic.sys
2011/05/23 09:41:25.0540 6844 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/23 09:41:25.0630 6844 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/23 09:41:25.0681 6844 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/23 09:41:25.0705 6844 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/05/23 09:41:25.0752 6844 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/23 09:41:25.0811 6844 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/05/23 09:41:25.0856 6844 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/23 09:41:25.0895 6844 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/23 09:41:25.0920 6844 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/23 09:41:25.0966 6844 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/05/23 09:41:26.0012 6844 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/05/23 09:41:26.0060 6844 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/23 09:41:26.0116 6844 SndTAudio (fa11bef5d56168a3f4017ad41b74602e) C:\Windows\system32\drivers\SndTAudio.sys
2011/05/23 09:41:26.0164 6844 SndTVideo (2b5b846841eee00395d97b78d987c976) C:\Windows\system32\DRIVERS\SndTVideo.sys
2011/05/23 09:41:26.0211 6844 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/23 09:41:26.0281 6844 sptd (71e276f6d189413266ea22171806597b) C:\Windows\System32\Drivers\sptd.sys
2011/05/23 09:41:26.0364 6844 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/23 09:41:26.0391 6844 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/23 09:41:26.0413 6844 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/23 09:41:26.0472 6844 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/23 09:41:26.0543 6844 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/23 09:41:26.0585 6844 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/23 09:41:26.0612 6844 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/23 09:41:26.0707 6844 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/23 09:41:26.0790 6844 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/23 09:41:26.0849 6844 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/23 09:41:26.0899 6844 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/23 09:41:26.0922 6844 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/23 09:41:26.0988 6844 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/23 09:41:27.0043 6844 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/23 09:41:27.0270 6844 TSHWMDTCP (b56368b25a51cebda77e6b20764f07f2) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
2011/05/23 09:41:27.0523 6844 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/23 09:41:27.0601 6844 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/23 09:41:27.0678 6844 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/23 09:41:27.0780 6844 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/23 09:41:27.0841 6844 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/23 09:41:27.0906 6844 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/23 09:41:27.0936 6844 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/05/23 09:41:27.0974 6844 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/23 09:41:28.0006 6844 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/23 09:41:28.0047 6844 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/23 09:41:28.0091 6844 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/23 09:41:28.0158 6844 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/23 09:41:28.0243 6844 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/05/23 09:41:28.0319 6844 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/23 09:41:28.0360 6844 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/23 09:41:28.0416 6844 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/23 09:41:28.0538 6844 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/23 09:41:28.0623 6844 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/23 09:41:28.0694 6844 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/23 09:41:28.0785 6844 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/23 09:41:28.0825 6844 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/23 09:41:28.0869 6844 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/23 09:41:28.0917 6844 VClone (803ac4624272c94198f2e12559eec806) C:\Windows\system32\DRIVERS\VClone.sys
2011/05/23 09:41:28.0985 6844 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/23 09:41:29.0036 6844 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/23 09:41:29.0082 6844 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/05/23 09:41:29.0110 6844 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/05/23 09:41:29.0149 6844 viaide (7aa7ec9a08dc2c39649c413b1a26e298) C:\Windows\system32\drivers\viaide.sys
2011/05/23 09:41:29.0190 6844 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/23 09:41:29.0251 6844 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/23 09:41:29.0311 6844 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/23 09:41:29.0367 6844 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/05/23 09:41:29.0440 6844 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/23 09:41:29.0514 6844 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/23 09:41:29.0538 6844 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/23 09:41:29.0600 6844 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/05/23 09:41:29.0669 6844 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/23 09:41:29.0812 6844 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/23 09:41:29.0917 6844 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/23 09:41:29.0970 6844 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/23 09:41:30.0039 6844 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/23 09:41:30.0095 6844 X10Hid (ab2d77bf7222b007717abb61b15f9ae2) C:\Windows\system32\Drivers\x10hid.sys
2011/05/23 09:41:30.0213 6844 XUIF (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys
2011/05/23 09:41:30.0277 6844 \HardDisk2 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/23 09:41:30.0794 6844 ================================================================================
2011/05/23 09:41:30.0794 6844 Scan finished
2011/05/23 09:41:30.0794 6844 ================================================================================
2011/05/23 09:41:30.0808 2164 Detected object count: 1
2011/05/23 09:42:06.0095 2164 \HardDisk2 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/23 09:42:06.0095 2164 \HardDisk2 - ok
2011/05/23 09:42:06.0096 2164 Rootkit.Win32.TDSS.tdl4(\HardDisk2) - User select action: Cure
2011/05/23 09:42:38.0292 1464 Deinitialize success



aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-23 09:50:48
-----------------------------
09:50:48.888 OS Version: Windows 6.0.6002 Service Pack 2
09:50:48.888 Number of processors: 4 586 0xF0B
09:50:48.888 ComputerName: STEPHENLOO-PC UserName: StephenLouise
09:51:02.533 Initialize success
09:52:04.293 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:52:04.293 Disk 0 Vendor: ST350083 3.AA Size: 476940MB BusType: 3
09:52:04.298 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
09:52:04.298 Disk 1 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
09:52:04.313 Disk 0 MBR read successfully
09:52:04.313 Disk 0 MBR scan
09:52:04.318 Disk 0 unknown MBR code
09:52:04.323 Disk 0 scanning sectors +976768065
09:52:04.348 Disk 0 scanning C:\Windows\system32\drivers
09:52:10.003 Service scanning
09:52:11.278 Disk 0 trace - called modules:
09:52:11.293 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:52:11.298 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87143ac8]
09:52:11.303 3 CLASSPNP.SYS[8abae8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85dc9030]
09:52:11.308 Scan finished successfully
09:52:36.018 Disk 0 MBR has been saved successfully to "C:\Users\StephenLouise\Desktop\MBR.dat"
09:52:36.023 The log file has been saved successfully to "C:\Users\StephenLouise\Desktop\aswMBR.txt"



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:55:05, on 23/05/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Radio Downloader\Radio Downloader.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.digitalspy.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TVEService] "C:\Program Files\HomeCinema\TV Enhance\TVEService.exe"
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup
O4 - HKLM\..\Run: [ALDI Photo Service] "C:\Program Files\ALDI Photo Service\ALDI_Photo_Service\FotoSuite.exe" /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Radio Downloader] "C:\Program Files\Radio Downloader\Radio Downloader.exe" /hidemainwindow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo RX585 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLE.EXE /FU "C:\Users\STEPHE~1\AppData\Local\Temp\E_S36F9.tmp" /EF "HKCU"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30618; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.habbo.co.uk/shockwave_client"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3611137919-3730576838-3489630763-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3611137919-3730576838-3489630763-1001\..\RunOnce: [spchecker] "C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe" (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {678940D3-080C-4FCE-A54D-D443E1177F01} - https://www.coolroom.com/ActiveX/ax.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 15578 bytes
How do!

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:01 AM

Posted 23 May 2011 - 03:46 PM

Hello,

Your logs look pretty good. We have some leftovers and some other stuff we will fix this round. Let's also scan with a couple other scanners to make sure nothing else is hiding.


1.




Go to Start > My Computer
Go to Tools > Folder Options
Click on the View tab
Untick the following:
  • Hide extensions for known file types
  • Hide protected operating system files (Recommended)
You will get a message warning you about showing protected operating system files, click Yes
Make sure this option is selected:
  • Show hidden files and folders
Click Apply and then click OK

Go to Start > Control Panel > Add or Remove Programs.

Remove the following programs, if they are present.
  • Java™ 6 Update 23
  • Java™ 6 Update 5
  • Java™ 6 Update 7
If you are unsure of how to use Add or Remove Programs, the please see this tutorial:
How To Remove An Installed Program From Your Computer

Run HijackThis.
Click on Do a system scan only.
Place a checkmark next to these lines (if still present).

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O16 - DPF: {678940D3-080C-4FCE-A54D-D443E1177F01} - https://www.coolroom.com/ActiveX/ax.dll


Then close all windows except HijackThis and click Fix Checked.

Restart

2.
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u25-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


3.
Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:
  • Download the latest version of Adobe Reader Version X and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • Once the installation is finished, go here: Adobe Update Page and scroll down to UPDATES/PROGRAMS. From there download: Adobe Reader 9.3.2 update - multiple languages and save it to your desktop.
  • Double-click the file AdbeRdrUpd932_all_incr.msp on your desktop to start installing the update and follow the prompts.
  • Once the update is done click Exit.
Your Adobe Reader is now up to date!

4.
Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

5.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


Finally, please post a new HijackThis log, MBAM log, Eset log, and a description of any remaining problems.

Edited by fireman4it, 23 May 2011 - 03:48 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 MaccaUK

MaccaUK
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:01 AM

Posted 24 May 2011 - 05:08 PM

Hi again,

Thanks for the latest reply, i've gone through those steps and here's how i've got on.


Step 1.

I managed to successfully change the "hidden files types/system files/folders" options to how you said.

I carefully followed all the steps to remove the "Java 6 Update's 5, 7 & 23" but i get an error message
which is "removal failed due to Internal Error 2753. RegUtils" So they still remain unfortunately.

I followed your instructions about HijackThis and managed to remove the first four commands but these
three commands will not go away even after trying the process a few times..

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O16 - DPF: {678940D3-080C-4FCE-A54D-D443E1177F01} - https://www.coolroom.com/ActiveX/ax.dll


Step 2.

I managed to install "Java Runtime Environment (JRE) Version 6" which i've noticed has now updated to
"Java™ 6 Update 25" in the Add or Remove Programs section but Update's 5 & 7 still remain. They are
being very stubborn and don't seem to want to uninstall.


Step 3.

I've installed "Adobe Reader X (10.0.1)" to my PC but there's two things it's not allowing me to do.
Once again i'm having problems uninstalling an older version, in this case "Adobe Reader 8.1.2" which
i get this error coming up when i try "Internal Error 2753. Updater.api_NON_OPT"

Secondly i'm also having a problem with this part of your instructions:

Once the installation is finished, go here: Adobe Update Page and scroll down to UPDATES/PROGRAMS. From
there download: Adobe Reader 9.3.2 update - multiple languages and save it to your desktop.
Double-click the file AdbeRdrUpd932_all_incr.msp on your desktop to start installing the update and follow
the prompts.

When i find that file and attempt to run it from desktop i get a long message saying "The upgrade patch
cannot be installed by the Windows Installer because the program to be upgraded may be missing, or the
upgrade patch may update a different version of the program. Verify that the program to be upgraded
exists on your computer and that you have the correct upgrade patch."


Step 4.

MBAM.log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6663

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

24/05/2011 15:06:24
mbam-log-2011-05-24 (15-06-24).txt

Scan type: Quick scan
Objects scanned: 188556
Time elapsed: 5 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\lcq.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\installler.exe (Trojan.Banker) -> Quarantined and deleted successfully.


Step 5.

ESET OnlineScan Results.

C:\Program Files\Backup\Programs\DVD Programs\ConvertXToDVD v3.0.0.16.zip a variant of Win32/Keygen.AS application deleted - quarantined
C:\Program Files\Backup\Programs\DVD Programs\Sonic RecordNOW Deluxe v7.3 full version.zip a variant of Win32/Keygen.AQ application deleted - quarantined
C:\Program Files\Backup\Programs\Others\VSO ConvertXtoDVD 3.5.1.135+keygen.zip a variant of Win32/Keygen.AS application deleted - quarantined
C:\Program Files\Backup\Programs\Security\Hackers_toolkit_2005.zip multiple threats deleted - quarantined
C:\Program Files\Backup\Programs\Security\setuppestpatrol.zip probably unknown NewHeur_PE virus deleted - quarantined
C:\Program Files\Backup\Programs\Security\Webroot.Spy.Sweeper.v4.0.3.402.RETAiL[www.ToroBT.Com.Ar].rar a variant of Win32/HackTool.Patcher.A application deleted - quarantined
C:\Program Files\SightSpeed\images\AskToolbarInstaller.exe a variant of Win32/AdInstaller application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\43be0f2c-6c2223f6 Java/TrojanDownloader.OpenStream.NCA trojan deleted - quarantined



Plus finally here is a new HijackThis.log as requested.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:55:05, on 23/05/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Radio Downloader\Radio Downloader.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.digitalspy.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TVEService] "C:\Program Files\HomeCinema\TV Enhance\TVEService.exe"
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup
O4 - HKLM\..\Run: [ALDI Photo Service] "C:\Program Files\ALDI Photo Service\ALDI_Photo_Service\FotoSuite.exe" /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Radio Downloader] "C:\Program Files\Radio Downloader\Radio Downloader.exe" /hidemainwindow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo RX585 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLE.EXE /FU "C:\Users\STEPHE~1\AppData\Local\Temp\E_S36F9.tmp" /EF "HKCU"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30618; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.habbo.co.uk/shockwave_client"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3611137919-3730576838-3489630763-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3611137919-3730576838-3489630763-1001\..\RunOnce: [spchecker] "C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe" (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {678940D3-080C-4FCE-A54D-D443E1177F01} - https://www.coolroom.com/ActiveX/ax.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 15578 bytes


In general my PC is running well currently and the only main issues i can think of are the problems i seem to be having
at uninstalling old files/programs. Plus the three lines that wouldn't go away on "HijakThis" after i tried to fix them.
As you'll see they're still there on the above log.


Kind Regards

MaccaUK :thumbup2:
How do!

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:01 AM

Posted 24 May 2011 - 06:56 PM

Hello,


Try this for uninstalling those older versions of Java.

1.
Download and Run JavaRA

Please download JavaRa and save the file to your desktop.
  • Right click and Extract All and a new folder called "JavaRa" will be extracted
  • Once extracted, open that folder and run JavaRa.exe with the picture.
  • Select your Language which is probably English
  • Click Search For Updates
  • Select Update Using jucheck.exe
  • Click Search
  • If a newer version is found, allow it to be installed
  • Uncheck the Google Toolbar option. (if you don't want the Google tool bar)
  • When complete, click Remove Older Versions in the JavaRa interface and allow it to proceed
  • When that is complete, click Additional Tasks, then select Remove Useless JRE Files and click Go
  • It will now begin to remove older versions. Please be paitent while it does the removal process.
  • Exit the tool when complete.
Reboot Your Computer Now.


2.
  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 MaccaUK

MaccaUK
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:01 AM

Posted 24 May 2011 - 07:55 PM

Hiya

Thanks for getting back to me again :)

I did step 1 and it gave the messages on screen saying everything has worked with deleting the older versions of Java.
Strangely they are still showing in the "add/remove programs" section of my PC but as i say the program definitely said
the procedure worked and it all seemed to go smoothly.


Also here's the OTL text's.


OTL logfile created on: 25/05/2011 01:33:04 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\StephenLouise\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 51.87% Memory free
7.40 Gb Paging File | 5.84 Gb Available in Paging File | 78.90% Paging File free
Paging file location(s): c:\pagefile.sys 4603 5603 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445.76 Gb Total Space | 352.22 Gb Free Space | 79.02% Space Free | Partition Type: NTFS
Drive D: | 19.99 Gb Total Space | 11.18 Gb Free Space | 55.93% Space Free | Partition Type: FAT32
Drive J: | 931.28 Gb Total Space | 0.35 Gb Free Space | 0.04% Space Free | Partition Type: FAT32
Drive K: | 1863.01 Gb Total Space | 52.36 Gb Free Space | 2.81% Space Free | Partition Type: NTFS
Drive L: | 931.51 Gb Total Space | 415.36 Gb Free Space | 44.59% Space Free | Partition Type: NTFS

Computer Name: STEPHENLOO-PC | User Name: StephenLouise | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/25 01:31:36 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\StephenLouise\Desktop\OTL.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/04/14 00:20:51 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10o_ActiveX.exe
PRC - [2011/04/10 12:24:18 | 000,506,792 | ---- | M] (www.nerdoftheherd.com) -- C:\Program Files\Radio Downloader\Radio Downloader.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2009/11/10 11:28:36 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/07 16:43:36 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/11/07 16:39:36 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/05/26 16:20:50 | 000,585,728 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
PRC - [2008/05/26 16:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
PRC - [2008/03/19 20:25:59 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2008/02/27 17:56:54 | 001,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
PRC - [2007/11/14 16:50:42 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/10/19 18:42:38 | 000,290,909 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
PRC - [2007/10/19 18:42:38 | 000,114,779 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
PRC - [2007/10/19 18:42:02 | 000,155,648 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
PRC - [2007/10/15 10:15:08 | 001,410,344 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/10/15 10:14:48 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007/10/08 15:19:22 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/08 15:19:20 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/06/27 11:18:40 | 000,215,256 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
PRC - [2007/06/27 11:18:20 | 000,293,080 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
PRC - [2007/06/27 11:18:08 | 000,223,448 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
PRC - [2007/06/27 11:17:26 | 000,272,600 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe
PRC - [2007/06/27 11:17:12 | 000,446,680 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
PRC - [2007/06/27 11:16:02 | 000,157,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
PRC - [2007/06/27 11:15:14 | 000,059,096 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
PRC - [2007/06/27 11:14:46 | 000,317,656 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
PRC - [2007/06/27 11:14:40 | 000,439,512 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
PRC - [2007/06/27 11:13:56 | 000,268,504 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
PRC - [2007/02/12 12:46:34 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2006/08/14 02:07:00 | 000,102,400 | ---- | M] () -- C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
PRC - [2006/08/10 13:10:14 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/08/10 12:38:54 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/07/31 10:00:00 | 001,116,920 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2001/11/12 04:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe


========== Modules (SafeList) ==========

MOD - [2011/05/25 01:31:36 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\StephenLouise\Desktop\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2008/11/07 16:40:52 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/05/26 16:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)
SRV - [2008/03/19 20:25:59 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/10/19 18:42:38 | 000,290,909 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS)
SRV - [2007/10/19 18:42:38 | 000,114,779 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS))
SRV - [2007/10/08 15:19:22 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/06/27 11:18:08 | 000,223,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2007/06/27 11:17:26 | 000,272,600 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe -- (QualityManager) Intel®
SRV - [2007/06/27 11:17:12 | 000,446,680 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2007/06/27 11:16:02 | 000,157,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2007/06/27 11:15:28 | 000,039,640 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE) Intel®
SRV - [2007/06/27 11:15:14 | 000,059,096 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2007/06/27 11:14:46 | 000,317,656 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore) Intel®
SRV - [2007/06/27 11:13:56 | 000,268,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2007/02/12 12:46:34 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/08/10 05:11:14 | 000,057,344 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2006/08/10 05:10:50 | 000,294,912 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2001/11/12 04:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009/02/03 14:54:52 | 000,003,768 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SndTVideo.sys -- (SndTVideo)
DRV - [2009/02/03 14:54:48 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2008/09/26 09:53:00 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/09/26 09:52:00 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/05/26 16:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2008/03/19 17:02:37 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/01/08 09:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007/12/14 04:28:00 | 008,244,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/11/08 17:36:25 | 000,005,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/09/21 01:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007/06/27 11:17:46 | 000,014,552 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2007/06/19 02:37:58 | 000,229,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/04/11 15:33:14 | 000,028,688 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/04/11 15:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 15:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 15:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/04/03 13:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
DRV - [2007/04/03 13:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116obex.sys -- (s116obex)
DRV - [2007/04/03 13:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)
DRV - [2007/04/03 13:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 13:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007/04/03 13:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007/04/03 13:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2007/02/18 21:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2007/02/16 01:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2006/11/30 06:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006/11/17 01:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/08/09 05:30:42 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006/08/08 10:18:50 | 000,009,432 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/08 10:18:28 | 000,035,128 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/08 10:18:26 | 000,097,880 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/08 10:18:26 | 000,094,680 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/08 10:18:24 | 000,026,136 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/08 10:18:22 | 000,032,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/08 10:18:20 | 000,104,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/08 10:18:20 | 000,014,552 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/01 21:06:20 | 000,012,952 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/01 21:06:18 | 000,028,216 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2004/04/16 14:57:58 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.digitalspy.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/22 01:51:31 | 000,000,000 | ---D | M]

[2009/04/14 13:20:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\StephenLouise\AppData\Roaming\Mozilla\Extensions
[2009/04/14 13:20:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\StephenLouise\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ALDI Photo Service] C:\Program Files\ALDI Photo Service\ALDI_Photo_Service\FotoSuite.exe (MAGIX AG)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Roxio\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Sonic Solutions)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [EPSON Stylus Photo RX585 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICLE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [Radio Downloader] C:\Program Files\Radio Downloader\Radio Downloader.exe (www.nerdoftheherd.com)
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {678940D3-080C-4FCE-A54D-D443E1177F01} https://www.coolroom.com/ActiveX/ax.dll (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\StephenLouise\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\StephenLouise\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{cbe913a4-d510-11de-8a09-001d92296088}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe
O33 - MountPoints2\{f7bc85a1-79b4-11dd-abaf-001d92296088}\Shell - "" = AutoRun
O33 - MountPoints2\{f7bc85a1-79b4-11dd-abaf-001d92296088}\Shell\AutoRun\command - "" = J:\DPFMate.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/05/25 01:31:33 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\StephenLouise\Desktop\OTL.exe
[2011/05/25 01:03:16 | 000,400,384 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\StephenLouise\Desktop\JavaRa.exe
[2011/05/24 23:46:55 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{3E5E0C92-AC44-4717-9089-3F06E1517555}
[2011/05/24 15:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/24 14:57:57 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Roaming\Malwarebytes
[2011/05/24 14:57:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/24 14:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/24 14:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/24 14:57:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/24 14:57:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/24 14:56:44 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\StephenLouise\Desktop\mbam-setup.exe
[2011/05/24 14:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/05/24 10:52:07 | 003,063,136 | ---- | C] (Piriform Ltd) -- C:\Users\StephenLouise\Desktop\ccsetup306.exe
[2011/05/23 22:53:59 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{B8081BE6-4A14-4BDF-A91E-970402AC84AD}
[2011/05/23 09:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/05/23 09:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/23 09:53:54 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\StephenLouise\Desktop\HJTInstall.exe
[2011/05/23 09:50:38 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\StephenLouise\Desktop\aswMBR.exe
[2011/05/23 09:39:58 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\StephenLouise\Desktop\tdsskiller.exe
[2011/05/22 23:30:30 | 000,606,738 | ---- | C] (Swearware) -- C:\Users\StephenLouise\Desktop\dds.pif
[2011/05/22 14:44:30 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{3CF01CED-6E29-4010-A126-ADCCB6A8E377}
[2011/05/22 10:27:23 | 000,606,738 | R--- | C] (Swearware) -- C:\Users\StephenLouise\Desktop\dds.scr
[2011/05/22 03:00:41 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/05/22 01:52:25 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Roaming\AVG10
[2011/05/22 01:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/05/22 01:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/05/22 01:51:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/05/22 01:23:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/05/22 01:23:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/05/21 15:31:26 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{9170A321-D9A0-4AC4-9087-3FBE20FDDC00}
[2011/05/21 15:30:28 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{BBFD3B51-86DE-41C0-BF5B-6FE32E5CBA85}
[2011/05/18 00:40:48 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{E317EA47-9B1E-45B6-AB42-0CE0CA3F9A73}
[2011/05/16 16:03:05 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{C2CDBC52-70B9-451E-BC0E-8A3996D27EFF}
[2011/05/15 23:05:54 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{7BE27D35-2131-4556-BBB8-B1900EF6632F}
[2011/05/14 23:05:52 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{90754768-6612-4C88-8E43-3679AD0DF23E}
[2011/05/14 13:42:50 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{22299146-9E59-4341-947B-1FA46FA283E0}
[2011/05/14 12:00:18 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{FC3A1553-3168-41D4-95EF-3E29C230EA22}
[2011/05/13 13:50:53 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{4DBC773A-3266-4F23-8A34-8157FA023039}
[2011/05/12 22:49:46 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{DABFEA44-4A36-4DB6-A9C2-8420188463DA}
[2011/05/11 13:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/05/10 00:16:48 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\Documents\Project 2
[2011/05/10 00:16:20 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\Documents\Project 1
[2011/05/04 00:06:12 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/05/04 00:00:05 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\Windows Live
[2011/05/03 23:56:52 | 000,000,000 | ---D | C] -- C:\Program Files\Radio Downloader
[2011/05/01 10:08:38 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/05/01 10:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/05/01 09:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/05/01 00:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/04/30 21:26:10 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2008/04/09 10:31:47 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\StephenLouise\AppData\Roaming\pcouffin.sys
[2006/07/11 15:29:00 | 000,028,672 | R--- | C] ( ) -- C:\Windows\System32\DivXGraphBuilderCallback.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/25 01:32:49 | 000,647,164 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/25 01:32:49 | 000,124,162 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/25 01:31:36 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\StephenLouise\Desktop\OTL.exe
[2011/05/25 01:26:39 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/25 01:26:39 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/25 01:26:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/25 01:03:47 | 000,211,968 | ---- | M] () -- C:\Users\StephenLouise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/25 01:02:59 | 000,159,772 | ---- | M] () -- C:\Users\StephenLouise\Desktop\JavaRa.zip
[2011/05/24 23:52:04 | 115,877,052 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/05/24 19:42:09 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{45E8EFFC-A075-4B54-9F98-CB7F7EA8A6F9}.job
[2011/05/24 14:57:32 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/24 14:56:58 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\StephenLouise\Desktop\mbam-setup.exe
[2011/05/24 14:45:05 | 011,850,240 | ---- | M] () -- C:\Users\StephenLouise\Desktop\AdbeRdrUpd932_all_incr.msp
[2011/05/24 14:40:32 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/05/24 14:35:44 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/05/24 10:52:10 | 003,063,136 | ---- | M] (Piriform Ltd) -- C:\Users\StephenLouise\Desktop\ccsetup306.exe
[2011/05/23 09:54:39 | 000,001,838 | ---- | M] () -- C:\Users\StephenLouise\Desktop\HijackThis.lnk
[2011/05/23 09:53:54 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\StephenLouise\Desktop\HJTInstall.exe
[2011/05/23 09:52:36 | 000,000,512 | ---- | M] () -- C:\Users\StephenLouise\Desktop\MBR.dat
[2011/05/23 09:50:39 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\StephenLouise\Desktop\aswMBR.exe
[2011/05/23 09:40:01 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\StephenLouise\Desktop\tdsskiller.exe
[2011/05/23 00:20:00 | 456,071,076 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/22 23:30:32 | 000,606,738 | ---- | M] (Swearware) -- C:\Users\StephenLouise\Desktop\dds.pif
[2011/05/22 10:27:25 | 000,606,738 | R--- | M] (Swearware) -- C:\Users\StephenLouise\Desktop\dds.scr
[2011/05/22 10:15:23 | 000,050,477 | ---- | M] () -- C:\Users\StephenLouise\Desktop\Defogger.exe
[2011/05/22 10:11:53 | 000,133,632 | ---- | M] () -- C:\Users\StephenLouise\Desktop\RKUnhookerLE.EXE
[2011/05/22 01:51:33 | 000,000,794 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/05/22 00:24:25 | 000,017,480 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/05/19 15:22:30 | 000,009,754 | ---- | M] () -- C:\Users\StephenLouise\Documents\cc_20110519_152220.reg
[2011/05/19 15:16:16 | 000,009,892 | -HS- | M] () -- C:\Users\StephenLouise\AppData\Local\iw4f2nro4o5h56a4154co8c4h1a7nynovk8pwe5apm
[2011/05/19 15:16:16 | 000,009,892 | -HS- | M] () -- C:\ProgramData\iw4f2nro4o5h56a4154co8c4h1a7nynovk8pwe5apm
[2011/05/18 01:01:52 | 002,416,776 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/05/17 17:47:35 | 032,722,096 | ---- | M] () -- C:\Users\StephenLouise\AppData\Local\rx_image.Cache
[2011/05/15 18:12:08 | 000,309,228 | ---- | M] () -- C:\Users\StephenLouise\Desktop\JavaRa.def
[2011/05/04 22:50:18 | 000,397,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/01 15:40:30 | 000,000,663 | ---- | M] () -- C:\Users\StephenLouise\AppData\Roaming\vso_ts_preview.xml
[2011/05/01 10:29:05 | 000,001,764 | ---- | M] () -- C:\Users\StephenLouise\Documents\cc_20110501_102903.reg
[2011/05/01 10:08:38 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/05/01 10:01:20 | 000,007,326 | ---- | M] () -- C:\Users\StephenLouise\Documents\cc_20110501_100115.reg
[2011/05/01 10:00:37 | 000,009,772 | -HS- | M] () -- C:\Users\StephenLouise\AppData\Local\700502fbyq2c0rj772152m74l1fn65xgbxes855k
[2011/05/01 10:00:37 | 000,009,772 | -HS- | M] () -- C:\ProgramData\700502fbyq2c0rj772152m74l1fn65xgbxes855k
[2011/05/01 09:54:48 | 000,009,652 | -HS- | M] () -- C:\ProgramData\3794764315
[2011/05/01 09:51:01 | 000,002,082 | ---- | M] () -- C:\Windows\System32\.crusader
[2011/05/01 09:26:34 | 000,009,748 | -HS- | M] () -- C:\ProgramData\ud7dgu6005g7krd6uol04dj75062426n7ioi5l5301
[2011/05/01 00:49:22 | 000,452,792 | ---- | M] () -- C:\Users\StephenLouise\Documents\cc_20110501_004857.reg
[2011/04/30 23:34:31 | 000,009,956 | -HS- | M] () -- C:\ProgramData\385356780
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/25 01:03:16 | 000,309,228 | ---- | C] () -- C:\Users\StephenLouise\Desktop\JavaRa.def
[2011/05/25 01:03:16 | 000,003,127 | ---- | C] () -- C:\Users\StephenLouise\Desktop\Nederlands.lng
[2011/05/25 01:03:16 | 000,003,027 | ---- | C] () -- C:\Users\StephenLouise\Desktop\Franšais.lng
[2011/05/25 01:03:16 | 000,002,946 | ---- | C] () -- C:\Users\StephenLouise\Desktop\Espa˝ol.lng
[2011/05/25 01:03:16 | 000,002,920 | ---- | C] () -- C:\Users\StephenLouise\Desktop\Italiano.lng
[2011/05/25 01:03:16 | 000,002,699 | ---- | C] () -- C:\Users\StephenLouise\Desktop\Deutsch.lng
[2011/05/25 01:03:16 | 000,002,553 | ---- | C] () -- C:\Users\StephenLouise\Desktop\Suomi.lng
[2011/05/25 01:02:58 | 000,159,772 | ---- | C] () -- C:\Users\StephenLouise\Desktop\JavaRa.zip
[2011/05/24 23:52:04 | 115,877,052 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/05/24 14:57:32 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/24 14:39:23 | 011,850,240 | ---- | C] () -- C:\Users\StephenLouise\Desktop\AdbeRdrUpd932_all_incr.msp
[2011/05/24 14:35:44 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011/05/24 14:35:44 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/05/24 14:32:59 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/24 14:32:59 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/05/23 09:54:39 | 000,001,838 | ---- | C] () -- C:\Users\StephenLouise\Desktop\HijackThis.lnk
[2011/05/23 09:52:36 | 000,000,512 | ---- | C] () -- C:\Users\StephenLouise\Desktop\MBR.dat
[2011/05/22 18:20:22 | 000,000,408 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{45E8EFFC-A075-4B54-9F98-CB7F7EA8A6F9}.job
[2011/05/22 10:15:22 | 000,050,477 | ---- | C] () -- C:\Users\StephenLouise\Desktop\Defogger.exe
[2011/05/22 10:11:52 | 000,133,632 | ---- | C] () -- C:\Users\StephenLouise\Desktop\RKUnhookerLE.EXE
[2011/05/22 01:51:33 | 000,000,794 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/05/20 15:40:20 | 456,071,076 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/19 15:22:22 | 000,009,754 | ---- | C] () -- C:\Users\StephenLouise\Documents\cc_20110519_152220.reg
[2011/05/19 15:00:19 | 000,009,892 | -HS- | C] () -- C:\Users\StephenLouise\AppData\Local\iw4f2nro4o5h56a4154co8c4h1a7nynovk8pwe5apm
[2011/05/19 15:00:19 | 000,009,892 | -HS- | C] () -- C:\ProgramData\iw4f2nro4o5h56a4154co8c4h1a7nynovk8pwe5apm
[2011/05/18 01:11:21 | 000,000,913 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/05/11 13:41:24 | 002,416,776 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/05/04 00:05:42 | 000,001,078 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/05/04 00:05:27 | 000,001,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/05/04 00:05:02 | 000,000,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/05/04 00:04:23 | 000,001,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/05/01 10:29:04 | 000,001,764 | ---- | C] () -- C:\Users\StephenLouise\Documents\cc_20110501_102903.reg
[2011/05/01 10:01:18 | 000,007,326 | ---- | C] () -- C:\Users\StephenLouise\Documents\cc_20110501_100115.reg
[2011/05/01 09:54:48 | 000,009,772 | -HS- | C] () -- C:\Users\StephenLouise\AppData\Local\700502fbyq2c0rj772152m74l1fn65xgbxes855k
[2011/05/01 09:54:48 | 000,009,652 | -HS- | C] () -- C:\ProgramData\3794764315
[2011/05/01 09:51:01 | 000,002,082 | ---- | C] () -- C:\Windows\System32\.crusader
[2011/05/01 09:37:21 | 000,017,480 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/05/01 00:49:04 | 000,452,792 | ---- | C] () -- C:\Users\StephenLouise\Documents\cc_20110501_004857.reg
[2011/04/30 23:34:31 | 000,009,772 | -HS- | C] () -- C:\ProgramData\700502fbyq2c0rj772152m74l1fn65xgbxes855k
[2011/04/30 21:26:49 | 000,009,956 | -HS- | C] () -- C:\ProgramData\385356780
[2011/04/30 21:26:25 | 000,009,748 | -HS- | C] () -- C:\ProgramData\ud7dgu6005g7krd6uol04dj75062426n7ioi5l5301
[2010/08/14 22:53:17 | 000,000,760 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\setup_ldm.iss
[2009/11/10 11:35:28 | 000,000,048 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/09/17 02:15:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/17 02:15:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/03 15:27:09 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009/06/03 15:26:58 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009/03/31 16:43:24 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009/03/31 16:43:24 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009/03/31 16:43:24 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009/03/31 16:38:42 | 000,000,027 | ---- | C] () -- C:\Windows\CDE RX585DEFGIPS.ini
[2009/02/09 03:36:20 | 000,001,008 | ---- | C] () -- C:\Windows\AZPR3.INI
[2008/12/24 14:29:30 | 000,974,848 | ---- | C] () -- C:\Windows\vorbis.dll
[2008/12/24 14:29:30 | 000,049,152 | ---- | C] () -- C:\Windows\ogg.dll
[2008/12/24 14:29:30 | 000,028,672 | ---- | C] () -- C:\Windows\vorbisfile.dll
[2008/08/10 23:36:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/04 18:22:56 | 000,000,567 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\AutoGK.ini
[2008/08/04 17:36:25 | 000,043,698 | ---- | C] () -- C:\Windows\System32\xvid-uninstall.exe
[2008/05/28 21:00:23 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/05/28 20:59:45 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/05/22 23:54:24 | 000,080,104 | ---- | C] () -- C:\Users\StephenLouise\AppData\Local\rx_audio.Cache
[2008/04/25 14:56:49 | 000,000,751 | ---- | C] () -- C:\Windows\Ulead32.ini
[2008/04/25 14:56:49 | 000,000,028 | ---- | C] () -- C:\Windows\Msdevctl.ini
[2008/04/24 12:09:35 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008/04/09 10:34:55 | 000,000,663 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\vso_ts_preview.xml
[2008/04/09 10:31:47 | 000,087,608 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\inst.exe
[2008/04/09 10:31:47 | 000,007,887 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\pcouffin.cat
[2008/04/09 10:31:47 | 000,001,144 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\pcouffin.inf
[2008/04/08 19:21:04 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/04/03 12:25:27 | 000,033,533 | ---- | C] () -- C:\Windows\System32\CoreVorbis-uninstall.exe
[2008/04/03 12:25:21 | 000,036,734 | ---- | C] () -- C:\Windows\System32\OggDSuninst.exe
[2008/04/03 12:25:03 | 000,040,960 | ---- | C] () -- C:\Windows\System32\MMAVILNG.exe
[2008/04/03 12:23:31 | 000,011,270 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/04/03 12:23:31 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\689F9E7409.sys
[2008/03/18 19:03:59 | 032,722,096 | ---- | C] () -- C:\Users\StephenLouise\AppData\Local\rx_image.Cache
[2008/03/18 18:49:13 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2008/03/18 18:49:13 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2008/03/18 02:18:31 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/03/18 02:18:31 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/03/18 02:18:31 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/03/18 02:18:31 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/03/18 02:18:31 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/03/18 02:18:31 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/03/18 02:18:31 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/03/18 02:18:31 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/03/18 02:18:31 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/03/18 02:18:31 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/03/18 02:18:31 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/03/18 02:18:31 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/03/18 02:18:31 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/03/18 02:18:31 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/03/18 02:18:31 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/03/18 02:18:31 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/03/14 14:06:34 | 000,007,592 | ---- | C] () -- C:\Users\StephenLouise\AppData\Local\d3d9caps.dat
[2008/03/14 03:28:12 | 000,026,340 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\UserTile.png
[2008/03/14 02:57:22 | 000,000,000 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\wklnhst.dat
[2008/03/14 02:34:54 | 000,000,092 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\Default.PLS
[2008/03/14 01:01:37 | 000,211,968 | ---- | C] () -- C:\Users\StephenLouise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/21 03:05:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/02/21 03:03:24 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/02/07 14:07:42 | 000,009,824 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2007/11/08 16:39:13 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/10/08 06:58:42 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2006/12/30 18:48:38 | 000,000,491 | ---- | C] () -- C:\Windows\powermp3cutterjoiner.ini
[2006/12/11 19:24:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,397,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,647,164 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,124,162 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/16 13:47:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/08/09 05:19:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/08/09 05:19:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/08/09 02:00:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\besch.exe
[2006/08/09 02:00:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\besched.dll
[2006/06/23 11:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2005/11/05 20:34:50 | 000,145,408 | ---- | C] () -- C:\Windows\System32\Lame.exe
[2005/07/15 19:35:56 | 000,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2005/07/15 19:35:56 | 000,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2004/12/12 19:41:12 | 000,000,463 | ---- | C] () -- C:\Windows\Windir.ini
[2004/09/01 16:49:17 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
[2003/10/02 02:00:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lockout.dll
[2003/10/02 02:00:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\lockres.dll
[2003/08/07 14:01:52 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2002/10/15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2002/10/06 19:42:57 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2002/10/05 00:04:25 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2002/10/05 00:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2002/10/05 00:04:17 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[1995/10/21 10:37:52 | 000,035,328 | ---- | C] () -- C:\Windows\INETWH32.DLL

========== LOP Check ==========

[2011/05/22 01:52:25 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\AVG10
[2011/05/01 00:46:18 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Azureus
[2008/04/15 21:21:48 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Broderbund
[2010/09/06 02:06:57 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/04/01 10:52:36 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\EPSON
[2010/12/13 02:25:32 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\FLV Extract
[2011/05/22 02:16:12 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\GrabIt
[2008/03/21 14:19:42 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Jasc
[2008/03/14 23:43:21 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Leadertech
[2009/12/31 14:53:13 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\LimeWire
[2008/03/19 20:26:05 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Netscape
[2009/04/26 00:06:15 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Nokia
[2009/04/26 00:06:10 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\PC Suite
[2008/03/18 01:08:57 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\PeerNetworking
[2008/03/19 20:25:24 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Photodex
[2009/12/09 23:31:46 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Sports Interactive
[2008/03/14 02:57:22 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Template
[2008/03/14 01:20:01 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Ulead Systems
[2011/05/25 01:23:50 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\uTorrent
[2008/08/04 17:30:44 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\VideoReDoPlus
[2011/05/01 15:40:31 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Vso
[2009/11/15 03:27:02 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Windows Live Writer
[2011/02/02 03:41:29 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\www.nerdoftheherd.com
[2011/05/25 01:24:44 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/24 19:42:09 | 000,000,408 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{45E8EFFC-A075-4B54-9F98-CB7F7EA8A6F9}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/02/07 18:19:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\atapi.sys
[2008/02/07 18:19:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\atapi.sys
[2008/01/19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/04/17 11:11:10 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\drivers\atapi.sys
[2007/04/17 11:11:10 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2007/04/17 11:11:10 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
[2008/02/07 18:19:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_27cad3e5\atapi.sys
[2008/02/07 18:19:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/01/12 23:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll

< MD5 for: IASTOR.SYS >
[2007/07/12 07:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys
[2007/10/08 15:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/10/08 15:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Windows\System32\drivers\iaStor.sys
[2007/10/08 15:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1bb129e3\iaStor.sys
[2007/10/08 15:19:02 | 000,383,000 | ---- | M] (Intel Corporation) MD5=968BCEAD432CD478D0659FC95ED52170 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\VirtualDJ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\StreamTransport:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Sports Interactive:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\SightSpeed Recordings:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Project 2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Project 1:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\PhotosTemp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\PcSetup:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\OneNote Notebooks:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\OJOsoft Corporation:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\NeroVision:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\My Weblog Posts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\My PSP Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\My Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Microsoft Office Docs:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Michael CV:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\MakeDiscVideo:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\LimeWire:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\ICQ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\FIFA 08:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Family Tree Maker:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\DVDVideoSoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\DVDFab:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\DSBOutput:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Downloaded Radio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\digital locker Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\CyberLink:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\ConvertXtoDVD:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Azureus Downloads:Roxio EMC Stream
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >




OTL Extras logfile created on: 25/05/2011 01:33:05 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\StephenLouise\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 51.87% Memory free
7.40 Gb Paging File | 5.84 Gb Available in Paging File | 78.90% Paging File free
Paging file location(s): c:\pagefile.sys 4603 5603 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445.76 Gb Total Space | 352.22 Gb Free Space | 79.02% Space Free | Partition Type: NTFS
Drive D: | 19.99 Gb Total Space | 11.18 Gb Free Space | 55.93% Space Free | Partition Type: FAT32
Drive J: | 931.28 Gb Total Space | 0.35 Gb Free Space | 0.04% Space Free | Partition Type: FAT32
Drive K: | 1863.01 Gb Total Space | 52.36 Gb Free Space | 2.81% Space Free | Partition Type: NTFS
Drive L: | 931.51 Gb Total Space | 415.36 Gb Free Space | 44.59% Space Free | Partition Type: NTFS

Computer Name: STEPHENLOO-PC | User Name: StephenLouise | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [ALDI photobook.exe] -- "C:\Program Files\ALDI\ALDI photobook\ALDI photobook.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Windir] -- "C:\Program Files\Windir\wdir.exe" "%1" (ROZ)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files\PANDORA.TV\Mini\MiniWB.exe" = C:\Program Files\PANDORA.TV\Mini\MiniWB.exe:*:Enabled:MiniWB.exe
"C:\Program Files\PANDORA.TV\Mini\MiniUpdate.exe" = C:\Program Files\PANDORA.TV\Mini\MiniUpdate.exe:*:Enabled:MiniUpdate.exe
"C:\Program Files\PANDORA.TV\Live\Live.exe" = C:\Program Files\PANDORA.TV\Live\Live.exe:*:Enabled:Live.exe
"C:\Program Files\PANDORA.TV\Live\PANDORATVLive.exe" = C:\Program Files\PANDORA.TV\Live\PANDORATVLive.exe:*:Enabled:PANDORATVLive.exe
"C:\Program Files\PANDORA.TV\Video Streamer\VideoStreamer.exe" = C:\Program Files\PANDORA.TV\Video Streamer\VideoStreamer.exe:*:Enabled:VideoStreamer.exe
"C:\Program Files\PANDORA.TV\Video Streamer\VSStream.exe" = C:\Program Files\PANDORA.TV\Video Streamer\VSStream.exe:*:Enabled:VSStream.exe


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0087ACC4-A7AC-463F-820E-BD4D104542DF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{05C9B2C3-DF38-4CF6-AA2B-105C252982F7}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{0600CDD1-8AA2-4554-B961-D79D9E33148E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0DCDDC15-E138-4F15-86E5-246902140041}" = lport=10244 | protocol=6 | dir=in | app=system |
"{0E0996BE-5A44-4519-8569-C6D210B7FA39}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{11C3B46E-8698-480C-925A-0B11B6D6C567}" = rport=10243 | protocol=6 | dir=out | app=system |
"{19EF9FF0-2AB3-4B47-89A4-49F0035AE397}" = lport=10244 | protocol=6 | dir=in | app=system |
"{1DC8022D-BFD9-4615-90C2-B70D37B7F45B}" = lport=138 | protocol=17 | dir=in | app=system |
"{1EE10BF1-C5F9-4BD4-BCFE-29B925CEC29E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{22A1D297-C4EC-432B-91A8-34FC7A1D2576}" = lport=5358 | protocol=6 | dir=in | app=system |
"{2327CE7E-4C68-4AB8-827C-D24C8097A826}" = rport=5358 | protocol=6 | dir=out | app=system |
"{24171A7A-C9E6-441F-82C3-C383BD732ED3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{24A39E51-4339-4C14-A15F-27B3A53C8546}" = rport=139 | protocol=6 | dir=out | app=system |
"{2ACBDDBD-6A65-481B-85A7-68F4AEFA1EA5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{358D8A41-43C5-44B1-9812-802E22909905}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{360200BB-9C0B-4000-8980-2B7C40DC0B64}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3D41FDC3-ED3E-4E7E-B892-A5950FDA8119}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{40B5A68E-D72A-4679-9280-8908E2858ED8}" = rport=138 | protocol=17 | dir=out | app=system |
"{44CF94A3-0CCA-4789-BE9C-64DCB43085D2}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{47D8182B-4791-4D5B-BD0F-B6C3503F5D8C}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{48126418-D1F9-4755-AE34-C9DA361BB7C2}" = rport=10244 | protocol=6 | dir=out | app=system |
"{4A333EB9-3115-46B4-8E07-AB8EE95A92D7}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{4CC3DF80-F1C4-4D3C-BEAF-7A9274C13A3B}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{54B0B8AD-06C8-4F09-A037-6BE96A2D754C}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{566919D2-20ED-4FB8-A6C5-04D85913420B}" = lport=1900 | protocol=17 | dir=in | name=intel® viiv™ media server upnp discovery |
"{5981D8EF-492E-41AF-A62B-B03B307BD6D3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5C722FA4-FFDC-46B0-9E96-1C01E6428188}" = rport=5357 | protocol=6 | dir=out | app=system |
"{5E6B98A3-746A-45E4-8DE7-05E06689AD00}" = lport=139 | protocol=6 | dir=in | app=system |
"{61506F9F-0A64-439D-993F-8B345AA40594}" = lport=10243 | protocol=6 | dir=in | app=system |
"{629B9AA6-3948-4AE1-8CC1-8BF4A15F2D23}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{63248634-E041-4768-9447-EE9C7A02CC4F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6879A4CE-58D0-4D00-AAC1-82C8F02AA96B}" = lport=137 | protocol=17 | dir=in | app=system |
"{7A9BD03D-3A5E-4783-A1EB-74979A75E1B9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{7DB44DA5-AD80-4A73-8E86-BEF323AC1B94}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7E8898F1-45EC-46DB-BAA4-89D82A65763B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{80154EE8-1282-4946-AB86-964DFA520F3E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{852936A6-9F55-425E-847A-AEC1FFFB9F0F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{86CF11F0-1139-4086-A9CA-8F9C3158D273}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{8BA2A988-4BA4-43D7-B884-1DB7F1356AB8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{96B54A42-4C2E-49EC-BEE3-72C1068E7E8B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{99E5E35D-03E6-4599-B562-6AADFCC8788C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9AA8C9F3-E98B-4368-8A70-3F7AC926FDE5}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{A78AE334-B7AC-4387-86ED-A918AF1BF2CB}" = rport=137 | protocol=17 | dir=out | app=system |
"{AA543D1F-3508-4095-81E8-1A58D1BCCC99}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{AEB2EF0F-4CE0-4AA8-9CE4-61520D2BEF92}" = lport=3390 | protocol=6 | dir=in | app=system |
"{B268B4C3-99F3-45F9-99F1-08FB742D03AB}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{B3EF935A-0315-46ED-9037-E06B3AFE89A0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B4790EFD-7B83-43E3-B0AB-55B099663CB1}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{B6A37AA1-C5FF-461B-BF8D-5AF3EE603CDE}" = rport=445 | protocol=6 | dir=out | app=system |
"{B7CFA05D-E816-4FA4-8B82-5400D395932B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BF9BA848-D2C7-4BDD-AFAC-35002EBF9A93}" = lport=5357 | protocol=6 | dir=in | app=system |
"{C0C988BA-50F8-4924-AE2C-05F3C9E72ABB}" = lport=9442 | protocol=17 | dir=in | name=intel® viiv™ media server discovery |
"{C4FB96AB-3BD0-45C3-ABB9-F0296927ABB7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C8BC0EC2-E345-4F48-A689-562A1EA5CB68}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{CD48735D-398F-4806-ADB6-CAE6AA38721C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D1E45A47-5A5B-4484-9076-0DDF4B39D6F4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2F039AC-BEF4-423D-A0C1-A533AB647699}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D5B42CAD-6CAA-4620-9047-102405C04C91}" = lport=3390 | protocol=6 | dir=in | app=system |
"{D901E623-9603-4DEE-88A2-100B48D9F063}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{DFBC967A-0EC4-4B06-84CF-9C6F8C797858}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DFD3A038-BF16-4ECC-8E22-1D292CA14D3B}" = lport=445 | protocol=6 | dir=in | app=system |
"{E09DA101-2EB8-4FB5-9224-FE5D0A14528E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E178E2C3-D141-4472-AD14-80B9BEBD9004}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E3FA8FC7-FC8A-4F11-81A1-A14708C6B4B1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E5B546AC-AD1E-493F-A2AF-133C6D3651CE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E6EE3A88-F70D-4E44-ADB0-E12F674C9DA9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E78E2737-D191-4CB1-946C-D126E6FDFEE8}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{E8E0D63F-9909-46E9-8D02-AB504E8CE71E}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{EE47A7EC-0DF0-4700-97B3-68CBF5585125}" = rport=10244 | protocol=6 | dir=out | app=system |
"{EF854EC7-5760-4F79-9808-1A2B1F8FCA8B}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{EFAFA777-39BB-4009-A301-0396F3F3DCD7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F6562D5D-8FE2-4BCE-AD20-1A5376EEB942}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{F71D1055-DEEB-41FB-B993-3E69A8EBF500}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FBB75C0C-9FAF-47E9-BB91-C26F62D05CDC}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{FF589564-75B2-471A-A867-A10E766EA8CA}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C9AE26-5892-4331-9110-5DC9580B9748}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{08197A6A-8312-4C38-BC37-4682A5DC7DB6}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{0B1D8D62-73E3-44EC-B86F-D5C9D3ED9D29}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{0CD72A99-3B48-4442-99C0-3D442134613F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{112A14C5-BEB3-430E-9752-FAAE7B2FED55}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{15B55375-7A50-41D1-8DB8-11B992236969}" = dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe |
"{15D2670F-2084-4184-A6C5-5D7EC4E96286}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{192ADD63-3AAA-4253-9E48-52D3DE74FD92}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{19AAC7EB-CCB5-47AA-BD65-55D1D832E48F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1E064344-64F0-4F8D-8E00-4D1FE61EF519}" = protocol=6 | dir=in | app=c:\program files\codemasters\ashes cricket 2009\cricket2009.exe |
"{1FE9D9CF-2DDC-4A05-866F-23D9B75369F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{23D7C123-2037-44FD-9680-E64284118AEF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{24131E6B-8605-4A96-9452-56CDD4863088}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{243D91FD-6F63-495F-A82E-9ABC588A9DDE}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{26FB2585-2392-4143-8BCF-C9478EF003A4}" = protocol=6 | dir=out | app=system |
"{2CA0959F-12C2-4F59-9630-D07ABCFB9F8F}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{2FD3BEAC-F943-4C5A-A6E8-80930889DCA8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{32B184C6-3DB0-4CFC-8529-1D507770E7D8}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{39225C1B-0207-4B32-90BB-1AC723913C17}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{3E3B443C-C0BB-445A-91B4-6BD38982FD36}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{4428DC5E-C14B-453E-9A9B-4FC189016082}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{451DC902-D3E9-4ED0-BB3E-5903C93E4C54}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{49E204AD-B42D-4192-BF04-F7FA0A478D08}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{5613FFCB-880E-4FB1-B5A8-A94BF08F3BCA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5BB38AA7-B953-44CC-9CFB-CBE45F8A6B24}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5F3C0D9F-05B7-43C1-A5DE-9ADB3102BEF1}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{66A88ADD-0EFE-4042-BC9B-352A51F76AFA}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{69830E6B-7697-4486-A459-E53262596D0D}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{69CFAA47-7831-481C-864D-9F4AC0BC3D18}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{6A8C141C-A713-43B5-94A4-0B2CE6ABABCA}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{6B69600B-4020-4BF4-9E75-5B6F75C1BA3D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{6BF8E7BA-783F-4E76-9BF5-D26BC63832AC}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{7071EBD8-AAB2-4E8C-A7E2-34A836EE7483}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{7228B52F-D027-4514-A5EC-3F28490AAFFA}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{744F3C9C-9CF9-48FB-BA77-CA89C02929CA}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{74668E37-19CF-47CC-BD50-2EAE524A0D7E}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{75BB85EE-A28E-4804-8895-1422CC6A063D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{76207BD9-CE86-4CB4-9523-6CC52A2E19F1}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{7918AB22-D3BA-4EB8-B436-4269AA468893}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{7B9851A6-2AEE-4017-81D4-3865DA9DC2B6}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{7E86C10F-C14F-47A5-96B5-CB825A69B864}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F0B5826-8A3C-4472-9096-A41F5FDA83CB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{84907B95-2F30-48C1-8A32-6512CB7AA48C}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{883BD8C1-D4BA-424F-BAFE-B55AD86BBB97}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{8C7B248E-12A9-4F2C-831F-7DE01E553C65}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{91714EE5-6DAC-4EA6-83BF-328EFB86844E}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{9234D7F9-7529-4A66-99A0-4E54D9C000F5}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{97399B3B-5B47-42E7-A06B-D537B818CC05}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{98FF0929-0439-472B-89A4-5AB7C26109DA}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{9CD1EEE7-2C6F-4495-B370-60761D5841D1}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9F7CD9A8-D7A1-471A-ACD9-C7E1C4A1271D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A0AE923C-516E-4152-AFC2-FD7FC00459F0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{A0B0AE7F-AA63-4D3B-8295-AACA17D49EAB}" = dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe |
"{A710B645-684C-493E-8D30-5E61CCCFB815}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{AC18ABFE-444D-4453-82A3-6AF43AFABFD0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AC591EC9-98C3-4A9E-A683-3D0EFCF28AB4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AC68DB28-4A50-4C7A-8D7B-7D003986902A}" = protocol=17 | dir=in | app=c:\program files\codemasters\ashes cricket 2009\cricket2009.exe |
"{B03D91A0-8D19-4C20-A1C8-860D2258FE15}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B06AE0D0-FD72-4133-B98E-4854EA896170}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B1EE3FED-D927-4397-A395-FABCF3A94AB5}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{B298698C-C3E6-42F9-9A74-96CAC62657D1}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{B3043633-15B5-433A-B326-75D5A26DF289}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{B5682D24-81A5-40FB-B171-7F4DCC0DCD9A}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{B63E1859-11AC-42DA-B16D-BEC20EC4DCF2}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{B73F2206-54C0-4769-BCA2-AF3F2E2452F1}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{BA5F5D6B-03B7-4528-BABE-F8B05C932FB1}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{BD3A6976-449D-4B76-B34C-D2044CBC09E6}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C63D4D93-8DA0-43FC-A63B-9B66C644B68D}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{C7E37A06-838D-45EB-84A5-178CF8EC901D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CAA9DF4E-1CC7-4DA4-833B-7880DCE99AB8}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{CAE32F3D-386C-4F73-ADBC-FBCE7DB979F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CD5D815E-7571-49CD-8DC6-A75CFAFA172B}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{CE68F62B-4BB5-44FC-BA77-52CBA6EC974D}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D19DBA3D-0758-4541-BABD-9C3D3FD59320}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D7CBCAA2-07DA-4D89-BFF1-03E2657DF0C1}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{DCAFFA64-E715-4DC2-B492-F3A7D11ADF1D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E3669F5A-6769-432C-BE0F-9C2552B99491}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{E975BAD2-F916-492D-8FE6-0EB4D720B91B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{ECFA88A5-3637-46EC-9AFD-7ED6FC29974D}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{ED6D907F-8325-4B7B-81BB-EE4CFC8B85AB}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{F1650C06-FF4C-4AC1-AC25-9327F6941A7F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FA911BE1-40B6-4DBF-9BE1-B44AC0E78D78}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{05B05945-EF87-4D84-AED2-2842629C0D1D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{1489FD42-74B8-4090-B678-A1253635D919}C:\program files\sightspeed\sightspeed.exe" = protocol=6 | dir=in | app=c:\program files\sightspeed\sightspeed.exe |
"TCP Query User{2FC68493-78FC-499C-9A7D-3028FC129447}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{33A33F93-3625-4C6E-9F43-EC0251A01BF9}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{354F5A7F-E0B1-427D-9389-8DDCE1C22806}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{45940DCC-2382-423D-A2A5-B7C067FFAE06}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{54E13DE4-499E-4A73-A182-EAB86E7AEAF5}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{568EA4AC-2227-4AE6-8093-81EA7FA97926}C:\program files\virtualdj\virtualdj.exe" = protocol=6 | dir=in | app=c:\program files\virtualdj\virtualdj.exe |
"TCP Query User{5ED1D8FB-D70D-4132-A5BF-9550D7A07BF7}C:\program files\common files\nero\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe |
"TCP Query User{69AF5368-73BE-426C-BD9B-13A44AE6181E}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{81AE08F4-CDB1-46C3-B879-DD49995B918F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{8238734D-C3F8-4347-90C1-5974FD4F680C}C:\program files\screamer radio\screamer.exe" = protocol=6 | dir=in | app=c:\program files\screamer radio\screamer.exe |
"TCP Query User{8480A3D2-0B78-4CEF-8A9A-86BFAAEFF4D7}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{8A549B49-589C-4EEC-9F53-A8696F4CC57B}C:\program files\roxio\label creator 9\rxlabelcreator9.exe" = protocol=6 | dir=in | app=c:\program files\roxio\label creator 9\rxlabelcreator9.exe |
"TCP Query User{983BBAE2-AE4D-4E61-A50F-A138179891A7}C:\program files\kontiki\khost.exe" = protocol=6 | dir=in | app=c:\program files\kontiki\khost.exe |
"TCP Query User{ADB85420-3E39-4F27-8181-5079FEC32AAB}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{B5AA5039-3ED4-4AC6-B768-4EF693B883E1}C:\program files\kontiki\khost.exe" = protocol=6 | dir=in | app=c:\program files\kontiki\khost.exe |
"TCP Query User{D46EA6A4-1EB6-482F-BC36-005F0CCF9CE4}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{F206D641-C50F-4BED-ADC7-6E2BA89EC8FF}C:\program files\nero\nero8\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero8\nero showtime\showtime.exe |
"TCP Query User{F9EB7CB5-8509-46D0-941F-C5280F5BEAB7}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{22BF9FB2-D224-4916-8A5B-3C52F2C8221D}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{2641F7EB-5F85-474C-AB58-C8518AFDA972}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{2BAE7770-049D-4B58-B9F2-E48BC78EBF6C}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{40F54999-702B-46D2-A44C-CFF1CF7D08DE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4428C0D4-87D9-421A-A203-91AFA356840B}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{4CDAED14-135E-4A87-936E-FAF3130884B1}C:\program files\virtualdj\virtualdj.exe" = protocol=17 | dir=in | app=c:\program files\virtualdj\virtualdj.exe |
"UDP Query User{5763A07F-7479-4BE4-B5F6-5EC055EBEAA6}C:\program files\nero\nero8\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero8\nero showtime\showtime.exe |
"UDP Query User{64846102-ED36-43FE-A220-1F116B43DE05}C:\program files\sightspeed\sightspeed.exe" = protocol=17 | dir=in | app=c:\program files\sightspeed\sightspeed.exe |
"UDP Query User{65733FEB-F4BF-4E82-A579-814699D14B85}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{680A4220-EA0C-4ADC-8499-D2A258C5E41C}C:\program files\screamer radio\screamer.exe" = protocol=17 | dir=in | app=c:\program files\screamer radio\screamer.exe |
"UDP Query User{6B8194A4-4D9B-4FF6-BAF6-FB869C6B773C}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{6B9C58C6-2D73-429B-8AC0-BD40778A7E3E}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{8628C373-7DAD-49E4-999B-B26F503902FF}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{93509BE0-4C02-44C2-B410-7232511A9606}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{AEA2610A-C414-4D48-80B8-F68B088CBBDD}C:\program files\roxio\label creator 9\rxlabelcreator9.exe" = protocol=17 | dir=in | app=c:\program files\roxio\label creator 9\rxlabelcreator9.exe |
"UDP Query User{B32841B8-9BD4-4244-8607-FD720B76CCF3}C:\program files\kontiki\khost.exe" = protocol=17 | dir=in | app=c:\program files\kontiki\khost.exe |
"UDP Query User{BBFE3920-CF16-4A47-B85F-62838E83FBBE}C:\program files\kontiki\khost.exe" = protocol=17 | dir=in | app=c:\program files\kontiki\khost.exe |
"UDP Query User{E4B674D4-C7F2-4D40-9200-6A4DB4715208}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{E6D57B8B-814D-4D27-A87A-74EE87610BBB}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{EB546A6A-2E70-4740-8AB6-33AB1A13C409}C:\program files\common files\nero\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{230E8DDC-FB78-4F9F-8461-22ED20DBC3BA}" = AVG 2011
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 25
"{27113CA3-36B8-48AB-A419-79CF1FC0ECED}" = Ulead VideoStudio 5.0 DV
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{430E869A-13C9-4AE3-9F95-35D5B19E4699}" = Cake Mania 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58F9D852-9443-4955-A1ED-12C9E0504DD0}" = Mavis Beacon Teaches Typing Platinum 20
"{5BB977A4-E843-4E31-9859-745F442B1033}" = Nero 8 Essentials
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{70F6CE67-48A6-44F9-80ED-DE074B502785}" = Garfield's Typing Pal
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.5.1.135
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787F2DC2-1699-44FA-A72F-9107166AF9CC}" = Roxio Content 9
"{79DC723D-01E1-40EC-B045-D65D85721720}" = Radio Downloader
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89EAD745-088B-4160-B964-42C4D4D273AD}" = Family Tree Maker 2010
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B39736E-7C8C-4A32-82C1-F94245F20D85}" = Ashes Cricket 2009
"{8B7443F5-E141-42A0-AB61-ED2331AAD606}" = 4oD
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio Easy Media Creator 9 Suite
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! Deluxe
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB874}_is1" = TypingMaster TypingTest
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7472CEE-6E85-4D43-9C71-BDFC0D471F70}" = Intel® Viiv™ Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AC76BA86-7AD7-5464-3428-800000000004}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BABA6734-23CF-42AC-9E4C-EA2C7C80AA4E}" = AVG 2011
"{BBBF4CFE-9D26-4D93-A869-B2B021B3CA85}" = Intel® PRO Network Connections 12.2.41.0
"{C3C538E5-524C-4253-AA74-0EEEF34990EA}" = DiscJuggler
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC1F9C12-AFC9-4D35-BEF1-0F8AD138D28F}" = Usb disk Driver
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2041
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"2B0D8F3C-18AD-4D8E-879A-74A867C5C3CB_is1" = Wireless Manager
"3D Christmas Cottage Full Screen Saver" = 3D Christmas Cottage Full Screen Saver
"4oD" = 4oD
"Absolute Sound Recorder_is1" = Absolute Sound Recorder version 3.6.9
"AC3Filter" = AC3Filter (remove only)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALDI Photo Service UK" = ALDI Photo Service 1.12.0.99 (UK)
"ALDI photobook" = ALDI photobook
"Arial Audio Converter_is1" = Arial Audio Converter version 2.3.8
"AutoGK" = Auto Gordian Knot 2.45
"AVG" = AVG 2011
"Avi To MPEG Scout_is1" = Avi To MPEG Scout
"AviSynth" = AviSynth 2.5
"BBC iPlayer Download Manager" = BBC iPlayer Download Manager
"Cake Mania 2_is1" = Cake Mania 2
"Cake Mania-MainStreet ." = Cake Mania-MainStreet .
"CoreVorbis Audio Decoder" = CoreVorbis Audio Decoder (remove only)
"Download-for-Free - Free Christmas Lights ScreenSaver" = Free Christmas Lights ScreenSaver v1.0 (remove only)
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDFab HD Decrypter_is1" = DVDFab HD Decrypter 3.2.0.6 Beta
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Photo RX585_RX610 Userĺs Guide" = EPSON Stylus Photo RX585_RX610 Manual
"ESET Online Scanner" = ESET Online Scanner v3
"Family Tree Maker 2010" = Family Tree Maker 2010
"FLV to AVI MPEG WMV 3GP MP4 iPod Converter_is1" = FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.9.1108
"Free YouTube Download_is1" = Free YouTube Download 2.9
"Google Desktop" = Google Desktop
"Gordian Knot" = Gordian Knot Rip Pack 0.35.0
"GrabIt_is1" = GrabIt 1.7.2 Beta 3 (build 996)
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{8B39736E-7C8C-4A32-82C1-F94245F20D85}" = Ashes Cricket 2009
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Intel® Configuration Center" = Intel® Viiv™ Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaInfo" = MediaInfo 0.7.7.5
"MediaMonkey_is1" = MediaMonkey 3.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MP3 Splitter & Joiner Pro_is1" = MP3 Splitter & Joiner Pro 3.48
"NokiaFREE Unlock Codes Calculator" = NokiaFREE Unlock Codes Calculator
"NVIDIA Drivers" = NVIDIA Drivers
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"Photodex Presenter" = Photodex Presenter
"Power MP3 Cutter Joiner_is1" = Power MP3 Cutter Joiner 1.12
"PROSetDX" = Intel® PRO Network Connections 12.2.41.0
"ProShow Gold" = ProShow Gold
"QuickPar" = QuickPar 0.9
"RapidTyping" = RapidTyping
"RealPlayer 12.0" = RealPlayer
"SightSpeed" = SightSpeed (remove only)
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"SopCast" = SopCast 3.0.3
"ST6UNST #1" = Media Audio Capture
"Tetris Game Topdownloads" = Tetris
"TVUPlayer" = TVUPlayer 2.3.7.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VideoReDo-Plus_is1" = VideoReDo/Plus Version 2.5.5.512
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.4
"VobSub" = VobSub v2.23 (Remove Only)
"Win AVI HelixSDK_is1" = Win AVI HelixSDK
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Windir_4.31" = Windir 4.30
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Wondershare DVD Slideshow Builder_is1" = Wondershare DVD Slideshow Builder 3.1.0
"X10Hardware" = X10 Hardware™
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.1.3 final uninstall
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = ÁTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/05/2011 09:37:32 | Computer Name = StephenLoo-PC | Source = MsiInstaller | ID = 1013
Description =

Error - 24/05/2011 09:42:49 | Computer Name = StephenLoo-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 24/05/2011 09:57:41 | Computer Name = StephenLoo-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 24/05/2011 10:13:03 | Computer Name = StephenLoo-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 24/05/2011 13:14:45 | Computer Name = StephenLoo-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19048, time stamp
0x4d633f27, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000005, fault offset 0x00066579, process id 0xd94, application
start time 0x01cc1a1d05af16b5.

Error - 24/05/2011 19:05:00 | Computer Name = StephenLoo-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19048, time stamp
0x4d633f27, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000005, fault offset 0x00066579, process id 0x6fc, application
start time 0x01cc1a64ac308bd5.

Error - 24/05/2011 20:23:23 | Computer Name = StephenLoo-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19048, time stamp
0x4d633f27, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000005, fault offset 0x00066579, process id 0x6a4, application
start time 0x01cc1a6e73e4ba35.

Error - 24/05/2011 20:28:26 | Computer Name = StephenLoo-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 24/05/2011 20:28:52 | Computer Name = StephenLoo-PC | Source = Application Hang | ID = 1002
Description = The program osk.exe version 6.0.6002.18005 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 160c Start Time: 01cc1a727ef07916 Termination Time: 0

Error - 24/05/2011 20:30:00 | Computer Name = StephenLoo-PC | Source = MsiInstaller | ID = 10005
Description =

[ IntelDH Events ]
Error - 12/05/2011 08:11:15 | Computer Name = StephenLoo-PC | Source = TrayIcon | ID = 15
Description = A CCU internal function detected an error: CCU_TrayIcon::Could not
create ICCUEngine interface pointer

Error - 17/05/2011 20:03:51 | Computer Name = StephenLoo-PC | Source = TrayIcon | ID = 15
Description = A CCU internal function detected an error: CCU_TrayIcon::Could not
create ICCUEngine interface pointer

Error - 18/05/2011 03:35:47 | Computer Name = StephenLoo-PC | Source = TrayIcon | ID = 15
Description = A CCU internal function detected an error: CCU_TrayIcon::Could not
create ICCUEngine interface pointer

Error - 21/05/2011 11:17:05 | Computer Name = StephenLoo-PC | Source = TrayIcon | ID = 15
Description = A CCU internal function detected an error: CCU_TrayIcon::Could not
create ICCUEngine interface pointer

Error - 21/05/2011 20:44:49 | Computer Name = StephenLoo-PC | Source = TrayIcon | ID = 15
Description = A CCU internal function detected an error: CCU_TrayIcon::Could not
create ICCUEngine interface pointer

Error - 23/05/2011 04:42:39 | Computer Name = StephenLoo-PC | Source = TrayIcon | ID = 15
Description = A CCU internal function detected an error: CCU_TrayIcon::Could not
create ICCUEngine interface pointer

Error - 23/05/2011 18:34:01 | Computer Name = StephenLoo-PC | Source = TrayIcon | ID = 15
Description = A CCU internal function detected an error: CCU_TrayIcon::Could not
create ICCUEngine interface pointer

Error - 24/05/2011 05:54:30 | Computer Name = StephenLoo-PC | Source = TrayIcon | ID = 15
Description = A CCU internal function detected an error: CCU_TrayIcon::Could not
create ICCUEngine interface pointer

Error - 24/05/2011 09:07:11 | Computer Name = StephenLoo-PC | Source = TrayIcon | ID = 15
Description = A CCU internal function detected an error: CCU_TrayIcon::Could not
create ICCUEngine interface pointer

Error - 24/05/2011 20:24:07 | Computer Name = StephenLoo-PC | Source = TrayIcon | ID = 15
Description = A CCU internal function detected an error: CCU_TrayIcon::Could not
create ICCUEngine interface pointer

[ Media Center Events ]
Error - 24/05/2011 05:25:44 | Computer Name = StephenLoo-PC | Source = ehRecvr | ID = 3
Description =

[ OSession Events ]
Error - 08/06/2010 17:52:36 | Computer Name = StephenLoo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 24/05/2011 09:40:25 | Computer Name = StephenLoo-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 24/05/2011 10:09:30 | Computer Name = StephenLoo-PC | Source = Application Popup | ID = 876
Description = Driver DLACDBHM.SYS has been blocked from loading.

Error - 24/05/2011 10:11:23 | Computer Name = StephenLoo-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 24/05/2011 10:11:23 | Computer Name = StephenLoo-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 24/05/2011 10:13:06 | Computer Name = StephenLoo-PC | Source = DCOM | ID = 10016
Description =

Error - 24/05/2011 20:15:18 | Computer Name = StephenLoo-PC | Source = DCOM | ID = 10016
Description =

Error - 24/05/2011 20:25:36 | Computer Name = StephenLoo-PC | Source = Application Popup | ID = 876
Description = Driver DLACDBHM.SYS has been blocked from loading.

Error - 24/05/2011 20:27:26 | Computer Name = StephenLoo-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 24/05/2011 20:27:26 | Computer Name = StephenLoo-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 24/05/2011 20:28:58 | Computer Name = StephenLoo-PC | Source = DCOM | ID = 10016
Description =


< End of report >
How do!

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:01 AM

Posted 24 May 2011 - 09:27 PM

Hello,

Almost finished,

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O33 - MountPoints2\{cbe913a4-d510-11de-8a09-001d92296088}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe
    O33 - MountPoints2\{f7bc85a1-79b4-11dd-abaf-001d92296088}\Shell - "" = AutoRun
    O33 - MountPoints2\{f7bc85a1-79b4-11dd-abaf-001d92296088}\Shell\AutoRun\command - "" = J:\DPFMate.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    [2011/05/01 10:00:37 | 000,009,772 | -HS- | M] () -- C:\Users\StephenLouise\AppData\Local\700502fbyq2c0rj772152m74l1fn65xgbxes855k
    [2011/05/01 10:00:37 | 000,009,772 | -HS- | M] () -- C:\ProgramData\700502fbyq2c0rj772152m74l1fn65xgbxes855k
    [2011/05/01 09:54:48 | 000,009,652 | -HS- | M] () -- C:\ProgramData\3794764315
    [2011/04/30 23:34:31 | 000,009,956 | -HS- | M] () -- C:\ProgramData\385356780
    [2011/05/01 09:26:34 | 000,009,748 | -HS- | M] () -- C:\ProgramData\ud7dgu6005g7krd6uol04dj75062426n7ioi5l5301
    [2011/05/19 15:16:16 | 000,009,892 | -HS- | M] () -- C:\Users\StephenLouise\AppData\Local\iw4f2nro4o5h56a4154co8c4h1a7nynovk8pwe5apm
    [2011/05/19 15:16:16 | 000,009,892 | -HS- | M] () -- C:\ProgramData\iw4f2nro4o5h56a4154co8c4h1a7nynovk8pwe5apm
    [2011/05/19 15:00:19 | 000,009,892 | -HS- | C] () -- C:\Users\StephenLouise\AppData\Local\iw4f2nro4o5h56a4154co8c4h1a7nynovk8pwe5apm
    [2011/05/19 15:00:19 | 000,009,892 | -HS- | C] () -- C:\ProgramData\iw4f2nro4o5h56a4154co8c4h1a7nynovk8pwe5apm
    [2011/05/01 09:54:48 | 000,009,652 | -HS- | C] () -- C:\ProgramData\3794764315
    [2011/04/30 23:34:31 | 000,009,772 | -HS- | C] () -- C:\ProgramData\700502fbyq2c0rj772152m74l1fn65xgbxes855k
    [2011/04/30 21:26:49 | 000,009,956 | -HS- | C] () -- C:\ProgramData\385356780
    [2011/04/30 21:26:25 | 000,009,748 | -HS- | C] () -- C:\ProgramData\ud7dgu6005g7krd6uol04dj75062426n7ioi5l5301
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\VirtualDJ:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\StreamTransport:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Sports Interactive:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\SightSpeed Recordings:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Project 2:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Project 1:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\PhotosTemp:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\PcSetup:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\OneNote Notebooks:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\OJOsoft Corporation:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\NeroVision:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\My Weblog Posts:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\My PSP Files:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\My Games:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Microsoft Office Docs:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Michael CV:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\MakeDiscVideo:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\LimeWire:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\ICQ:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\FIFA 08:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Family Tree Maker:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\DVDVideoSoft:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\DVDFab:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\DSBOutput:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Downloaded Radio:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\digital locker Downloads:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\CyberLink:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\ConvertXtoDVD:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Azureus Downloads:Roxio EMC Stream
    @Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    
    :Commands
    [RESETHOSTS]
    [EMPTYTEMP]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.


2.
  • 1. Double click on the Posted Image icon on your desktop.
    2. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    volsnap.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    3. Push the Quick Scan button.
  • OTL.txt <-- Will be opened copy and paste in a reply here:


Thngs to include in your next reply::
OTL fix log
Otl.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 MaccaUK

MaccaUK
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:01 AM

Posted 24 May 2011 - 10:08 PM

Hi there,

This is all a very good education for me! I thought i knew a bit about PC's but to get help from someone as expert
as yourself in this field is a real eye opener and i truly appreciate all of your help thank you. :clapping:

My PC is running good thanks, it is great to be able to iron out all the problems that must of slowly built up in the
machine over the years.

All the best,

MaccaUK

Here's the OTL fix log.

All processes killed
Error: Unable to interpret <O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [] File not found> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{cbe913a4-d510-11de-8a09-001d92296088}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{f7bc85a1-79b4-11dd-abaf-001d92296088}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{f7bc85a1-79b4-11dd-abaf-001d92296088}\Shell\AutoRun\command - "" = J:\DPFMate.exe> in the current context!
Error: Unable to interpret <O34 - HKLM BootExecute: (autocheck autochk *) - File not found> in the current context!
Error: Unable to interpret <[2011/05/01 10:00:37 | 000,009,772 | -HS- | M] () -- C:\Users\StephenLouise\AppData\Local\700502fbyq2c0rj772152m74l1fn65xgbxes855k> in the current context!
Error: Unable to interpret <[2011/05/01 10:00:37 | 000,009,772 | -HS- | M] () -- C:\ProgramData\700502fbyq2c0rj772152m74l1fn65xgbxes855k> in the current context!
Error: Unable to interpret <[2011/05/01 09:54:48 | 000,009,652 | -HS- | M] () -- C:\ProgramData\3794764315> in the current context!
Error: Unable to interpret <[2011/04/30 23:34:31 | 000,009,956 | -HS- | M] () -- C:\ProgramData\385356780> in the current context!
Error: Unable to interpret <[2011/05/01 09:26:34 | 000,009,748 | -HS- | M] () -- C:\ProgramData\ud7dgu6005g7krd6uol04dj75062426n7ioi5l5301> in the current context!
Error: Unable to interpret <[2011/05/19 15:16:16 | 000,009,892 | -HS- | M] () -- C:\Users\StephenLouise\AppData\Local\iw4f2nro4o5h56a4154co8c4h1a7nynovk8pwe5apm> in the current context!
Error: Unable to interpret <[2011/05/19 15:16:16 | 000,009,892 | -HS- | M] () -- C:\ProgramData\iw4f2nro4o5h56a4154co8c4h1a7nynovk8pwe5apm> in the current context!
Error: Unable to interpret <[2011/05/19 15:00:19 | 000,009,892 | -HS- | C] () -- C:\Users\StephenLouise\AppData\Local\iw4f2nro4o5h56a4154co8c4h1a7nynovk8pwe5apm> in the current context!
Error: Unable to interpret <[2011/05/19 15:00:19 | 000,009,892 | -HS- | C] () -- C:\ProgramData\iw4f2nro4o5h56a4154co8c4h1a7nynovk8pwe5apm> in the current context!
Error: Unable to interpret <[2011/05/01 09:54:48 | 000,009,652 | -HS- | C] () -- C:\ProgramData\3794764315> in the current context!
Error: Unable to interpret <[2011/04/30 23:34:31 | 000,009,772 | -HS- | C] () -- C:\ProgramData\700502fbyq2c0rj772152m74l1fn65xgbxes855k> in the current context!
Error: Unable to interpret <[2011/04/30 21:26:49 | 000,009,956 | -HS- | C] () -- C:\ProgramData\385356780> in the current context!
Error: Unable to interpret <[2011/04/30 21:26:25 | 000,009,748 | -HS- | C] () -- C:\ProgramData\ud7dgu6005g7krd6uol04dj75062426n7ioi5l5301> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\VirtualDJ:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\StreamTransport:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Sports Interactive:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\SightSpeed Recordings:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Project 2:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Project 1:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\PhotosTemp:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\PcSetup:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\OneNote Notebooks:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\OJOsoft Corporation:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\NeroVision:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\My Weblog Posts:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\My PSP Files:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\My Games:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Microsoft Office Docs:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Michael CV:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\MakeDiscVideo:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\LimeWire:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\ICQ:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\FIFA 08:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Family Tree Maker:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\DVDVideoSoft:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\DVDFab:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\DSBOutput:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Downloaded Radio:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\digital locker Downloads:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\CyberLink:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\ConvertXtoDVD:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Azureus Downloads:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:DFC5A2B2> in the current context!
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: IUSR_NMPR
->Temp folder emptied: 2660 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 63287 bytes

User: Public

User: StephenLouise
->Temp folder emptied: 17192338 bytes
->Temporary Internet Files folder emptied: 382368230 bytes
->Java cache emptied: 50099801 bytes
->Apple Safari cache emptied: 11770880 bytes
->Flash cache emptied: 2889255 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23946277 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 466.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: IUSR_NMPR

User: Mcx1

User: Public

User: StephenLouise
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 05252011_034400

Files\Folders moved on Reboot...
C:\Users\StephenLouise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8I7DQ0TP\page__p__2258398__fromsearch__1[1].htm moved successfully.
File move failed. C:\Windows\S748D39BF.tmp scheduled to be moved on reboot.
C:\Windows\temp\JETA3DC.tmp moved successfully.
C:\Windows\temp\~ROMFN_00001444 moved successfully.

Registry entries deleted on Reboot...



Here's the OTL txt.

OTL logfile created on: 25/05/2011 03:55:02 - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\StephenLouise\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 44.99% Memory free
7.40 Gb Paging File | 5.66 Gb Available in Paging File | 76.51% Paging File free
Paging file location(s): c:\pagefile.sys 4603 5603 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445.76 Gb Total Space | 352.01 Gb Free Space | 78.97% Space Free | Partition Type: NTFS
Drive D: | 19.99 Gb Total Space | 11.18 Gb Free Space | 55.93% Space Free | Partition Type: FAT32
Drive J: | 931.28 Gb Total Space | 0.35 Gb Free Space | 0.04% Space Free | Partition Type: FAT32
Drive K: | 1863.01 Gb Total Space | 51.98 Gb Free Space | 2.79% Space Free | Partition Type: NTFS
Drive L: | 931.51 Gb Total Space | 408.24 Gb Free Space | 43.83% Space Free | Partition Type: NTFS

Computer Name: STEPHENLOO-PC | User Name: StephenLouise | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/25 01:31:36 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\StephenLouise\Desktop\OTL.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/04/14 00:20:51 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10o_ActiveX.exe
PRC - [2011/04/10 12:24:18 | 000,506,792 | ---- | M] (www.nerdoftheherd.com) -- C:\Program Files\Radio Downloader\Radio Downloader.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2009/11/10 11:28:36 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/07 16:43:36 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/11/07 16:39:36 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/05/26 16:20:50 | 000,585,728 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
PRC - [2008/05/26 16:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
PRC - [2008/03/19 20:25:59 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2008/02/27 17:56:54 | 001,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
PRC - [2007/11/14 16:50:42 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/10/19 18:42:38 | 000,290,909 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
PRC - [2007/10/19 18:42:38 | 000,114,779 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
PRC - [2007/10/19 18:42:02 | 000,155,648 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
PRC - [2007/10/15 10:15:08 | 001,410,344 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/10/15 10:14:48 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007/10/08 15:19:22 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/08 15:19:20 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/06/27 11:18:40 | 000,215,256 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
PRC - [2007/06/27 11:18:20 | 000,293,080 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
PRC - [2007/06/27 11:18:08 | 000,223,448 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
PRC - [2007/06/27 11:17:26 | 000,272,600 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe
PRC - [2007/06/27 11:17:12 | 000,446,680 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
PRC - [2007/06/27 11:16:02 | 000,157,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
PRC - [2007/06/27 11:15:14 | 000,059,096 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
PRC - [2007/06/27 11:14:46 | 000,317,656 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
PRC - [2007/06/27 11:14:40 | 000,439,512 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
PRC - [2007/06/27 11:13:56 | 000,268,504 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
PRC - [2007/06/13 02:07:50 | 000,097,128 | R--- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe
PRC - [2007/02/12 12:46:34 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2006/08/14 02:07:00 | 000,102,400 | ---- | M] () -- C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
PRC - [2006/08/10 13:10:14 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/08/10 12:38:54 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/07/31 10:00:00 | 001,116,920 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2001/11/12 04:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe


========== Modules (SafeList) ==========

MOD - [2011/05/25 01:31:36 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\StephenLouise\Desktop\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2008/11/07 16:40:52 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/05/26 16:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)
SRV - [2008/03/19 20:25:59 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/10/19 18:42:38 | 000,290,909 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS)
SRV - [2007/10/19 18:42:38 | 000,114,779 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS))
SRV - [2007/10/08 15:19:22 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/06/27 11:18:08 | 000,223,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2007/06/27 11:17:26 | 000,272,600 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe -- (QualityManager) Intel®
SRV - [2007/06/27 11:17:12 | 000,446,680 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2007/06/27 11:16:02 | 000,157,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2007/06/27 11:15:28 | 000,039,640 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE) Intel®
SRV - [2007/06/27 11:15:14 | 000,059,096 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2007/06/27 11:14:46 | 000,317,656 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore) Intel®
SRV - [2007/06/27 11:13:56 | 000,268,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2007/02/12 12:46:34 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/08/10 05:11:14 | 000,057,344 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2006/08/10 05:10:50 | 000,294,912 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2001/11/12 04:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009/02/03 14:54:52 | 000,003,768 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SndTVideo.sys -- (SndTVideo)
DRV - [2009/02/03 14:54:48 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2008/09/26 09:53:00 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/09/26 09:52:00 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/05/26 16:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2008/03/19 17:02:37 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/01/08 09:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007/12/14 04:28:00 | 008,244,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/11/08 17:36:25 | 000,005,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/09/21 01:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007/06/27 11:17:46 | 000,014,552 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2007/06/19 02:37:58 | 000,229,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/04/11 15:33:14 | 000,028,688 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/04/11 15:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 15:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 15:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/04/03 13:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
DRV - [2007/04/03 13:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116obex.sys -- (s116obex)
DRV - [2007/04/03 13:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)
DRV - [2007/04/03 13:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 13:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007/04/03 13:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007/04/03 13:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2007/02/18 21:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2007/02/16 01:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2006/11/30 06:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006/11/17 01:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/08/09 05:30:42 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006/08/08 10:18:50 | 000,009,432 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/08 10:18:28 | 000,035,128 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/08 10:18:26 | 000,097,880 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/08 10:18:26 | 000,094,680 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/08 10:18:24 | 000,026,136 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/08 10:18:22 | 000,032,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/08 10:18:20 | 000,104,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/08 10:18:20 | 000,014,552 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/01 21:06:20 | 000,012,952 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/01 21:06:18 | 000,028,216 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2004/04/16 14:57:58 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.digitalspy.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/22 01:51:31 | 000,000,000 | ---D | M]

[2009/04/14 13:20:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\StephenLouise\AppData\Roaming\Mozilla\Extensions
[2009/04/14 13:20:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\StephenLouise\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2011/05/25 03:44:03 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ALDI Photo Service] C:\Program Files\ALDI Photo Service\ALDI_Photo_Service\FotoSuite.exe (MAGIX AG)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Roxio\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Sonic Solutions)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [EPSON Stylus Photo RX585 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICLE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [Radio Downloader] C:\Program Files\Radio Downloader\Radio Downloader.exe (www.nerdoftheherd.com)
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {678940D3-080C-4FCE-A54D-D443E1177F01} https://www.coolroom.com/ActiveX/ax.dll (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\StephenLouise\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\StephenLouise\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{cbe913a4-d510-11de-8a09-001d92296088}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe
O33 - MountPoints2\{f7bc85a1-79b4-11dd-abaf-001d92296088}\Shell - "" = AutoRun
O33 - MountPoints2\{f7bc85a1-79b4-11dd-abaf-001d92296088}\Shell\AutoRun\command - "" = J:\DPFMate.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/05/25 03:44:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/25 01:31:33 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\StephenLouise\Desktop\OTL.exe
[2011/05/25 01:03:16 | 000,400,384 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\StephenLouise\Desktop\JavaRa.exe
[2011/05/24 23:46:55 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{3E5E0C92-AC44-4717-9089-3F06E1517555}
[2011/05/24 15:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/24 14:57:57 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Roaming\Malwarebytes
[2011/05/24 14:57:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/24 14:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/24 14:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/24 14:57:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/24 14:57:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/24 14:56:44 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\StephenLouise\Desktop\mbam-setup.exe
[2011/05/24 14:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/05/24 10:52:07 | 003,063,136 | ---- | C] (Piriform Ltd) -- C:\Users\StephenLouise\Desktop\ccsetup306.exe
[2011/05/23 22:53:59 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{B8081BE6-4A14-4BDF-A91E-970402AC84AD}
[2011/05/23 09:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/05/23 09:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/23 09:53:54 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\StephenLouise\Desktop\HJTInstall.exe
[2011/05/23 09:50:38 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\StephenLouise\Desktop\aswMBR.exe
[2011/05/23 09:39:58 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\StephenLouise\Desktop\tdsskiller.exe
[2011/05/22 23:30:30 | 000,606,738 | ---- | C] (Swearware) -- C:\Users\StephenLouise\Desktop\dds.pif
[2011/05/22 14:44:30 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{3CF01CED-6E29-4010-A126-ADCCB6A8E377}
[2011/05/22 10:27:23 | 000,606,738 | R--- | C] (Swearware) -- C:\Users\StephenLouise\Desktop\dds.scr
[2011/05/22 03:00:41 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/05/22 01:52:25 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Roaming\AVG10
[2011/05/22 01:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/05/22 01:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/05/22 01:51:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/05/22 01:23:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/05/22 01:23:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/05/21 15:31:26 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{9170A321-D9A0-4AC4-9087-3FBE20FDDC00}
[2011/05/21 15:30:28 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{BBFD3B51-86DE-41C0-BF5B-6FE32E5CBA85}
[2011/05/18 00:40:48 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{E317EA47-9B1E-45B6-AB42-0CE0CA3F9A73}
[2011/05/16 16:03:05 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{C2CDBC52-70B9-451E-BC0E-8A3996D27EFF}
[2011/05/15 23:05:54 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{7BE27D35-2131-4556-BBB8-B1900EF6632F}
[2011/05/14 23:05:52 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{90754768-6612-4C88-8E43-3679AD0DF23E}
[2011/05/14 13:42:50 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{22299146-9E59-4341-947B-1FA46FA283E0}
[2011/05/14 12:00:18 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{FC3A1553-3168-41D4-95EF-3E29C230EA22}
[2011/05/13 13:50:53 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{4DBC773A-3266-4F23-8A34-8157FA023039}
[2011/05/12 22:49:46 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{DABFEA44-4A36-4DB6-A9C2-8420188463DA}
[2011/05/11 13:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/05/10 00:16:48 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\Documents\Project 2
[2011/05/10 00:16:20 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\Documents\Project 1
[2011/05/04 00:06:12 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/05/04 00:00:05 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\Windows Live
[2011/05/03 23:56:52 | 000,000,000 | ---D | C] -- C:\Program Files\Radio Downloader
[2011/05/01 10:08:38 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/05/01 10:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/05/01 09:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/05/01 00:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/04/30 21:26:10 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2008/04/09 10:31:47 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\StephenLouise\AppData\Roaming\pcouffin.sys
[2006/07/11 15:29:00 | 000,028,672 | R--- | C] ( ) -- C:\Windows\System32\DivXGraphBuilderCallback.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/25 03:56:23 | 000,647,164 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/25 03:56:23 | 000,124,162 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/25 03:50:09 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/25 03:50:09 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/25 03:50:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/25 03:44:03 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/25 03:43:35 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{45E8EFFC-A075-4B54-9F98-CB7F7EA8A6F9}.job
[2011/05/25 03:40:14 | 000,224,256 | ---- | M] () -- C:\Users\StephenLouise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/25 01:31:36 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\StephenLouise\Desktop\OTL.exe
[2011/05/25 01:02:59 | 000,159,772 | ---- | M] () -- C:\Users\StephenLouise\Desktop\JavaRa.zip
[2011/05/24 23:52:04 | 115,877,052 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/05/24 14:57:32 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/24 14:56:58 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\StephenLouise\Desktop\mbam-setup.exe
[2011/05/24 14:45:05 | 011,850,240 | ---- | M] () -- C:\Users\StephenLouise\Desktop\AdbeRdrUpd932_all_incr.msp
[2011/05/24 14:40:32 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/05/24 14:35:44 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/05/24 10:52:10 | 003,063,136 | ---- | M] (Piriform Ltd) -- C:\Users\StephenLouise\Desktop\ccsetup306.exe
[2011/05/23 09:54:39 | 000,001,838 | ---- | M] () -- C:\Users\StephenLouise\Desktop\HijackThis.lnk
[2011/05/23 09:53:54 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\StephenLouise\Desktop\HJTInstall.exe
[2011/05/23 09:52:36 | 000,000,512 | ---- | M] () -- C:\Users\StephenLouise\Desktop\MBR.dat
[2011/05/23 09:50:39 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\StephenLouise\Desktop\aswMBR.exe
[2011/05/23 09:40:01 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\StephenLouise\Desktop\tdsskiller.exe
[2011/05/23 00:20:00 | 456,071,076 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/22 23:30:32 | 000,606,738 | ---- | M] (Swearware) -- C:\Users\StephenLouise\Desktop\dds.pif
[2011/05/22 10:27:25 | 000,606,738 | R--- | M] (Swearware) -- C:\Users\StephenLouise\Desktop\dds.scr
[2011/05/22 10:15:23 | 000,050,477 | ---- | M] () -- C:\Users\StephenLouise\Desktop\Defogger.exe
[2011/05/22 10:11:53 | 000,133,632 | ---- | M] () -- C:\Users\StephenLouise\Desktop\RKUnhookerLE.EXE
[2011/05/22 01:51:33 | 000,000,794 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/05/22 00:24:25 | 000,017,480 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/05/19 15:22:30 | 000,009,754 | ---- | M] () -- C:\Users\StephenLouise\Documents\cc_20110519_152220.reg
[2011/05/19 15:16:16 | 000,009,892 | -HS- | M] () -- C:\Users\StephenLouise\AppData\Local\iw4f2nro4o5h56a4154co8c4h1a7nynovk8pwe5apm
[2011/05/19 15:16:16 | 000,009,892 | -HS- | M] () -- C:\ProgramData\iw4f2nro4o5h56a4154co8c4h1a7nynovk8pwe5apm
[2011/05/18 01:01:52 | 002,416,776 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/05/17 17:47:35 | 032,722,096 | ---- | M] () -- C:\Users\StephenLouise\AppData\Local\rx_image.Cache
[2011/05/15 18:12:08 | 000,309,228 | ---- | M] () -- C:\Users\StephenLouise\Desktop\JavaRa.def
[2011/05/04 22:50:18 | 000,397,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/01 15:40:30 | 000,000,663 | ---- | M] () -- C:\Users\StephenLouise\AppData\Roaming\vso_ts_preview.xml
[2011/05/01 10:29:05 | 000,001,764 | ---- | M] () -- C:\Users\StephenLouise\Documents\cc_20110501_102903.reg
[2011/05/01 10:08:38 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/05/01 10:01:20 | 000,007,326 | ---- | M] () -- C:\Users\StephenLouise\Documents\cc_20110501_100115.reg
[2011/05/01 10:00:37 | 000,009,772 | -HS- | M] () -- C:\Users\StephenLouise\AppData\Local\700502fbyq2c0rj772152m74l1fn65xgbxes855k
[2011/05/01 10:00:37 | 000,009,772 | -HS- | M] () -- C:\ProgramData\700502fbyq2c0rj772152m74l1fn65xgbxes855k
[2011/05/01 09:54:48 | 000,009,652 | -HS- | M] () -- C:\ProgramData\3794764315
[2011/05/01 09:51:01 | 000,002,082 | ---- | M] () -- C:\Windows\System32\.crusader
[2011/05/01 09:26:34 | 000,009,748 | -HS- | M] () -- C:\ProgramData\ud7dgu6005g7krd6uol04dj75062426n7ioi5l5301
[2011/05/01 00:49:22 | 000,452,792 | ---- | M] () -- C:\Users\StephenLouise\Documents\cc_20110501_004857.reg
[2011/04/30 23:34:31 | 000,009,956 | -HS- | M] () -- C:\ProgramData\385356780
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/25 01:03:16 | 000,309,228 | ---- | C] () -- C:\Users\StephenLouise\Desktop\JavaRa.def
[2011/05/25 01:03:16 | 000,003,127 | ---- | C] () -- C:\Users\StephenLouise\Desktop\Nederlands.lng
[2011/05/25 01:03:16 | 000,003,027 | ---- | C] () -- C:\Users\StephenLouise\Desktop\Franšais.lng
[2011/05/25 01:03:16 | 000,002,946 | ---- | C] () -- C:\Users\StephenLouise\Desktop\Espa˝ol.lng
[2011/05/25 01:03:16 | 000,002,920 | ---- | C] () -- C:\Users\StephenLouise\Desktop\Italiano.lng
[2011/05/25 01:03:16 | 000,002,699 | ---- | C] () -- C:\Users\StephenLouise\Desktop\Deutsch.lng
[2011/05/25 01:03:16 | 000,002,553 | ---- | C] () -- C:\Users\StephenLouise\Desktop\Suomi.lng
[2011/05/25 01:02:58 | 000,159,772 | ---- | C] () -- C:\Users\StephenLouise\Desktop\JavaRa.zip
[2011/05/24 23:52:04 | 115,877,052 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/05/24 14:57:32 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/24 14:39:23 | 011,850,240 | ---- | C] () -- C:\Users\StephenLouise\Desktop\AdbeRdrUpd932_all_incr.msp
[2011/05/24 14:35:44 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011/05/24 14:35:44 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/05/24 14:32:59 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/24 14:32:59 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/05/23 09:54:39 | 000,001,838 | ---- | C] () -- C:\Users\StephenLouise\Desktop\HijackThis.lnk
[2011/05/23 09:52:36 | 000,000,512 | ---- | C] () -- C:\Users\StephenLouise\Desktop\MBR.dat
[2011/05/22 18:20:22 | 000,000,408 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{45E8EFFC-A075-4B54-9F98-CB7F7EA8A6F9}.job
[2011/05/22 10:15:22 | 000,050,477 | ---- | C] () -- C:\Users\StephenLouise\Desktop\Defogger.exe
[2011/05/22 10:11:52 | 000,133,632 | ---- | C] () -- C:\Users\StephenLouise\Desktop\RKUnhookerLE.EXE
[2011/05/22 01:51:33 | 000,000,794 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/05/20 15:40:20 | 456,071,076 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/19 15:22:22 | 000,009,754 | ---- | C] () -- C:\Users\StephenLouise\Documents\cc_20110519_152220.reg
[2011/05/19 15:00:19 | 000,009,892 | -HS- | C] () -- C:\Users\StephenLouise\AppData\Local\iw4f2nro4o5h56a4154co8c4h1a7nynovk8pwe5apm
[2011/05/19 15:00:19 | 000,009,892 | -HS- | C] () -- C:\ProgramData\iw4f2nro4o5h56a4154co8c4h1a7nynovk8pwe5apm
[2011/05/18 01:11:21 | 000,000,913 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/05/11 13:41:24 | 002,416,776 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/05/04 00:05:42 | 000,001,078 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/05/04 00:05:27 | 000,001,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/05/04 00:05:02 | 000,000,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/05/04 00:04:23 | 000,001,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/05/01 10:29:04 | 000,001,764 | ---- | C] () -- C:\Users\StephenLouise\Documents\cc_20110501_102903.reg
[2011/05/01 10:01:18 | 000,007,326 | ---- | C] () -- C:\Users\StephenLouise\Documents\cc_20110501_100115.reg
[2011/05/01 09:54:48 | 000,009,772 | -HS- | C] () -- C:\Users\StephenLouise\AppData\Local\700502fbyq2c0rj772152m74l1fn65xgbxes855k
[2011/05/01 09:54:48 | 000,009,652 | -HS- | C] () -- C:\ProgramData\3794764315
[2011/05/01 09:51:01 | 000,002,082 | ---- | C] () -- C:\Windows\System32\.crusader
[2011/05/01 09:37:21 | 000,017,480 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/05/01 00:49:04 | 000,452,792 | ---- | C] () -- C:\Users\StephenLouise\Documents\cc_20110501_004857.reg
[2011/04/30 23:34:31 | 000,009,772 | -HS- | C] () -- C:\ProgramData\700502fbyq2c0rj772152m74l1fn65xgbxes855k
[2011/04/30 21:26:49 | 000,009,956 | -HS- | C] () -- C:\ProgramData\385356780
[2011/04/30 21:26:25 | 000,009,748 | -HS- | C] () -- C:\ProgramData\ud7dgu6005g7krd6uol04dj75062426n7ioi5l5301
[2010/08/14 22:53:17 | 000,000,760 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\setup_ldm.iss
[2009/11/10 11:35:28 | 000,000,048 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/09/17 02:15:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/17 02:15:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/03 15:27:09 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009/06/03 15:26:58 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009/03/31 16:43:24 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009/03/31 16:43:24 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009/03/31 16:43:24 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009/03/31 16:38:42 | 000,000,027 | ---- | C] () -- C:\Windows\CDE RX585DEFGIPS.ini
[2009/02/09 03:36:20 | 000,001,008 | ---- | C] () -- C:\Windows\AZPR3.INI
[2008/12/24 14:29:30 | 000,974,848 | ---- | C] () -- C:\Windows\vorbis.dll
[2008/12/24 14:29:30 | 000,049,152 | ---- | C] () -- C:\Windows\ogg.dll
[2008/12/24 14:29:30 | 000,028,672 | ---- | C] () -- C:\Windows\vorbisfile.dll
[2008/08/10 23:36:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/04 18:22:56 | 000,000,567 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\AutoGK.ini
[2008/08/04 17:36:25 | 000,043,698 | ---- | C] () -- C:\Windows\System32\xvid-uninstall.exe
[2008/05/28 21:00:23 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/05/28 20:59:45 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/05/22 23:54:24 | 000,080,104 | ---- | C] () -- C:\Users\StephenLouise\AppData\Local\rx_audio.Cache
[2008/04/25 14:56:49 | 000,000,751 | ---- | C] () -- C:\Windows\Ulead32.ini
[2008/04/25 14:56:49 | 000,000,028 | ---- | C] () -- C:\Windows\Msdevctl.ini
[2008/04/24 12:09:35 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008/04/09 10:34:55 | 000,000,663 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\vso_ts_preview.xml
[2008/04/09 10:31:47 | 000,087,608 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\inst.exe
[2008/04/09 10:31:47 | 000,007,887 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\pcouffin.cat
[2008/04/09 10:31:47 | 000,001,144 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\pcouffin.inf
[2008/04/08 19:21:04 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/04/03 12:25:27 | 000,033,533 | ---- | C] () -- C:\Windows\System32\CoreVorbis-uninstall.exe
[2008/04/03 12:25:21 | 000,036,734 | ---- | C] () -- C:\Windows\System32\OggDSuninst.exe
[2008/04/03 12:25:03 | 000,040,960 | ---- | C] () -- C:\Windows\System32\MMAVILNG.exe
[2008/04/03 12:23:31 | 000,011,270 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/04/03 12:23:31 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\689F9E7409.sys
[2008/03/18 19:03:59 | 032,722,096 | ---- | C] () -- C:\Users\StephenLouise\AppData\Local\rx_image.Cache
[2008/03/18 18:49:13 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2008/03/18 18:49:13 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2008/03/18 02:18:31 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/03/18 02:18:31 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/03/18 02:18:31 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/03/18 02:18:31 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/03/18 02:18:31 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/03/18 02:18:31 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/03/18 02:18:31 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/03/18 02:18:31 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/03/18 02:18:31 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/03/18 02:18:31 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/03/18 02:18:31 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/03/18 02:18:31 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/03/18 02:18:31 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/03/18 02:18:31 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/03/18 02:18:31 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/03/18 02:18:31 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/03/14 14:06:34 | 000,007,592 | ---- | C] () -- C:\Users\StephenLouise\AppData\Local\d3d9caps.dat
[2008/03/14 03:28:12 | 000,026,340 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\UserTile.png
[2008/03/14 02:57:22 | 000,000,000 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\wklnhst.dat
[2008/03/14 02:34:54 | 000,000,092 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\Default.PLS
[2008/03/14 01:01:37 | 000,224,256 | ---- | C] () -- C:\Users\StephenLouise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/21 03:05:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/02/21 03:03:24 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/02/07 14:07:42 | 000,009,824 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2007/11/08 16:39:13 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/10/08 06:58:42 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2006/12/30 18:48:38 | 000,000,491 | ---- | C] () -- C:\Windows\powermp3cutterjoiner.ini
[2006/12/11 19:24:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,397,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,647,164 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,124,162 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/16 13:47:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/08/09 05:19:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/08/09 05:19:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/08/09 02:00:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\besch.exe
[2006/08/09 02:00:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\besched.dll
[2006/06/23 11:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2005/11/05 20:34:50 | 000,145,408 | ---- | C] () -- C:\Windows\System32\Lame.exe
[2005/07/15 19:35:56 | 000,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2005/07/15 19:35:56 | 000,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2004/12/12 19:41:12 | 000,000,463 | ---- | C] () -- C:\Windows\Windir.ini
[2004/09/01 16:49:17 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
[2003/10/02 02:00:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lockout.dll
[2003/10/02 02:00:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\lockres.dll
[2003/08/07 14:01:52 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2002/10/15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2002/10/06 19:42:57 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2002/10/05 00:04:25 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2002/10/05 00:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2002/10/05 00:04:17 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[1995/10/21 10:37:52 | 000,035,328 | ---- | C] () -- C:\Windows\INETWH32.DLL

========== LOP Check ==========

[2011/05/22 01:52:25 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\AVG10
[2011/05/01 00:46:18 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Azureus
[2008/04/15 21:21:48 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Broderbund
[2010/09/06 02:06:57 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/04/01 10:52:36 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\EPSON
[2010/12/13 02:25:32 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\FLV Extract
[2011/05/22 02:16:12 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\GrabIt
[2008/03/21 14:19:42 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Jasc
[2008/03/14 23:43:21 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Leadertech
[2009/12/31 14:53:13 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\LimeWire
[2008/03/19 20:26:05 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Netscape
[2009/04/26 00:06:15 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Nokia
[2009/04/26 00:06:10 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\PC Suite
[2008/03/18 01:08:57 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\PeerNetworking
[2008/03/19 20:25:24 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Photodex
[2009/12/09 23:31:46 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Sports Interactive
[2008/03/14 02:57:22 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Template
[2008/03/14 01:20:01 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Ulead Systems
[2011/05/25 03:42:33 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\uTorrent
[2008/08/04 17:30:44 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\VideoReDoPlus
[2011/05/01 15:40:31 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Vso
[2009/11/15 03:27:02 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Windows Live Writer
[2011/02/02 03:41:29 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\www.nerdoftheherd.com
[2011/05/25 03:48:21 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/25 03:43:35 | 000,000,408 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{45E8EFFC-A075-4B54-9F98-CB7F7EA8A6F9}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/02/07 18:19:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\atapi.sys
[2008/02/07 18:19:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\atapi.sys
[2008/01/19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/04/17 11:11:10 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\drivers\atapi.sys
[2007/04/17 11:11:10 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2007/04/17 11:11:10 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
[2008/02/07 18:19:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_27cad3e5\atapi.sys
[2008/02/07 18:19:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/01/12 23:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll

< MD5 for: IASTOR.SYS >
[2007/07/12 07:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys
[2007/10/08 15:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/10/08 15:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Windows\System32\drivers\iaStor.sys
[2007/10/08 15:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1bb129e3\iaStor.sys
[2007/10/08 15:19:02 | 000,383,000 | ---- | M] (Intel Corporation) MD5=968BCEAD432CD478D0659FC95ED52170 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: VOLSNAP.SYS >
[2006/11/02 10:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/11 07:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/11 07:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/11 07:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008/02/07 18:19:16 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=327639D2EC931B057F3826A51ADC73E9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.20709_none_146318401803edb5\volsnap.sys
[2008/02/07 18:19:16 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f47b2c78\volsnap.sys
[2008/02/07 18:19:16 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.16586_none_137ff950ff29e447\volsnap.sys
[2008/01/19 00:42:50 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/19 00:42:50 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\VirtualDJ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\StreamTransport:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Sports Interactive:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\SightSpeed Recordings:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Project 2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Project 1:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\PhotosTemp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\PcSetup:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\OneNote Notebooks:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\OJOsoft Corporation:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\NeroVision:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\My Weblog Posts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\My PSP Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\My Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Microsoft Office Docs:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Michael CV:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\MakeDiscVideo:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\LimeWire:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\ICQ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\FIFA 08:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Family Tree Maker:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\DVDVideoSoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\DVDFab:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\DSBOutput:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Downloaded Radio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\digital locker Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\CyberLink:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\ConvertXtoDVD:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Azureus Downloads:Roxio EMC Stream
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
How do!

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:01 AM

Posted 25 May 2011 - 09:27 AM

Hello,

We need to run Otl again as I made a mistake with the script.

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :Otl
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O33 - MountPoints2\{cbe913a4-d510-11de-8a09-001d92296088}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe
    O33 - MountPoints2\{f7bc85a1-79b4-11dd-abaf-001d92296088}\Shell - "" = AutoRun
    O33 - MountPoints2\{f7bc85a1-79b4-11dd-abaf-001d92296088}\Shell\AutoRun\command - "" = J:\DPFMate.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    [2011/05/01 10:00:37 | 000,009,772 | -HS- | M] () -- C:\Users\StephenLouise\AppData\Local\700502fbyq2c0rj772152m74l1fn65xgbxes855k
    [2011/05/01 10:00:37 | 000,009,772 | -HS- | M] () -- C:\ProgramData\700502fbyq2c0rj772152m74l1fn65xgbxes855k
    [2011/05/01 09:54:48 | 000,009,652 | -HS- | M] () -- C:\ProgramData\3794764315
    [2011/04/30 23:34:31 | 000,009,956 | -HS- | M] () -- C:\ProgramData\385356780
    [2011/05/01 09:26:34 | 000,009,748 | -HS- | M] () -- C:\ProgramData\ud7dgu6005g7krd6uol04dj75062426n7ioi5l5301
    [2011/05/19 15:16:16 | 000,009,892 | -HS- | M] () -- C:\Users\StephenLouise\AppData\Local\iw4f2nro4o5h56a4154co8c4h1a7nynovk8pwe5apm
    [2011/05/19 15:16:16 | 000,009,892 | -HS- | M] () -- C:\ProgramData\iw4f2nro4o5h56a4154co8c4h1a7nynovk8pwe5apm
    [2011/05/19 15:00:19 | 000,009,892 | -HS- | C] () -- C:\Users\StephenLouise\AppData\Local\iw4f2nro4o5h56a4154co8c4h1a7nynovk8pwe5apm
    [2011/05/19 15:00:19 | 000,009,892 | -HS- | C] () -- C:\ProgramData\iw4f2nro4o5h56a4154co8c4h1a7nynovk8pwe5apm
    [2011/05/01 09:54:48 | 000,009,652 | -HS- | C] () -- C:\ProgramData\3794764315
    [2011/04/30 23:34:31 | 000,009,772 | -HS- | C] () -- C:\ProgramData\700502fbyq2c0rj772152m74l1fn65xgbxes855k
    [2011/04/30 21:26:49 | 000,009,956 | -HS- | C] () -- C:\ProgramData\385356780
    [2011/04/30 21:26:25 | 000,009,748 | -HS- | C] () -- C:\ProgramData\ud7dgu6005g7krd6uol04dj75062426n7ioi5l5301
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\VirtualDJ:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\StreamTransport:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Sports Interactive:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\SightSpeed Recordings:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Project 2:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Project 1:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\PhotosTemp:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\PcSetup:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\OneNote Notebooks:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\OJOsoft Corporation:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\NeroVision:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\My Weblog Posts:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\My PSP Files:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\My Games:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Microsoft Office Docs:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Michael CV:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\MakeDiscVideo:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\LimeWire:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\ICQ:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\FIFA 08:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Family Tree Maker:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\DVDVideoSoft:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\DVDFab:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\DSBOutput:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Downloaded Radio:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\digital locker Downloads:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\CyberLink:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\ConvertXtoDVD:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\StephenLouise\Documents\Azureus Downloads:Roxio EMC Stream
    @Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    
    :Commands
    [RESETHOSTS]
    [EMPTYTEMP]
    [EMPTYFLASH]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.


2.
  • 1. Double click on the Posted Image icon on your desktop.
    2. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    volsnap.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    3. Push the Quick Scan button.
  • OTL.txt <-- Will be opened copy and paste in a reply here:


Thngs to include in your next reply::
OTL fix log
Otl.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 MaccaUK

MaccaUK
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:01 AM

Posted 25 May 2011 - 05:35 PM

Hi again,

When i just did that latest OTL Fix my PC hung for a long time on restart with a black screen.
I restarted eventually and ran on safe mode and then it allowed me to run as normal once again
and then the OTL Fix log appeared on my desktop.

I've copied and pasted that log as well as the latest OTL txt below as requested :)

In general my PC is running very well thank you, without you i would still be having alot of
problems.

Thank You

MaccaUK


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbe913a4-d510-11de-8a09-001d92296088}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbe913a4-d510-11de-8a09-001d92296088}\ not found.
File K:\InstallTomTomHOME.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7bc85a1-79b4-11dd-abaf-001d92296088}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7bc85a1-79b4-11dd-abaf-001d92296088}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7bc85a1-79b4-11dd-abaf-001d92296088}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7bc85a1-79b4-11dd-abaf-001d92296088}\ not found.
File J:\DPFMate.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
C:\Users\StephenLouise\AppData\Local\700502fbyq2c0rj772152m74l1fn65xgbxes855k moved successfully.
C:\ProgramData\700502fbyq2c0rj772152m74l1fn65xgbxes855k moved successfully.
C:\ProgramData\3794764315 moved successfully.
C:\ProgramData\385356780 moved successfully.
C:\ProgramData\ud7dgu6005g7krd6uol04dj75062426n7ioi5l5301 moved successfully.
C:\Users\StephenLouise\AppData\Local\iw4f2nro4o5h56a4154co8c4h1a7nynovk8pwe5apm moved successfully.
C:\ProgramData\iw4f2nro4o5h56a4154co8c4h1a7nynovk8pwe5apm moved successfully.
File C:\Users\StephenLouise\AppData\Local\iw4f2nro4o5h56a4154co8c4h1a7nynovk8pwe5apm not found.
File C:\ProgramData\iw4f2nro4o5h56a4154co8c4h1a7nynovk8pwe5apm not found.
File C:\ProgramData\3794764315 not found.
File C:\ProgramData\700502fbyq2c0rj772152m74l1fn65xgbxes855k not found.
File C:\ProgramData\385356780 not found.
File C:\ProgramData\ud7dgu6005g7krd6uol04dj75062426n7ioi5l5301 not found.
ADS C:\Users\StephenLouise\Documents\VirtualDJ:Roxio EMC Stream deleted successfully.
ADS C:\Users\StephenLouise\Documents\StreamTransport:Roxio EMC Stream deleted successfully.
ADS C:\Users\StephenLouise\Documents\Sports Interactive:Roxio EMC Stream deleted successfully.
ADS C:\Users\StephenLouise\Documents\SightSpeed Recordings:Roxio EMC Stream deleted successfully.
ADS C:\Users\StephenLouise\Documents\Project 2:Roxio EMC Stream deleted successfully.
ADS C:\Users\StephenLouise\Documents\Project 1:Roxio EMC Stream deleted successfully.
ADS C:\Users\StephenLouise\Documents\PhotosTemp:Roxio EMC Stream deleted successfully.
ADS C:\Users\StephenLouise\Documents\PcSetup:Roxio EMC Stream deleted successfully.
ADS C:\Users\StephenLouise\Documents\OneNote Notebooks:Roxio EMC Stream deleted successfully.
ADS C:\Users\StephenLouise\Documents\OJOsoft Corporation:Roxio EMC Stream deleted successfully.
ADS C:\Users\StephenLouise\Documents\NeroVision:Roxio EMC Stream deleted successfully.
ADS C:\Users\StephenLouise\Documents\My Weblog Posts:Roxio EMC Stream deleted successfully.
ADS C:\Users\StephenLouise\Documents\My PSP Files:Roxio EMC Stream deleted successfully.
ADS C:\Users\StephenLouise\Documents\My Games:Roxio EMC Stream deleted successfully.
ADS C:\Users\StephenLouise\Documents\Microsoft Office Docs:Roxio EMC Stream deleted successfully.
ADS C:\Users\StephenLouise\Documents\Michael CV:Roxio EMC Stream deleted successfully.
ADS C:\Users\StephenLouise\Documents\MakeDiscVideo:Roxio EMC Stream deleted successfully.
ADS C:\Users\StephenLouise\Documents\LimeWire:Roxio EMC Stream deleted successfully.
ADS C:\Users\StephenLouise\Documents\ICQ:Roxio EMC Stream deleted successfully.
ADS C:\Users\StephenLouise\Documents\FIFA 08:Roxio EMC Stream deleted successfully.
ADS C:\Users\StephenLouise\Documents\Family Tree Maker:Roxio EMC Stream deleted successfully.
ADS C:\Users\StephenLouise\Documents\DVDVideoSoft:Roxio EMC Stream deleted successfully.
ADS C:\Users\StephenLouise\Documents\DVDFab:Roxio EMC Stream deleted successfully.
ADS C:\Users\StephenLouise\Documents\DSBOutput:Roxio EMC Stream deleted successfully.
ADS C:\Users\StephenLouise\Documents\Downloaded Radio:Roxio EMC Stream deleted successfully.
ADS C:\Users\StephenLouise\Documents\digital locker Downloads:Roxio EMC Stream deleted successfully.
ADS C:\Users\StephenLouise\Documents\CyberLink:Roxio EMC Stream deleted successfully.
ADS C:\Users\StephenLouise\Documents\ConvertXtoDVD:Roxio EMC Stream deleted successfully.
ADS C:\Users\StephenLouise\Documents\Azureus Downloads:Roxio EMC Stream deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: StephenLouise
->Temp folder emptied: 36751 bytes
->Temporary Internet Files folder emptied: 139400042 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3942 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6216736 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 139.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: IUSR_NMPR

User: Mcx1

User: Public

User: StephenLouise
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 05252011_225211

Files\Folders moved on Reboot...
C:\Users\StephenLouise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RBS4ZQ52\page__p__2258398__fromsearch__1[1].htm moved successfully.
File move failed. C:\Windows\S748D39BF.tmp scheduled to be moved on reboot.
C:\Windows\temp\JET60F3.tmp moved successfully.
C:\Windows\temp\MSI48757.LOG moved successfully.

Registry entries deleted on Reboot...




OTL logfile created on: 25/05/2011 23:25:00 - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\StephenLouise\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 49.05% Memory free
7.41 Gb Paging File | 5.78 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): c:\pagefile.sys 4603 5603 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445.76 Gb Total Space | 345.15 Gb Free Space | 77.43% Space Free | Partition Type: NTFS
Drive D: | 19.99 Gb Total Space | 11.18 Gb Free Space | 55.93% Space Free | Partition Type: FAT32
Drive J: | 931.28 Gb Total Space | 0.35 Gb Free Space | 0.04% Space Free | Partition Type: FAT32
Drive K: | 1863.01 Gb Total Space | 51.98 Gb Free Space | 2.79% Space Free | Partition Type: NTFS
Drive L: | 931.51 Gb Total Space | 406.30 Gb Free Space | 43.62% Space Free | Partition Type: NTFS

Computer Name: STEPHENLOO-PC | User Name: StephenLouise | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/25 01:31:36 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\StephenLouise\Desktop\OTL.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/04/14 00:20:51 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10o_ActiveX.exe
PRC - [2011/04/10 12:24:18 | 000,506,792 | ---- | M] (www.nerdoftheherd.com) -- C:\Program Files\Radio Downloader\Radio Downloader.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2009/11/10 11:28:36 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/07 16:43:36 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/11/07 16:39:36 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/05/26 16:20:50 | 000,585,728 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
PRC - [2008/05/26 16:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
PRC - [2008/03/19 20:25:59 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2008/02/27 17:56:54 | 001,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
PRC - [2007/11/14 16:50:42 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/10/19 18:42:38 | 000,290,909 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
PRC - [2007/10/19 18:42:38 | 000,114,779 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
PRC - [2007/10/19 18:42:02 | 000,155,648 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
PRC - [2007/10/15 10:15:08 | 001,410,344 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/10/15 10:14:48 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007/10/08 15:19:22 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/08 15:19:20 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/06/27 11:18:40 | 000,215,256 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
PRC - [2007/06/27 11:18:20 | 000,293,080 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
PRC - [2007/06/27 11:18:08 | 000,223,448 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
PRC - [2007/06/27 11:17:26 | 000,272,600 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe
PRC - [2007/06/27 11:17:12 | 000,446,680 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
PRC - [2007/06/27 11:16:02 | 000,157,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
PRC - [2007/06/27 11:15:14 | 000,059,096 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
PRC - [2007/06/27 11:14:46 | 000,317,656 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
PRC - [2007/06/27 11:14:40 | 000,439,512 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
PRC - [2007/06/27 11:13:56 | 000,268,504 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
PRC - [2007/02/12 12:46:34 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2006/08/14 02:07:00 | 000,102,400 | ---- | M] () -- C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
PRC - [2006/08/10 13:10:14 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/08/10 12:38:54 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/07/31 10:00:00 | 001,116,920 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2001/11/12 04:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe


========== Modules (SafeList) ==========

MOD - [2011/05/25 01:31:36 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\StephenLouise\Desktop\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2008/11/07 16:40:52 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/05/26 16:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)
SRV - [2008/03/19 20:25:59 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/10/19 18:42:38 | 000,290,909 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS)
SRV - [2007/10/19 18:42:38 | 000,114,779 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS))
SRV - [2007/10/08 15:19:22 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/06/27 11:18:08 | 000,223,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2007/06/27 11:17:26 | 000,272,600 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe -- (QualityManager) Intel®
SRV - [2007/06/27 11:17:12 | 000,446,680 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2007/06/27 11:16:02 | 000,157,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2007/06/27 11:15:28 | 000,039,640 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE) Intel®
SRV - [2007/06/27 11:15:14 | 000,059,096 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2007/06/27 11:14:46 | 000,317,656 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore) Intel®
SRV - [2007/06/27 11:13:56 | 000,268,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2007/02/12 12:46:34 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/08/10 05:11:14 | 000,057,344 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2006/08/10 05:10:50 | 000,294,912 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2001/11/12 04:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009/02/03 14:54:52 | 000,003,768 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SndTVideo.sys -- (SndTVideo)
DRV - [2009/02/03 14:54:48 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2008/09/26 09:53:00 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/09/26 09:52:00 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/05/26 16:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2008/03/19 17:02:37 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/01/08 09:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007/12/14 04:28:00 | 008,244,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/11/08 17:36:25 | 000,005,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/09/21 01:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007/06/27 11:17:46 | 000,014,552 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2007/06/19 02:37:58 | 000,229,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/04/11 15:33:14 | 000,028,688 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/04/11 15:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 15:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 15:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/04/03 13:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
DRV - [2007/04/03 13:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116obex.sys -- (s116obex)
DRV - [2007/04/03 13:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)
DRV - [2007/04/03 13:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 13:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007/04/03 13:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007/04/03 13:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2007/02/18 21:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2007/02/16 01:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2006/11/30 06:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006/11/17 01:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/08/09 05:30:42 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006/08/08 10:18:50 | 000,009,432 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/08 10:18:28 | 000,035,128 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/08 10:18:26 | 000,097,880 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/08 10:18:26 | 000,094,680 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/08 10:18:24 | 000,026,136 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/08 10:18:22 | 000,032,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/08 10:18:20 | 000,104,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/08 10:18:20 | 000,014,552 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/01 21:06:20 | 000,012,952 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/01 21:06:18 | 000,028,216 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2004/04/16 14:57:58 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.digitalspy.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/22 01:51:31 | 000,000,000 | ---D | M]

[2009/04/14 13:20:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\StephenLouise\AppData\Roaming\Mozilla\Extensions
[2009/04/14 13:20:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\StephenLouise\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2011/05/25 22:52:15 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ALDI Photo Service] C:\Program Files\ALDI Photo Service\ALDI_Photo_Service\FotoSuite.exe (MAGIX AG)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Roxio\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Sonic Solutions)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [EPSON Stylus Photo RX585 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICLE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [Radio Downloader] C:\Program Files\Radio Downloader\Radio Downloader.exe (www.nerdoftheherd.com)
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {678940D3-080C-4FCE-A54D-D443E1177F01} https://www.coolroom.com/ActiveX/ax.dll (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\StephenLouise\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\StephenLouise\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/05/25 03:44:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/25 01:31:33 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\StephenLouise\Desktop\OTL.exe
[2011/05/25 01:03:16 | 000,400,384 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\StephenLouise\Desktop\JavaRa.exe
[2011/05/24 23:46:55 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{3E5E0C92-AC44-4717-9089-3F06E1517555}
[2011/05/24 15:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/24 14:57:57 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Roaming\Malwarebytes
[2011/05/24 14:57:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/24 14:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/24 14:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/24 14:57:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/24 14:57:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/24 14:56:44 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\StephenLouise\Desktop\mbam-setup.exe
[2011/05/24 14:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/05/24 10:52:07 | 003,063,136 | ---- | C] (Piriform Ltd) -- C:\Users\StephenLouise\Desktop\ccsetup306.exe
[2011/05/23 22:53:59 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{B8081BE6-4A14-4BDF-A91E-970402AC84AD}
[2011/05/23 09:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/05/23 09:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/23 09:53:54 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\StephenLouise\Desktop\HJTInstall.exe
[2011/05/23 09:50:38 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\StephenLouise\Desktop\aswMBR.exe
[2011/05/23 09:39:58 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\StephenLouise\Desktop\tdsskiller.exe
[2011/05/22 23:30:30 | 000,606,738 | ---- | C] (Swearware) -- C:\Users\StephenLouise\Desktop\dds.pif
[2011/05/22 14:44:30 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{3CF01CED-6E29-4010-A126-ADCCB6A8E377}
[2011/05/22 10:27:23 | 000,606,738 | R--- | C] (Swearware) -- C:\Users\StephenLouise\Desktop\dds.scr
[2011/05/22 03:00:41 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/05/22 01:52:25 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Roaming\AVG10
[2011/05/22 01:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/05/22 01:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/05/22 01:51:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/05/22 01:23:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/05/22 01:23:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/05/21 15:31:26 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{9170A321-D9A0-4AC4-9087-3FBE20FDDC00}
[2011/05/21 15:30:28 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{BBFD3B51-86DE-41C0-BF5B-6FE32E5CBA85}
[2011/05/18 00:40:48 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{E317EA47-9B1E-45B6-AB42-0CE0CA3F9A73}
[2011/05/16 16:03:05 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{C2CDBC52-70B9-451E-BC0E-8A3996D27EFF}
[2011/05/15 23:05:54 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{7BE27D35-2131-4556-BBB8-B1900EF6632F}
[2011/05/14 23:05:52 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{90754768-6612-4C88-8E43-3679AD0DF23E}
[2011/05/14 13:42:50 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{22299146-9E59-4341-947B-1FA46FA283E0}
[2011/05/14 12:00:18 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{FC3A1553-3168-41D4-95EF-3E29C230EA22}
[2011/05/13 13:50:53 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{4DBC773A-3266-4F23-8A34-8157FA023039}
[2011/05/12 22:49:46 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\{DABFEA44-4A36-4DB6-A9C2-8420188463DA}
[2011/05/11 13:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/05/10 00:16:48 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\Documents\Project 2
[2011/05/10 00:16:20 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\Documents\Project 1
[2011/05/04 00:06:12 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/05/04 00:00:05 | 000,000,000 | ---D | C] -- C:\Users\StephenLouise\AppData\Local\Windows Live
[2011/05/03 23:56:52 | 000,000,000 | ---D | C] -- C:\Program Files\Radio Downloader
[2011/05/01 10:08:38 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/05/01 10:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/05/01 09:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/05/01 00:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/04/30 21:26:10 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2008/04/09 10:31:47 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\StephenLouise\AppData\Roaming\pcouffin.sys
[2006/07/11 15:29:00 | 000,028,672 | R--- | C] ( ) -- C:\Windows\System32\DivXGraphBuilderCallback.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/25 23:23:44 | 000,647,164 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/25 23:23:44 | 000,124,162 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/25 23:17:47 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/25 23:17:47 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/25 23:17:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/25 23:16:13 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/05/25 22:52:15 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/25 20:23:42 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{45E8EFFC-A075-4B54-9F98-CB7F7EA8A6F9}.job
[2011/05/25 17:13:35 | 115,992,392 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/05/25 09:09:40 | 000,226,816 | ---- | M] () -- C:\Users\StephenLouise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/25 01:31:36 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\StephenLouise\Desktop\OTL.exe
[2011/05/25 01:02:59 | 000,159,772 | ---- | M] () -- C:\Users\StephenLouise\Desktop\JavaRa.zip
[2011/05/24 14:57:32 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/24 14:56:58 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\StephenLouise\Desktop\mbam-setup.exe
[2011/05/24 14:45:05 | 011,850,240 | ---- | M] () -- C:\Users\StephenLouise\Desktop\AdbeRdrUpd932_all_incr.msp
[2011/05/24 14:40:32 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/05/24 14:35:44 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/05/24 10:52:10 | 003,063,136 | ---- | M] (Piriform Ltd) -- C:\Users\StephenLouise\Desktop\ccsetup306.exe
[2011/05/23 09:54:39 | 000,001,838 | ---- | M] () -- C:\Users\StephenLouise\Desktop\HijackThis.lnk
[2011/05/23 09:53:54 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\StephenLouise\Desktop\HJTInstall.exe
[2011/05/23 09:52:36 | 000,000,512 | ---- | M] () -- C:\Users\StephenLouise\Desktop\MBR.dat
[2011/05/23 09:50:39 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\StephenLouise\Desktop\aswMBR.exe
[2011/05/23 09:40:01 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\StephenLouise\Desktop\tdsskiller.exe
[2011/05/23 00:20:00 | 456,071,076 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/22 23:30:32 | 000,606,738 | ---- | M] (Swearware) -- C:\Users\StephenLouise\Desktop\dds.pif
[2011/05/22 10:27:25 | 000,606,738 | R--- | M] (Swearware) -- C:\Users\StephenLouise\Desktop\dds.scr
[2011/05/22 10:15:23 | 000,050,477 | ---- | M] () -- C:\Users\StephenLouise\Desktop\Defogger.exe
[2011/05/22 10:11:53 | 000,133,632 | ---- | M] () -- C:\Users\StephenLouise\Desktop\RKUnhookerLE.EXE
[2011/05/22 01:51:33 | 000,000,794 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/05/22 00:24:25 | 000,017,480 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/05/19 15:22:30 | 000,009,754 | ---- | M] () -- C:\Users\StephenLouise\Documents\cc_20110519_152220.reg
[2011/05/18 01:01:52 | 002,416,776 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/05/17 17:47:35 | 032,722,096 | ---- | M] () -- C:\Users\StephenLouise\AppData\Local\rx_image.Cache
[2011/05/15 18:12:08 | 000,309,228 | ---- | M] () -- C:\Users\StephenLouise\Desktop\JavaRa.def
[2011/05/04 22:50:18 | 000,397,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/01 15:40:30 | 000,000,663 | ---- | M] () -- C:\Users\StephenLouise\AppData\Roaming\vso_ts_preview.xml
[2011/05/01 10:29:05 | 000,001,764 | ---- | M] () -- C:\Users\StephenLouise\Documents\cc_20110501_102903.reg
[2011/05/01 10:08:38 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/05/01 10:01:20 | 000,007,326 | ---- | M] () -- C:\Users\StephenLouise\Documents\cc_20110501_100115.reg
[2011/05/01 09:51:01 | 000,002,082 | ---- | M] () -- C:\Windows\System32\.crusader
[2011/05/01 00:49:22 | 000,452,792 | ---- | M] () -- C:\Users\StephenLouise\Documents\cc_20110501_004857.reg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/25 17:13:35 | 115,992,392 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/05/25 01:03:16 | 000,309,228 | ---- | C] () -- C:\Users\StephenLouise\Desktop\JavaRa.def
[2011/05/25 01:03:16 | 000,003,127 | ---- | C] () -- C:\Users\StephenLouise\Desktop\Nederlands.lng
[2011/05/25 01:03:16 | 000,003,027 | ---- | C] () -- C:\Users\StephenLouise\Desktop\Franšais.lng
[2011/05/25 01:03:16 | 000,002,946 | ---- | C] () -- C:\Users\StephenLouise\Desktop\Espa˝ol.lng
[2011/05/25 01:03:16 | 000,002,920 | ---- | C] () -- C:\Users\StephenLouise\Desktop\Italiano.lng
[2011/05/25 01:03:16 | 000,002,699 | ---- | C] () -- C:\Users\StephenLouise\Desktop\Deutsch.lng
[2011/05/25 01:03:16 | 000,002,553 | ---- | C] () -- C:\Users\StephenLouise\Desktop\Suomi.lng
[2011/05/25 01:02:58 | 000,159,772 | ---- | C] () -- C:\Users\StephenLouise\Desktop\JavaRa.zip
[2011/05/24 14:57:32 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/24 14:39:23 | 011,850,240 | ---- | C] () -- C:\Users\StephenLouise\Desktop\AdbeRdrUpd932_all_incr.msp
[2011/05/24 14:35:44 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011/05/24 14:35:44 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/05/24 14:32:59 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/24 14:32:59 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/05/23 09:54:39 | 000,001,838 | ---- | C] () -- C:\Users\StephenLouise\Desktop\HijackThis.lnk
[2011/05/23 09:52:36 | 000,000,512 | ---- | C] () -- C:\Users\StephenLouise\Desktop\MBR.dat
[2011/05/22 18:20:22 | 000,000,408 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{45E8EFFC-A075-4B54-9F98-CB7F7EA8A6F9}.job
[2011/05/22 10:15:22 | 000,050,477 | ---- | C] () -- C:\Users\StephenLouise\Desktop\Defogger.exe
[2011/05/22 10:11:52 | 000,133,632 | ---- | C] () -- C:\Users\StephenLouise\Desktop\RKUnhookerLE.EXE
[2011/05/22 01:51:33 | 000,000,794 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/05/20 15:40:20 | 456,071,076 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/19 15:22:22 | 000,009,754 | ---- | C] () -- C:\Users\StephenLouise\Documents\cc_20110519_152220.reg
[2011/05/18 01:11:21 | 000,000,913 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/05/11 13:41:24 | 002,416,776 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/05/04 00:05:42 | 000,001,078 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/05/04 00:05:27 | 000,001,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/05/04 00:05:02 | 000,000,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/05/04 00:04:23 | 000,001,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/05/01 10:29:04 | 000,001,764 | ---- | C] () -- C:\Users\StephenLouise\Documents\cc_20110501_102903.reg
[2011/05/01 10:01:18 | 000,007,326 | ---- | C] () -- C:\Users\StephenLouise\Documents\cc_20110501_100115.reg
[2011/05/01 09:51:01 | 000,002,082 | ---- | C] () -- C:\Windows\System32\.crusader
[2011/05/01 09:37:21 | 000,017,480 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/05/01 00:49:04 | 000,452,792 | ---- | C] () -- C:\Users\StephenLouise\Documents\cc_20110501_004857.reg
[2010/08/14 22:53:17 | 000,000,760 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\setup_ldm.iss
[2009/11/10 11:35:28 | 000,000,048 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/09/17 02:15:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/17 02:15:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/03 15:27:09 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009/06/03 15:26:58 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009/03/31 16:43:24 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009/03/31 16:43:24 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009/03/31 16:43:24 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009/03/31 16:38:42 | 000,000,027 | ---- | C] () -- C:\Windows\CDE RX585DEFGIPS.ini
[2009/02/09 03:36:20 | 000,001,008 | ---- | C] () -- C:\Windows\AZPR3.INI
[2008/12/24 14:29:30 | 000,974,848 | ---- | C] () -- C:\Windows\vorbis.dll
[2008/12/24 14:29:30 | 000,049,152 | ---- | C] () -- C:\Windows\ogg.dll
[2008/12/24 14:29:30 | 000,028,672 | ---- | C] () -- C:\Windows\vorbisfile.dll
[2008/08/10 23:36:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/04 18:22:56 | 000,000,567 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\AutoGK.ini
[2008/08/04 17:36:25 | 000,043,698 | ---- | C] () -- C:\Windows\System32\xvid-uninstall.exe
[2008/05/28 21:00:23 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/05/28 20:59:45 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/05/22 23:54:24 | 000,080,104 | ---- | C] () -- C:\Users\StephenLouise\AppData\Local\rx_audio.Cache
[2008/04/25 14:56:49 | 000,000,751 | ---- | C] () -- C:\Windows\Ulead32.ini
[2008/04/25 14:56:49 | 000,000,028 | ---- | C] () -- C:\Windows\Msdevctl.ini
[2008/04/24 12:09:35 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008/04/09 10:34:55 | 000,000,663 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\vso_ts_preview.xml
[2008/04/09 10:31:47 | 000,087,608 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\inst.exe
[2008/04/09 10:31:47 | 000,007,887 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\pcouffin.cat
[2008/04/09 10:31:47 | 000,001,144 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\pcouffin.inf
[2008/04/08 19:21:04 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/04/03 12:25:27 | 000,033,533 | ---- | C] () -- C:\Windows\System32\CoreVorbis-uninstall.exe
[2008/04/03 12:25:21 | 000,036,734 | ---- | C] () -- C:\Windows\System32\OggDSuninst.exe
[2008/04/03 12:25:03 | 000,040,960 | ---- | C] () -- C:\Windows\System32\MMAVILNG.exe
[2008/04/03 12:23:31 | 000,011,270 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/04/03 12:23:31 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\689F9E7409.sys
[2008/03/18 19:03:59 | 032,722,096 | ---- | C] () -- C:\Users\StephenLouise\AppData\Local\rx_image.Cache
[2008/03/18 18:49:13 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2008/03/18 18:49:13 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2008/03/18 02:18:31 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/03/18 02:18:31 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/03/18 02:18:31 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/03/18 02:18:31 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/03/18 02:18:31 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/03/18 02:18:31 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/03/18 02:18:31 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/03/18 02:18:31 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/03/18 02:18:31 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/03/18 02:18:31 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/03/18 02:18:31 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/03/18 02:18:31 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/03/18 02:18:31 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/03/18 02:18:31 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/03/18 02:18:31 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/03/18 02:18:31 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/03/14 14:06:34 | 000,007,592 | ---- | C] () -- C:\Users\StephenLouise\AppData\Local\d3d9caps.dat
[2008/03/14 03:28:12 | 000,026,340 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\UserTile.png
[2008/03/14 02:57:22 | 000,000,000 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\wklnhst.dat
[2008/03/14 02:34:54 | 000,000,092 | ---- | C] () -- C:\Users\StephenLouise\AppData\Roaming\Default.PLS
[2008/03/14 01:01:37 | 000,226,816 | ---- | C] () -- C:\Users\StephenLouise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/21 03:05:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/02/21 03:03:24 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/02/07 14:07:42 | 000,009,824 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2007/11/08 16:39:13 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/10/08 06:58:42 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2006/12/30 18:48:38 | 000,000,491 | ---- | C] () -- C:\Windows\powermp3cutterjoiner.ini
[2006/12/11 19:24:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,397,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,647,164 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,124,162 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/16 13:47:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/08/09 05:19:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/08/09 05:19:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/08/09 02:00:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\besch.exe
[2006/08/09 02:00:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\besched.dll
[2006/06/23 11:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2005/11/05 20:34:50 | 000,145,408 | ---- | C] () -- C:\Windows\System32\Lame.exe
[2005/07/15 19:35:56 | 000,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2005/07/15 19:35:56 | 000,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2004/12/12 19:41:12 | 000,000,463 | ---- | C] () -- C:\Windows\Windir.ini
[2004/09/01 16:49:17 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
[2003/10/02 02:00:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lockout.dll
[2003/10/02 02:00:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\lockres.dll
[2003/08/07 14:01:52 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2002/10/15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2002/10/06 19:42:57 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2002/10/05 00:04:25 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2002/10/05 00:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2002/10/05 00:04:17 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[1995/10/21 10:37:52 | 000,035,328 | ---- | C] () -- C:\Windows\INETWH32.DLL

========== LOP Check ==========

[2011/05/22 01:52:25 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\AVG10
[2011/05/01 00:46:18 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Azureus
[2008/04/15 21:21:48 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Broderbund
[2010/09/06 02:06:57 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/04/01 10:52:36 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\EPSON
[2010/12/13 02:25:32 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\FLV Extract
[2011/05/22 02:16:12 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\GrabIt
[2008/03/21 14:19:42 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Jasc
[2008/03/14 23:43:21 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Leadertech
[2009/12/31 14:53:13 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\LimeWire
[2008/03/19 20:26:05 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Netscape
[2009/04/26 00:06:15 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Nokia
[2009/04/26 00:06:10 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\PC Suite
[2008/03/18 01:08:57 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\PeerNetworking
[2008/03/19 20:25:24 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Photodex
[2009/12/09 23:31:46 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Sports Interactive
[2008/03/14 02:57:22 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Template
[2008/03/14 01:20:01 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Ulead Systems
[2011/05/25 22:51:20 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\uTorrent
[2008/08/04 17:30:44 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\VideoReDoPlus
[2011/05/01 15:40:31 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Vso
[2009/11/15 03:27:02 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\Windows Live Writer
[2011/02/02 03:41:29 | 000,000,000 | ---D | M] -- C:\Users\StephenLouise\AppData\Roaming\www.nerdoftheherd.com
[2011/05/25 22:53:52 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/25 20:23:42 | 000,000,408 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{45E8EFFC-A075-4B54-9F98-CB7F7EA8A6F9}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/02/07 18:19:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\atapi.sys
[2008/02/07 18:19:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\atapi.sys
[2008/01/19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/04/17 11:11:10 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\drivers\atapi.sys
[2007/04/17 11:11:10 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2007/04/17 11:11:10 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
[2008/02/07 18:19:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_27cad3e5\atapi.sys
[2008/02/07 18:19:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/01/12 23:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll

< MD5 for: IASTOR.SYS >
[2007/07/12 07:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys
[2007/10/08 15:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/10/08 15:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Windows\System32\drivers\iaStor.sys
[2007/10/08 15:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1bb129e3\iaStor.sys
[2007/10/08 15:19:02 | 000,383,000 | ---- | M] (Intel Corporation) MD5=968BCEAD432CD478D0659FC95ED52170 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: VOLSNAP.SYS >
[2006/11/02 10:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/11 07:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/11 07:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/11 07:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008/02/07 18:19:16 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=327639D2EC931B057F3826A51ADC73E9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.20709_none_146318401803edb5\volsnap.sys
[2008/02/07 18:19:16 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f47b2c78\volsnap.sys
[2008/02/07 18:19:16 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.16586_none_137ff950ff29e447\volsnap.sys
[2008/01/19 00:42:50 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/19 00:42:50 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< %systemroot%\*. /mp /s >

< End of report >
How do!

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:01 AM

Posted 25 May 2011 - 06:10 PM

Hello, MaccaUK.
Congratulations! You now appear clean! :cool:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Please reopen Posted Image on your desktop.If you are using Vista, please right-click and choose run as administrator[/color]
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 MaccaUK

MaccaUK
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:01 AM

Posted 26 May 2011 - 08:57 AM

Hi there,

Many thanks for all your help :)

The only things i've had no luck with is the uninstalling of older update files of Java plus Version 8.1.2 of Adobe Reader.

Also i've noticed doing those OTL fix parts near the end of your help my PC now keeps hanging on a black screen for along time
when i reboot or switch it on in the morning. I can get round this by restarting again in safe mode and then restarting but
it's not ideal. I've never had this happen before so that's why it seems so unusual for my machine to be doing it. Any help you
can suggest or shed on that would be great.

Kind Regards

MaccaUK

Edited by fireman4it, 26 May 2011 - 10:35 AM.

How do!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users