Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Infection, Computer freezing


  • This topic is locked This topic is locked
17 replies to this topic

#1 muffybg

muffybg

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 25 May 2011 - 09:37 AM

Firstly apologies if this is not a spyware/virus problem. The laptop starts up fine but after 5-10 minutes just freezes although sometimes runs for an hour. The first reason i suspected virus activity was the fact the avast Icon was not showing on taskbar. After running MBAM etc and reinstalling Avast the icon is back but the freeze still occurs. Went in msconfig and stopped everything starting up except avast and still the problem occurs.
So here are the logs and if anyone can help it would be much appreciated.

Stuff that has been run

Avast (No virus) 1 file could not be scanned C:\users\david\appdata\local\temp\nsy95ea.tmp\system.dll (Error:The system cannot find the specified file)
MBAM (Couple of minor spyware mainly tracking cookies)
Superantispyware (2 tracking cookies)
Combofix (C\programdata\fullremove.exe & c:users\david\appdata\roaming.#)
CHKDSK & CHKDSK /r (no problems)
Verifier (Cause system crash on boot, have to boot into safe mode and use verifier /reset to rectify)
System restore Disabled
Rkill
SFC /Scannow (no errors)

GMER had to be run in safe mode as wouldn't stay on long enough in normal mode.

DDS TEXT


.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by David at 13:49:12 on 2011-05-25
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2933.1905 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k hpdevmgmt
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\David\Desktop\dds.scr
C:\windows\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-24 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-24 307928]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2010-4-29 10752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-24 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-5-24 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-24 42184]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-4-30 132480]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-10-1 38224]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-9-30 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-4-30 232960]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-1 1343400]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-1 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-1 135664]
S4 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-10-9 14336]
.
=============== Created Last 30 ================
.
2011-05-25 12:47:49 4660 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-05-24 23:22:15 -------- d-----w- c:\program files\Marvell
2011-05-24 23:21:46 64672 ------w- c:\windows\system32\athihvui.dll
2011-05-24 23:21:46 400544 ------w- c:\windows\system32\athihvs.dll
2011-05-24 23:21:46 1249792 ----a-w- c:\windows\system32\drivers\athr.sys
2011-05-24 23:21:46 1249792 ----a-w- c:\windows\system32\athr.sys
2011-05-24 23:21:46 -------- d-----w- c:\windows\system32\nn-NO
2011-05-24 23:21:46 -------- d-----w- c:\windows\Options
2011-05-24 23:21:45 -------- d-----w- c:\program files\Cisco
2011-05-24 23:21:45 -------- d-----w- c:\program files\Atheros
2011-05-24 23:21:33 -------- d-----w- c:\programdata\Atheros
2011-05-24 23:09:09 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-24 22:52:19 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-05-24 22:52:16 204288 ----a-w- c:\windows\system32\upnp.dll
2011-05-24 22:52:15 204800 ----a-w- c:\windows\system32\WebClnt.dll
2011-05-24 22:52:15 1389568 ----a-w- c:\windows\system32\msxml6.dll
2011-05-24 22:52:15 1236992 ----a-w- c:\windows\system32\msxml3.dll
2011-05-24 22:52:14 80384 ----a-w- c:\windows\system32\davclnt.dll
2011-05-24 22:52:14 73728 ----a-w- c:\windows\system32\wscsvc.dll
2011-05-24 22:52:14 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-05-24 22:52:14 51200 ----a-w- c:\windows\system32\wscapi.dll
2011-05-24 22:52:14 350720 ----a-w- c:\windows\system32\winhttp.dll
2011-05-24 22:52:14 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 22:52:14 14336 ----a-w- c:\windows\system32\slwga.dll
2011-05-24 22:47:19 2614784 ----a-w- c:\windows\explorer.exe
2011-05-24 22:47:13 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-05-24 22:47:08 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-05-24 22:47:08 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-05-24 22:46:47 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-24 22:13:22 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-05-24 21:54:36 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-24 21:14:41 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-24 21:14:41 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-24 21:14:32 40112 ----a-w- c:\windows\avastSS.scr
2011-05-24 21:14:26 -------- d-----w- c:\programdata\AVAST Software
2011-05-24 21:14:26 -------- d-----w- c:\program files\AVAST Software
2011-05-24 20:35:16 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-24 20:35:15 -------- d-----w- c:\users\david\appdata\local\temp
2011-05-24 20:29:26 98816 ----a-w- c:\windows\sed.exe
2011-05-24 20:29:26 89088 ----a-w- c:\windows\MBR.exe
2011-05-24 20:29:26 256512 ----a-w- c:\windows\PEV.exe
2011-05-24 20:29:26 161792 ----a-w- c:\windows\SWREG.exe
2011-05-24 15:58:33 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ffacd580-0f76-41bb-8f8f-d0875bcdee42}\mpengine.dll
2011-05-24 07:01:13 -------- d-----w- c:\windows\pss
2011-05-24 05:06:57 -------- d-----w- c:\windows\system32\wbem\it-IT
2011-05-24 05:06:55 -------- d-----w- c:\windows\system32\wbem\fr-FR
2011-05-24 05:06:54 -------- d-----w- c:\windows\system32\wbem\de-DE
2011-05-24 05:06:02 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-05-24 05:06:02 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2011-05-24 05:06:02 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-05-24 05:06:02 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2011-05-24 05:06:02 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-05-24 05:06:02 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2011-05-24 05:06:00 39728 ----a-w- c:\windows\system32\SCP32.DLL
2011-05-24 05:06:00 125744 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2011-05-23 20:12:46 -------- d-----w- c:\windows\system32\wbem\repository
2011-05-11 20:00:10 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 20:00:10 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-06 15:33:16 212480 ----a-w- c:\windows\pcdlib32.dll
2011-05-06 15:33:04 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-05-06 15:33:04 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-05-06 15:33:04 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2011-05-06 15:33:04 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-05-06 15:29:28 -------- d-----w- c:\programdata\MGI
2011-05-06 15:28:29 1409024 ----a-w- c:\windows\system32\MGIIpl4W7.dll
2011-05-06 15:28:29 1191936 ----a-w- c:\windows\system32\MGIIpl4P6.dll
2011-05-06 15:26:34 306688 ----a-w- c:\windows\IsUninst.exe
.
==================== Find3M ====================
.
2011-05-24 23:22:56 838176 ----a-w- c:\windows\RtlExUpd.dll
2011-03-11 05:40:24 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-08 05:38:13 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 05:29:23 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27:30 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:31:32 2331136 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 13:52:11.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:22 PM

Posted 04 June 2011 - 05:56 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 muffybg

muffybg
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 06 June 2011 - 06:28 AM

Hi M0le, Laptop is currently awaiting your instructions :)

Thanks.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:22 PM

Posted 06 June 2011 - 05:02 PM

There doesn't seem to be much going on there. Please run OTL

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#5 muffybg

muffybg
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 07 June 2011 - 09:15 AM

Right again problems running anything in normal mode but here is the content of the OTL file created before it froze up

OTL logfile created on: 6/7/2011 3:04:07 PM - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\David\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.86 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 76.12% Memory free
5.01 Gb Paging File | 4.24 Gb Available in Paging File | 84.65% Paging File free
Paging file location(s): c:\pagefile.sys 2200 2500 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.05 Gb Total Space | 167.48 Gb Free Space | 72.18% Space Free | Partition Type: NTFS
Drive D: | 50.94 Gb Total Space | 50.79 Gb Free Space | 99.70% Space Free | Partition Type: NTFS
Drive F: | 7.39 Gb Total Space | 7.39 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
 
Computer Name: DAVID-LAPTOP | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\David\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\David\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (rtport) -- C:\Windows\System32\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (IntcDAud) Intel(R) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (SNP2STD) USB2.0 PC Camera (SNP2STD) -- C:\Windows\System32\drivers\snp2sxp.sys ()
DRV - (WinRing0_1_2_0) -- C:\Users\David\Desktop\New folder\WinRing0.sys (OpenLibSys.org)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
 
 
[color=#E56717]========== Standard Registry (All) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/05 19:45:08 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2011/05/24 21:33:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/06/07 14:59:28 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\New folder
[2011/06/07 14:50:00 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2011/05/27 09:26:46 | 002,824,704 | ---- | C] (Askey Computer Corporation.) -- C:\windows\System32\AInst3141.exe
[2011/05/26 18:23:27 | 001,249,792 | ---- | C] (Atheros Communications, Inc.) -- C:\windows\System32\drivers\athr.sys
[2011/05/26 18:23:27 | 001,249,792 | ---- | C] (Atheros Communications, Inc.) -- C:\windows\System32\athr.sys
[2011/05/26 18:23:27 | 000,000,000 | ---D | C] -- C:\windows\Options
[2011/05/26 18:23:26 | 000,400,544 | ---- | C] (Atheros) -- C:\windows\System32\athihvs.dll
[2011/05/26 18:23:26 | 000,064,672 | ---- | C] (Atheros) -- C:\windows\System32\athihvui.dll
[2011/05/26 18:23:26 | 000,000,000 | ---D | C] -- C:\windows\System32\nn-NO
[2011/05/26 18:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2011/05/26 18:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2011/05/26 18:17:20 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\David\Desktop\TDSSKiller.exe
[2011/05/25 13:48:46 | 000,606,738 | R--- | C] (Swearware) -- C:\Users\David\Desktop\dds.scr
[2011/05/25 00:35:26 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2011/05/25 00:23:37 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\windows\System32\SRSTSXT.dll
[2011/05/25 00:23:37 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\windows\System32\SRSTSHD.dll
[2011/05/25 00:23:37 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\windows\System32\SRSHP360.dll
[2011/05/25 00:23:37 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\windows\System32\SRSWOW.dll
[2011/05/25 00:23:36 | 002,795,552 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\System32\RtkAPO.dll
[2011/05/25 00:23:36 | 001,528,864 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\System32\RtkPgExt.dll
[2011/05/25 00:23:36 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\System32\RTSndMgr.cpl
[2011/05/25 00:23:36 | 000,348,160 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RTEEP32A.dll
[2011/05/25 00:23:36 | 000,346,656 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\System32\RtkApoApi.dll
[2011/05/25 00:23:36 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RP3DHT32.dll
[2011/05/25 00:23:36 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RP3DAA32.dll
[2011/05/25 00:23:36 | 000,165,376 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RTEED32A.dll
[2011/05/25 00:23:36 | 000,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RTEEL32A.dll
[2011/05/25 00:23:36 | 000,059,392 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RTEEG32A.dll
[2011/05/25 00:23:36 | 000,055,328 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\System32\RtkCoInst.dll
[2011/05/25 00:23:35 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\windows\System32\MaxxAudioAPO.dll
[2011/05/25 00:23:34 | 000,290,816 | ---- | C] (Fortemedia Corporation) -- C:\windows\System32\FMAPO.dll
[2011/05/25 00:23:33 | 000,838,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\RtlExUpd.dll
[2011/05/25 00:22:54 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Sound_6.0.1.5986
[2011/05/25 00:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\Marvell
[2011/05/25 00:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2011/05/25 00:20:59 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\WLAN_Atheros_32bit_Win7_8.0.0.376
[2011/05/25 00:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/05/24 23:52:16 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\upnp.dll
[2011/05/24 23:52:14 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\davclnt.dll
[2011/05/24 23:52:14 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wscapi.dll
[2011/05/24 23:52:14 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\Diskdump.sys
[2011/05/24 23:52:14 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\slwga.dll
[2011/05/24 23:47:19 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe
[2011/05/24 23:47:13 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prevhost.exe
[2011/05/24 23:47:08 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll
[2011/05/24 23:47:08 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll
[2011/05/24 23:46:47 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll
[2011/05/24 23:13:22 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll
[2011/05/24 22:54:36 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\poqexec.exe
[2011/05/24 22:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/05/24 22:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/24 21:35:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/24 21:35:15 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\temp
[2011/05/24 21:29:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/05/24 21:29:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/05/24 21:29:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/05/24 21:29:23 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/05/24 21:28:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/24 21:28:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2011/05/24 21:28:44 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/05/24 21:28:40 | 010,772,144 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\David\Desktop\SUPERAntiSpyware.exe
[2011/05/24 19:30:56 | 007,082,224 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\David\Desktop\mbam-rules (1).exe
[2011/05/24 19:30:53 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\David\Desktop\mbam-setup (1).exe
[2011/05/24 08:01:13 | 000,000,000 | ---D | C] -- C:\windows\pss
[2011/05/24 06:06:02 | 000,214,024 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfehidk.sys
[2011/05/24 06:06:02 | 000,130,424 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\Mpfp.sys
[2011/05/24 06:06:02 | 000,079,816 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfeavfk.sys
[2011/05/24 06:06:02 | 000,040,552 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfesmfk.sys
[2011/05/24 06:06:02 | 000,035,272 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfebopk.sys
[2011/05/24 06:06:02 | 000,034,248 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mferkdk.sys
[2011/05/24 06:06:00 | 000,125,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSSTDFMT.DLL
[2011/05/24 06:06:00 | 000,039,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SCP32.DLL
[2011/05/11 21:00:10 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2011/05/11 21:00:10 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2011/02/24 00:22:53 | 000,151,552 | ---- | C] ( ) -- C:\windows\System32\rsnp2std.dll
[2011/02/24 00:22:53 | 000,077,824 | ---- | C] ( ) -- C:\windows\System32\csnp2std.dll
[2010/04/30 02:20:18 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2 C:\Users\David\*.tmp files -> C:\Users\David\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/06/07 15:03:46 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/07 15:03:35 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/06/07 15:03:28 | 3075,002,368 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/07 15:02:03 | 000,627,058 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/06/07 15:02:03 | 000,112,956 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/06/07 14:46:30 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2011/05/26 18:20:30 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/26 18:20:30 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/26 18:15:05 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/25 13:47:34 | 000,606,738 | R--- | M] (Swearware) -- C:\Users\David\Desktop\dds.scr
[2011/05/25 13:39:38 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat
[2011/05/25 07:10:16 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\David\Desktop\TDSSKiller.exe
[2011/05/25 00:41:10 | 000,059,456 | ---- | M] () -- C:\Users\David\Desktop\bluescreenview.zip
[2011/05/25 00:23:11 | 000,339,968 | ---- | M] (SRS Labs, Inc.) -- C:\windows\System32\SRSTSXT.dll
[2011/05/25 00:23:11 | 000,185,776 | ---- | M] (SRS Labs, Inc.) -- C:\windows\System32\SRSTSHD.dll
[2011/05/25 00:23:11 | 000,135,168 | ---- | M] (SRS Labs, Inc.) -- C:\windows\System32\SRSWOW.dll
[2011/05/25 00:23:10 | 000,551,456 | ---- | M] (Realtek Semiconductor Corp.) -- C:\windows\System32\RTSndMgr.cpl
[2011/05/25 00:23:10 | 000,167,936 | ---- | M] (SRS Labs, Inc.) -- C:\windows\System32\SRSHP360.dll
[2011/05/25 00:23:09 | 002,795,552 | ---- | M] (Realtek Semiconductor Corp.) -- C:\windows\System32\RtkAPO.dll
[2011/05/25 00:23:09 | 001,528,864 | ---- | M] (Realtek Semiconductor Corp.) -- C:\windows\System32\RtkPgExt.dll
[2011/05/25 00:23:09 | 000,346,656 | ---- | M] (Realtek Semiconductor Corp.) -- C:\windows\System32\RtkApoApi.dll
[2011/05/25 00:23:09 | 000,055,328 | ---- | M] (Realtek Semiconductor Corp.) -- C:\windows\System32\RtkCoInst.dll
[2011/05/25 00:23:07 | 000,290,304 | ---- | M] (Dolby Laboratories, Inc.) -- C:\windows\System32\RP3DHT32.dll
[2011/05/25 00:23:07 | 000,290,304 | ---- | M] (Dolby Laboratories, Inc.) -- C:\windows\System32\RP3DAA32.dll
[2011/05/25 00:23:06 | 000,290,816 | ---- | M] (Fortemedia Corporation) -- C:\windows\System32\FMAPO.dll
[2011/05/25 00:23:06 | 000,126,976 | ---- | M] (Waves Audio Ltd.) -- C:\windows\System32\MaxxAudioAPO.dll
[2011/05/25 00:22:56 | 000,838,176 | ---- | M] (Realtek Semiconductor Corp.) -- C:\windows\RtlExUpd.dll
[2011/05/25 00:21:01 | 039,696,080 | ---- | M] () -- C:\Users\David\Desktop\Sound_6.0.1.5986.zip
[2011/05/25 00:20:34 | 001,369,566 | ---- | M] () -- C:\Users\David\Desktop\LAN_Win7_11.22.3.3.zip
[2011/05/25 00:20:23 | 034,888,737 | ---- | M] () -- C:\Users\David\Desktop\WLAN_Atheros_32bit_Win7_8.0.0.376.zip
[2011/05/24 22:14:41 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2011/05/24 21:33:47 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2011/05/24 19:38:20 | 000,001,091 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/24 19:38:20 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/24 17:21:59 | 000,012,288 | ---- | M] () -- C:\windows\System32\umstartup.etl
[2011/05/23 20:41:38 | 000,000,120 | ---- | M] () -- C:\ProgramData\~32956152
[2011/05/23 20:41:22 | 000,000,336 | ---- | M] () -- C:\ProgramData\32956152
[2011/05/23 00:29:42 | 004,352,705 | R--- | M] () -- C:\Users\David\Desktop\ComboFix.exe
[2011/05/20 16:16:16 | 042,217,776 | ---- | M] () -- C:\Users\David\Desktop\vpsupd (1).exe
[2011/05/20 10:34:28 | 000,163,328 | ---- | M] () -- C:\Users\Public\Documents\butlins chart.pub
[2011/05/15 21:09:54 | 001,006,778 | ---- | M] () -- C:\Users\David\Desktop\rkill (1).com
[2011/05/15 20:51:34 | 007,082,224 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\David\Desktop\mbam-rules (1).exe
[2011/05/15 20:48:36 | 056,923,744 | ---- | M] () -- C:\Users\David\Desktop\setup_av_free (2).exe
[2011/05/13 12:58:57 | 000,048,688 | ---- | M] () -- C:\Users\Public\Documents\729546.pdf
[2011/05/13 11:56:37 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2 C:\Users\David\*.tmp files -> C:\Users\David\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/05/26 18:23:27 | 000,355,159 | ---- | C] () -- C:\windows\System32\netathr.inf
[2011/05/26 18:23:27 | 000,058,484 | ---- | C] () -- C:\windows\System32\athrext.cat
[2011/05/25 13:54:42 | 000,302,080 | ---- | C] () -- C:\Users\David\Desktop\gmer.exe
[2011/05/25 13:39:38 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat
[2011/05/25 00:41:09 | 000,059,456 | ---- | C] () -- C:\Users\David\Desktop\bluescreenview.zip
[2011/05/25 00:21:01 | 039,696,080 | ---- | C] () -- C:\Users\David\Desktop\Sound_6.0.1.5986.zip
[2011/05/25 00:20:28 | 001,369,566 | ---- | C] () -- C:\Users\David\Desktop\LAN_Win7_11.22.3.3.zip
[2011/05/25 00:20:23 | 034,888,737 | ---- | C] () -- C:\Users\David\Desktop\WLAN_Atheros_32bit_Win7_8.0.0.376.zip
[2011/05/24 21:29:26 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2011/05/24 21:29:26 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/05/24 21:29:26 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
[2011/05/24 21:29:26 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/05/24 21:29:26 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/05/24 21:28:35 | 004,352,705 | R--- | C] () -- C:\Users\David\Desktop\ComboFix.exe
[2011/05/24 20:28:39 | 056,923,744 | ---- | C] () -- C:\Users\David\Desktop\setup_av_free (2).exe
[2011/05/24 19:38:20 | 000,001,091 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/24 19:31:00 | 001,006,778 | ---- | C] () -- C:\Users\David\Desktop\rkill (1).com
[2011/05/24 19:30:46 | 042,217,776 | ---- | C] () -- C:\Users\David\Desktop\vpsupd (1).exe
[2011/05/23 20:41:27 | 000,000,120 | ---- | C] () -- C:\ProgramData\~32956152
[2011/05/23 20:41:22 | 000,000,336 | ---- | C] () -- C:\ProgramData\32956152
[2011/05/19 15:29:04 | 000,163,328 | ---- | C] () -- C:\Users\Public\Documents\butlins chart.pub
[2011/05/13 12:58:57 | 000,048,688 | ---- | C] () -- C:\Users\Public\Documents\729546.pdf
[2011/05/06 16:33:16 | 000,000,021 | ---- | C] () -- C:\windows\PI_setup.ini
[2011/05/06 16:27:47 | 000,000,002 | ---- | C] () -- C:\windows\PhotoSuite.ini
[2011/05/06 16:27:39 | 000,458,752 | ---- | C] () -- C:\windows\System32\Fpl.dll
[2011/05/06 16:27:38 | 000,332,800 | ---- | C] () -- C:\windows\System32\FPXLIB.DLL
[2011/05/06 16:27:38 | 000,122,880 | ---- | C] () -- C:\windows\System32\JPEGLIB.DLL
[2011/05/06 16:27:38 | 000,019,968 | ---- | C] () -- C:\windows\System32\CPUINF32.DLL
[2011/02/24 00:22:54 | 000,340,480 | ---- | C] () -- C:\windows\tsnp2std.exe
[2011/02/24 00:22:54 | 000,015,497 | ---- | C] () -- C:\windows\snp2std.ini
[2011/02/24 00:22:53 | 012,265,728 | ---- | C] () -- C:\windows\System32\drivers\snp2sxp.sys
[2011/02/24 00:22:53 | 000,025,472 | ---- | C] () -- C:\windows\System32\drivers\sncamd.sys
[2010/10/08 13:32:44 | 000,000,532 | ---- | C] () -- C:\windows\hpomdl46.dat.temp
[2010/10/05 19:37:39 | 000,206,183 | ---- | C] () -- C:\windows\hpoins46.dat
[2010/04/30 02:20:18 | 000,870,560 | ---- | C] () -- C:\windows\System32\igkrng575.bin
[2010/04/30 02:20:18 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
[2010/04/30 02:20:18 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll
[2010/04/30 02:20:18 | 000,104,636 | ---- | C] () -- C:\windows\System32\igfcg575m.bin
[2010/04/30 02:20:17 | 000,127,868 | ---- | C] () -- C:\windows\System32\igcompkrng575.bin
[2010/04/30 02:20:17 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2010/04/29 10:39:18 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2010/04/29 10:20:53 | 000,000,600 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/01/29 22:21:20 | 000,000,532 | ---- | C] () -- C:\windows\hpomdl46.dat
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 05:33:53 | 003,784,448 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,627,058 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,112,956 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/13 23:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/13 23:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/13 23:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2008/09/22 14:21:34 | 000,127,092 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008/08/20 16:45:46 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011/05/23 20:59:59 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Audacity
[2011/05/23 21:59:23 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\BitTorrent
[2011/05/23 20:59:59 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\GetRightToGo
[2011/05/23 20:59:42 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Sports Interactive
[2011/03/06 20:16:15 | 000,000,000 | -H-D | M] -- C:\Users\David\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/01/09 20:21:09 | 000,000,000 | -H-D | M] -- C:\Users\David\AppData\Roaming\Vodafone
[2011/04/16 13:31:26 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >

Here is the OTL.txt file from Safe Mode

OTL logfile created on: 6/7/2011 3:10:19 PM - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\David\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.86 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 80.41% Memory free
5.01 Gb Paging File | 4.47 Gb Available in Paging File | 89.23% Paging File free
Paging file location(s): c:\pagefile.sys 2200 2500 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.05 Gb Total Space | 167.49 Gb Free Space | 72.18% Space Free | Partition Type: NTFS
Drive D: | 50.94 Gb Total Space | 50.79 Gb Free Space | 99.70% Space Free | Partition Type: NTFS
Drive F: | 7.39 Gb Total Space | 7.39 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
 
Computer Name: DAVID-LAPTOP | User Name: David | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\David\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\David\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (rtport) -- C:\Windows\System32\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (IntcDAud) Intel(R) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (SNP2STD) USB2.0 PC Camera (SNP2STD) -- C:\Windows\System32\drivers\snp2sxp.sys ()
DRV - (WinRing0_1_2_0) -- C:\Users\David\Desktop\New folder\WinRing0.sys (OpenLibSys.org)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
 
 
[color=#E56717]========== Standard Registry (All) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/05 19:45:08 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2011/05/24 21:33:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/06/07 14:59:28 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\New folder
[2011/06/07 14:50:00 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2011/05/27 09:26:46 | 002,824,704 | ---- | C] (Askey Computer Corporation.) -- C:\windows\System32\AInst3141.exe
[2011/05/26 18:23:27 | 001,249,792 | ---- | C] (Atheros Communications, Inc.) -- C:\windows\System32\drivers\athr.sys
[2011/05/26 18:23:27 | 001,249,792 | ---- | C] (Atheros Communications, Inc.) -- C:\windows\System32\athr.sys
[2011/05/26 18:23:27 | 000,000,000 | ---D | C] -- C:\windows\Options
[2011/05/26 18:23:26 | 000,400,544 | ---- | C] (Atheros) -- C:\windows\System32\athihvs.dll
[2011/05/26 18:23:26 | 000,064,672 | ---- | C] (Atheros) -- C:\windows\System32\athihvui.dll
[2011/05/26 18:23:26 | 000,000,000 | ---D | C] -- C:\windows\System32\nn-NO
[2011/05/26 18:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2011/05/26 18:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2011/05/26 18:17:20 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\David\Desktop\TDSSKiller.exe
[2011/05/25 13:48:46 | 000,606,738 | R--- | C] (Swearware) -- C:\Users\David\Desktop\dds.scr
[2011/05/25 00:35:26 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2011/05/25 00:23:37 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\windows\System32\SRSTSXT.dll
[2011/05/25 00:23:37 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\windows\System32\SRSTSHD.dll
[2011/05/25 00:23:37 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\windows\System32\SRSHP360.dll
[2011/05/25 00:23:37 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\windows\System32\SRSWOW.dll
[2011/05/25 00:23:36 | 002,795,552 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\System32\RtkAPO.dll
[2011/05/25 00:23:36 | 001,528,864 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\System32\RtkPgExt.dll
[2011/05/25 00:23:36 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\System32\RTSndMgr.cpl
[2011/05/25 00:23:36 | 000,348,160 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RTEEP32A.dll
[2011/05/25 00:23:36 | 000,346,656 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\System32\RtkApoApi.dll
[2011/05/25 00:23:36 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RP3DHT32.dll
[2011/05/25 00:23:36 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RP3DAA32.dll
[2011/05/25 00:23:36 | 000,165,376 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RTEED32A.dll
[2011/05/25 00:23:36 | 000,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RTEEL32A.dll
[2011/05/25 00:23:36 | 000,059,392 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RTEEG32A.dll
[2011/05/25 00:23:36 | 000,055,328 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\System32\RtkCoInst.dll
[2011/05/25 00:23:35 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\windows\System32\MaxxAudioAPO.dll
[2011/05/25 00:23:34 | 000,290,816 | ---- | C] (Fortemedia Corporation) -- C:\windows\System32\FMAPO.dll
[2011/05/25 00:23:33 | 000,838,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\RtlExUpd.dll
[2011/05/25 00:22:54 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Sound_6.0.1.5986
[2011/05/25 00:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\Marvell
[2011/05/25 00:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2011/05/25 00:20:59 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\WLAN_Atheros_32bit_Win7_8.0.0.376
[2011/05/25 00:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/05/24 23:52:16 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\upnp.dll
[2011/05/24 23:52:14 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\davclnt.dll
[2011/05/24 23:52:14 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wscapi.dll
[2011/05/24 23:52:14 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\Diskdump.sys
[2011/05/24 23:52:14 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\slwga.dll
[2011/05/24 23:47:19 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe
[2011/05/24 23:47:13 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prevhost.exe
[2011/05/24 23:47:08 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll
[2011/05/24 23:47:08 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll
[2011/05/24 23:46:47 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll
[2011/05/24 23:13:22 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll
[2011/05/24 22:54:36 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\poqexec.exe
[2011/05/24 22:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/05/24 22:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/24 21:35:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/24 21:35:15 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\temp
[2011/05/24 21:29:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/05/24 21:29:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/05/24 21:29:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/05/24 21:29:23 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/05/24 21:28:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/24 21:28:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2011/05/24 21:28:44 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/05/24 21:28:40 | 010,772,144 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\David\Desktop\SUPERAntiSpyware.exe
[2011/05/24 19:30:56 | 007,082,224 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\David\Desktop\mbam-rules (1).exe
[2011/05/24 19:30:53 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\David\Desktop\mbam-setup (1).exe
[2011/05/24 08:01:13 | 000,000,000 | ---D | C] -- C:\windows\pss
[2011/05/24 06:06:02 | 000,214,024 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfehidk.sys
[2011/05/24 06:06:02 | 000,130,424 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\Mpfp.sys
[2011/05/24 06:06:02 | 000,079,816 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfeavfk.sys
[2011/05/24 06:06:02 | 000,040,552 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfesmfk.sys
[2011/05/24 06:06:02 | 000,035,272 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfebopk.sys
[2011/05/24 06:06:02 | 000,034,248 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mferkdk.sys
[2011/05/24 06:06:00 | 000,125,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSSTDFMT.DLL
[2011/05/24 06:06:00 | 000,039,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SCP32.DLL
[2011/05/11 21:00:10 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2011/05/11 21:00:10 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2011/02/24 00:22:53 | 000,151,552 | ---- | C] ( ) -- C:\windows\System32\rsnp2std.dll
[2011/02/24 00:22:53 | 000,077,824 | ---- | C] ( ) -- C:\windows\System32\csnp2std.dll
[2010/04/30 02:20:18 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2 C:\Users\David\*.tmp files -> C:\Users\David\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/06/07 15:09:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/06/07 15:09:19 | 3075,002,368 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/07 15:03:46 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/07 15:02:03 | 000,627,058 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/06/07 15:02:03 | 000,112,956 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/06/07 14:46:30 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2011/05/26 18:20:30 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/26 18:20:30 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/26 18:15:05 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/25 13:47:34 | 000,606,738 | R--- | M] (Swearware) -- C:\Users\David\Desktop\dds.scr
[2011/05/25 13:39:38 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat
[2011/05/25 07:10:16 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\David\Desktop\TDSSKiller.exe
[2011/05/25 00:41:10 | 000,059,456 | ---- | M] () -- C:\Users\David\Desktop\bluescreenview.zip
[2011/05/25 00:23:11 | 000,339,968 | ---- | M] (SRS Labs, Inc.) -- C:\windows\System32\SRSTSXT.dll
[2011/05/25 00:23:11 | 000,185,776 | ---- | M] (SRS Labs, Inc.) -- C:\windows\System32\SRSTSHD.dll
[2011/05/25 00:23:11 | 000,135,168 | ---- | M] (SRS Labs, Inc.) -- C:\windows\System32\SRSWOW.dll
[2011/05/25 00:23:10 | 000,551,456 | ---- | M] (Realtek Semiconductor Corp.) -- C:\windows\System32\RTSndMgr.cpl
[2011/05/25 00:23:10 | 000,167,936 | ---- | M] (SRS Labs, Inc.) -- C:\windows\System32\SRSHP360.dll
[2011/05/25 00:23:09 | 002,795,552 | ---- | M] (Realtek Semiconductor Corp.) -- C:\windows\System32\RtkAPO.dll
[2011/05/25 00:23:09 | 001,528,864 | ---- | M] (Realtek Semiconductor Corp.) -- C:\windows\System32\RtkPgExt.dll
[2011/05/25 00:23:09 | 000,346,656 | ---- | M] (Realtek Semiconductor Corp.) -- C:\windows\System32\RtkApoApi.dll
[2011/05/25 00:23:09 | 000,055,328 | ---- | M] (Realtek Semiconductor Corp.) -- C:\windows\System32\RtkCoInst.dll
[2011/05/25 00:23:07 | 000,290,304 | ---- | M] (Dolby Laboratories, Inc.) -- C:\windows\System32\RP3DHT32.dll
[2011/05/25 00:23:07 | 000,290,304 | ---- | M] (Dolby Laboratories, Inc.) -- C:\windows\System32\RP3DAA32.dll
[2011/05/25 00:23:06 | 000,290,816 | ---- | M] (Fortemedia Corporation) -- C:\windows\System32\FMAPO.dll
[2011/05/25 00:23:06 | 000,126,976 | ---- | M] (Waves Audio Ltd.) -- C:\windows\System32\MaxxAudioAPO.dll
[2011/05/25 00:22:56 | 000,838,176 | ---- | M] (Realtek Semiconductor Corp.) -- C:\windows\RtlExUpd.dll
[2011/05/25 00:21:01 | 039,696,080 | ---- | M] () -- C:\Users\David\Desktop\Sound_6.0.1.5986.zip
[2011/05/25 00:20:34 | 001,369,566 | ---- | M] () -- C:\Users\David\Desktop\LAN_Win7_11.22.3.3.zip
[2011/05/25 00:20:23 | 034,888,737 | ---- | M] () -- C:\Users\David\Desktop\WLAN_Atheros_32bit_Win7_8.0.0.376.zip
[2011/05/24 22:14:41 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2011/05/24 21:33:47 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2011/05/24 19:38:20 | 000,001,091 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/24 19:38:20 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/24 17:21:59 | 000,012,288 | ---- | M] () -- C:\windows\System32\umstartup.etl
[2011/05/23 20:41:38 | 000,000,120 | ---- | M] () -- C:\ProgramData\~32956152
[2011/05/23 20:41:22 | 000,000,336 | ---- | M] () -- C:\ProgramData\32956152
[2011/05/23 00:29:42 | 004,352,705 | R--- | M] () -- C:\Users\David\Desktop\ComboFix.exe
[2011/05/20 16:16:16 | 042,217,776 | ---- | M] () -- C:\Users\David\Desktop\vpsupd (1).exe
[2011/05/20 10:34:28 | 000,163,328 | ---- | M] () -- C:\Users\Public\Documents\butlins chart.pub
[2011/05/15 21:09:54 | 001,006,778 | ---- | M] () -- C:\Users\David\Desktop\rkill (1).com
[2011/05/15 20:51:34 | 007,082,224 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\David\Desktop\mbam-rules (1).exe
[2011/05/15 20:48:36 | 056,923,744 | ---- | M] () -- C:\Users\David\Desktop\setup_av_free (2).exe
[2011/05/13 12:58:57 | 000,048,688 | ---- | M] () -- C:\Users\Public\Documents\729546.pdf
[2011/05/13 11:56:37 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2 C:\Users\David\*.tmp files -> C:\Users\David\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/05/26 18:23:27 | 000,355,159 | ---- | C] () -- C:\windows\System32\netathr.inf
[2011/05/26 18:23:27 | 000,058,484 | ---- | C] () -- C:\windows\System32\athrext.cat
[2011/05/25 13:54:42 | 000,302,080 | ---- | C] () -- C:\Users\David\Desktop\gmer.exe
[2011/05/25 13:39:38 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat
[2011/05/25 00:41:09 | 000,059,456 | ---- | C] () -- C:\Users\David\Desktop\bluescreenview.zip
[2011/05/25 00:21:01 | 039,696,080 | ---- | C] () -- C:\Users\David\Desktop\Sound_6.0.1.5986.zip
[2011/05/25 00:20:28 | 001,369,566 | ---- | C] () -- C:\Users\David\Desktop\LAN_Win7_11.22.3.3.zip
[2011/05/25 00:20:23 | 034,888,737 | ---- | C] () -- C:\Users\David\Desktop\WLAN_Atheros_32bit_Win7_8.0.0.376.zip
[2011/05/24 21:29:26 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2011/05/24 21:29:26 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/05/24 21:29:26 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
[2011/05/24 21:29:26 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/05/24 21:29:26 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/05/24 21:28:35 | 004,352,705 | R--- | C] () -- C:\Users\David\Desktop\ComboFix.exe
[2011/05/24 20:28:39 | 056,923,744 | ---- | C] () -- C:\Users\David\Desktop\setup_av_free (2).exe
[2011/05/24 19:38:20 | 000,001,091 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/24 19:31:00 | 001,006,778 | ---- | C] () -- C:\Users\David\Desktop\rkill (1).com
[2011/05/24 19:30:46 | 042,217,776 | ---- | C] () -- C:\Users\David\Desktop\vpsupd (1).exe
[2011/05/23 20:41:27 | 000,000,120 | ---- | C] () -- C:\ProgramData\~32956152
[2011/05/23 20:41:22 | 000,000,336 | ---- | C] () -- C:\ProgramData\32956152
[2011/05/19 15:29:04 | 000,163,328 | ---- | C] () -- C:\Users\Public\Documents\butlins chart.pub
[2011/05/13 12:58:57 | 000,048,688 | ---- | C] () -- C:\Users\Public\Documents\729546.pdf
[2011/05/06 16:33:16 | 000,000,021 | ---- | C] () -- C:\windows\PI_setup.ini
[2011/05/06 16:27:47 | 000,000,002 | ---- | C] () -- C:\windows\PhotoSuite.ini
[2011/05/06 16:27:39 | 000,458,752 | ---- | C] () -- C:\windows\System32\Fpl.dll
[2011/05/06 16:27:38 | 000,332,800 | ---- | C] () -- C:\windows\System32\FPXLIB.DLL
[2011/05/06 16:27:38 | 000,122,880 | ---- | C] () -- C:\windows\System32\JPEGLIB.DLL
[2011/05/06 16:27:38 | 000,019,968 | ---- | C] () -- C:\windows\System32\CPUINF32.DLL
[2011/02/24 00:22:54 | 000,340,480 | ---- | C] () -- C:\windows\tsnp2std.exe
[2011/02/24 00:22:54 | 000,015,497 | ---- | C] () -- C:\windows\snp2std.ini
[2011/02/24 00:22:53 | 012,265,728 | ---- | C] () -- C:\windows\System32\drivers\snp2sxp.sys
[2011/02/24 00:22:53 | 000,025,472 | ---- | C] () -- C:\windows\System32\drivers\sncamd.sys
[2010/10/08 13:32:44 | 000,000,532 | ---- | C] () -- C:\windows\hpomdl46.dat.temp
[2010/10/05 19:37:39 | 000,206,183 | ---- | C] () -- C:\windows\hpoins46.dat
[2010/04/30 02:20:18 | 000,870,560 | ---- | C] () -- C:\windows\System32\igkrng575.bin
[2010/04/30 02:20:18 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
[2010/04/30 02:20:18 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll
[2010/04/30 02:20:18 | 000,104,636 | ---- | C] () -- C:\windows\System32\igfcg575m.bin
[2010/04/30 02:20:17 | 000,127,868 | ---- | C] () -- C:\windows\System32\igcompkrng575.bin
[2010/04/30 02:20:17 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2010/04/29 10:39:18 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2010/04/29 10:20:53 | 000,000,600 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/01/29 22:21:20 | 000,000,532 | ---- | C] () -- C:\windows\hpomdl46.dat
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 05:33:53 | 003,784,448 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,627,058 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,112,956 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/13 23:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/13 23:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/13 23:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2008/09/22 14:21:34 | 000,127,092 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008/08/20 16:45:46 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011/05/23 20:59:59 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Audacity
[2011/05/23 21:59:23 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\BitTorrent
[2011/05/23 20:59:59 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\GetRightToGo
[2011/05/23 20:59:42 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Sports Interactive
[2011/03/06 20:16:15 | 000,000,000 | -H-D | M] -- C:\Users\David\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/01/09 20:21:09 | 000,000,000 | -H-D | M] -- C:\Users\David\AppData\Roaming\Vodafone
[2011/04/16 13:31:26 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >

and extras from safe mode
OTL Extras logfile created on: 6/7/2011 3:10:19 PM - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\David\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.86 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 80.41% Memory free
5.01 Gb Paging File | 4.47 Gb Available in Paging File | 89.23% Paging File free
Paging file location(s): c:\pagefile.sys 2200 2500 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.05 Gb Total Space | 167.49 Gb Free Space | 72.18% Space Free | Partition Type: NTFS
Drive D: | 50.94 Gb Total Space | 50.79 Gb Free Space | 99.70% Space Free | Partition Type: NTFS
Drive F: | 7.39 Gb Total Space | 7.39 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
 
Computer Name: DAVID-LAPTOP | User Name: David | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376AAB2-F4D9-48D7-A42B-4E80B8967A8B}" = F4500
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = Digital Viewer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{797703D4-461B-4BC9-AACA-292917F3A47F}" = ArcSoft PhotoImpression
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFA6EF6A-9E0D-4CF0-91DD-B55D8632F65A}" = SamsungMovie
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"BitTorrent" = BitTorrent
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Office14.SingleImage" = Microsoft Office Professional 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 4/4/2011 3:06:51 PM | Computer Name = David-Laptop | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 4/5/2011 9:44:29 AM | Computer Name = David-Laptop | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 4/5/2011 7:45:07 PM | Computer Name = David-Laptop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung
 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 4/5/2011 7:45:24 PM | Computer Name = David-Laptop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Dependent
 Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 4/5/2011 7:45:25 PM | Computer Name = David-Laptop | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common 
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
 Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 of attribute "version" in element "assemblyIdentity" is invalid.
 
Error - 4/5/2011 7:47:22 PM | Computer Name = David-Laptop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Samsung\easy
 display manager\RunGfxUI64.exe".  Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 4/6/2011 7:16:10 AM | Computer Name = David-Laptop | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 4/6/2011 7:16:16 AM | Computer Name = David-Laptop | Source = VMCService | ID = 0
Description = GetLoggedOnUser
 
Error - 4/6/2011 7:16:20 AM | Computer Name = David-Laptop | Source = VMCService | ID = 0
Description = GetLoggedOnUser
 
Error - 4/6/2011 12:15:25 PM | Computer Name = David-Laptop | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
[ System Events ]
Error - 6/7/2011 10:09:46 AM | Computer Name = David-Laptop | Source = DCOM | ID = 10005
Description = 
 
Error - 6/7/2011 10:09:46 AM | Computer Name = David-Laptop | Source = DCOM | ID = 10005
Description = 
 
Error - 6/7/2011 10:09:46 AM | Computer Name = David-Laptop | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 6/7/2011 10:09:46 AM | Computer Name = David-Laptop | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 6/7/2011 10:09:47 AM | Computer Name = David-Laptop | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 6/7/2011 10:09:47 AM | Computer Name = David-Laptop | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 6/7/2011 10:09:47 AM | Computer Name = David-Laptop | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 6/7/2011 10:09:47 AM | Computer Name = David-Laptop | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 6/7/2011 10:09:47 AM | Computer Name = David-Laptop | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 6/7/2011 10:09:47 AM | Computer Name = David-Laptop | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
 
< End of report >


#6 muffybg

muffybg
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 07 June 2011 - 09:16 AM

In the meantime I am going to install windows fresh on a new hdd to see if the problem still occurs, if it does then it is definitely a hardware problem.

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:22 PM

Posted 07 June 2011 - 02:35 PM

I will wait for the outcome :)
Posted Image
m0le is a proud member of UNITE

#8 muffybg

muffybg
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 07 June 2011 - 03:02 PM

Works 100% with Windoze 7 reinstalled on a different HDD so not a hardware problem as the original hdd has been checked thoroughly. Like I said in the opening post M0le i am not sure it is an infection and if you cannot pick anything up from the various scans I am happy to call it a day on that install and start from scratch if needed.

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:22 PM

Posted 07 June 2011 - 08:47 PM

I don't see anything there. Can you run SAS and ESET

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


And

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#10 muffybg

muffybg
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 08 June 2011 - 01:02 PM

SAS Log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/08/2011 at 06:46 PM

Application Version : 4.53.1000

Core Rules Database Version : 7231
Trace Rules Database Version: 5043

Scan type       : Complete Scan
Total Scan Time : 00:46:23

Memory items scanned      : 421
Memory threats detected   : 0
Registry items scanned    : 9451
Registry threats detected : 0
File items scanned        : 101571
File threats detected     : 23

Adware.Tracking Cookie
	C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@eset.122.2o7[1].txt
	C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@ads.bleepingcomputer[1].txt
	C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@invitemedia[1].txt
	C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@atdmt[3].txt
	C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@doubleclick[3].txt
	C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@collective-media[1].txt
	C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@ad.yieldmanager[2].txt
	C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@atdmt[2].txt
	C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@doubleclick[1].txt
	C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@kaspersky.122.2o7[1].txt
	C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@adbrite[1].txt
	C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@adtech[1].txt
	C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@aimfar.solution.weborama[2].txt
	C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@apmebf[1].txt
	C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@dmtracker[1].txt
	C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@doubleclick[1].txt
	C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@imrworldwide[2].txt
	C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@mediaplex[2].txt
	C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@revsci[1].txt
	C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@serving-sys[1].txt
	C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@smartadserver[2].txt
	C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@weborama[2].txt
	C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@xiti[1].txt


ESET Log

C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\4d9c5e4e-5b1710bb	multiple threats	deleted - quarantined
C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\3472dc95-4dd3f587	Java/TrojanDownloader.Agent.NCM trojan	deleted - quarantined
C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\7b9ccb45-109863d8	a variant of Java/TrojanDownloader.OpenStream.NCE trojan	cleaned by deleting - quarantined
C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\7b9ccb45-20d316f2	a variant of Java/TrojanDownloader.OpenStream.NCE trojan	cleaned by deleting - quarantined
C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\7b9ccb45-3532cfd8	a variant of Java/TrojanDownloader.OpenStream.NCE trojan	cleaned by deleting - quarantined
C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\7b9ccb45-36e67a91	a variant of Java/TrojanDownloader.OpenStream.NCE trojan	cleaned by deleting - quarantined
C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\7b9ccb45-3925c75d	a variant of Java/TrojanDownloader.OpenStream.NCE trojan	cleaned by deleting - quarantined
C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\7b9ccb45-57d43966	a variant of Java/TrojanDownloader.OpenStream.NCE trojan	cleaned by deleting - quarantined


#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:22 PM

Posted 08 June 2011 - 07:28 PM

Only Java cache which copied the malware while it was on the system. Clean apart from that.

I think we're nearly at the conclusion that this is not malware but I would just like to check for rootkits before I send you thataway

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Then aswMBR


Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#12 muffybg

muffybg
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 09 June 2011 - 04:07 PM

TDSS Nothing found 269 objects scanned

aswMBR freezes the computer after pressing scan.

Initializes then as soon as it gets to service scanning the laptop just freezes

In safe mode works ok and we get the following log

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-09 21:49:03
-----------------------------
21:49:03.827    OS Version: Windows 6.1.7600 
21:49:03.827    Number of processors: 4 586 0x2502
21:49:03.827    ComputerName: DAVID-LAPTOP  UserName: David
21:49:19.786    Initialize success
21:49:24.060    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:49:24.060    Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 305245MB BusType: 3
21:49:24.076    Disk 0 MBR read successfully
21:49:24.123    Disk 0 MBR scan
21:49:24.123    Disk 0 unknown MBR code
21:49:24.138    Disk 0 scanning sectors +625139712
21:49:24.170    Disk 0 scanning C:\windows\system32\drivers
21:49:29.193    Service scanning
21:49:30.207    Disk 0 trace - called modules:
21:49:30.222    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
21:49:30.254    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c58030]
21:49:30.269    3 CLASSPNP.SYS[8a60459e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85b59028]
21:49:30.269    Scan finished successfully
21:49:42.578    Disk 0 MBR has been saved successfully to "C:\Users\David\Desktop\MBR.dat"
21:49:42.624    The log file has been saved successfully to "C:\Users\David\Desktop\aswMBR.txt"




#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:22 PM

Posted 09 June 2011 - 05:27 PM

Unknown MBR may just be an MBR that isn't know to the program. Please run MBRCheck

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#14 muffybg

muffybg
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 09 June 2011 - 05:36 PM

Think unknown MBR comes up because of the preloaded windows on the laptop.



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows 7 Home Premium Edition
Windows Information:		 (build 7600), 32-bit
Base Board Manufacturer:	SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer:		Phoenix Technologies Ltd.
System Manufacturer:		SAMSUNG ELECTRONICS CO., LTD.
System Product Name:		R530/R730/R540
Logical Drives Mask:		0x0000003c

Kernel Drivers (total 140):
  0x83414000 \SystemRoot\system32\ntkrnlpa.exe
  0x83824000 \SystemRoot\system32\halmacpi.dll
  0x80BBF000 \SystemRoot\system32\kdcom.dll
  0x83A1A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x83A92000 \SystemRoot\system32\PSHED.dll
  0x83AA3000 \SystemRoot\system32\BOOTVID.dll
  0x83AAB000 \SystemRoot\system32\CLFS.SYS
  0x83AED000 \SystemRoot\system32\CI.dll
  0x85C3B000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x85CAC000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x85CBA000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x85D02000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
  0x85D0B000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x85D13000 \SystemRoot\system32\DRIVERS\pci.sys
  0x85D3D000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x85D48000 \SystemRoot\System32\drivers\partmgr.sys
  0x85D59000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x85D61000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x85D6C000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x85D7C000 \SystemRoot\System32\drivers\volmgrx.sys
  0x85DC7000 \SystemRoot\System32\drivers\mountmgr.sys
  0x85E02000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x85FB7000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x85FC0000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x85FE3000 \SystemRoot\system32\DRIVERS\msahci.sys
  0x85FED000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x85DDD000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x85C00000 \SystemRoot\system32\drivers\fltmgr.sys
  0x85DE6000 \SystemRoot\system32\drivers\fileinfo.sys
  0x86009000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x86138000 \SystemRoot\System32\Drivers\msrpc.sys
  0x86163000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x86176000 \SystemRoot\System32\Drivers\cng.sys
  0x861D3000 \SystemRoot\System32\drivers\pcw.sys
  0x861E1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x86232000 \SystemRoot\system32\drivers\ndis.sys
  0x862E9000 \SystemRoot\system32\drivers\NETIO.SYS
  0x86327000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x8634C000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x8638B000 \SystemRoot\System32\Drivers\spldr.sys
  0x86393000 \SystemRoot\System32\drivers\rdyboost.sys
  0x863C0000 \SystemRoot\System32\Drivers\mup.sys
  0x863D0000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x86200000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x863D8000 \SystemRoot\system32\DRIVERS\disk.sys
  0x83B98000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x8C800000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8C81F000 \SystemRoot\System32\Drivers\Null.SYS
  0x8C826000 \SystemRoot\System32\Drivers\Beep.SYS
  0x861EA000 \SystemRoot\System32\drivers\vga.sys
  0x83BBD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x83BDE000 \SystemRoot\System32\drivers\watchdog.sys
  0x863F6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x861F6000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x86000000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x83BEB000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x83A00000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8D41A000 \SystemRoot\System32\drivers\tcpip.sys
  0x8D563000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8D594000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8D5AB000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8DC06000 \SystemRoot\system32\drivers\afd.sys
  0x8DC60000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8DC92000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x8DC99000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8DCB8000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x8DCC9000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8DCD7000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8DCEA000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8DCFA000 \??\C:\windows\system32\Drivers\SABI.sys
  0x8DD02000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8DD43000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8DD4D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8DD57000 \SystemRoot\System32\drivers\discache.sys
  0x8DD63000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8DD7B000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x8DD89000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8F020000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
  0x8F8F9000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8F9B0000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x8F9E9000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8DDAA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8F000000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8E63F000 \SystemRoot\system32\DRIVERS\athr.sys
  0x8E773000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x8E77D000 \SystemRoot\system32\DRIVERS\yk62x86.sys
  0x8E7CE000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8E7D2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8E7EA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8E600000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8E63A000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8D5B6000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8D5C3000 \SystemRoot\system32\DRIVERS\Impcd.sys
  0x8D5E4000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8D400000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x8EC15000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x8EC27000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8EC3F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8EC4A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8EC6C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8EC84000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8EC9B000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8ECB2000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8ECB4000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8ECE8000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8ECF6000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8ED3A000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8ED4B000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8C82D000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x8ED58000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x968B0000 \SystemRoot\System32\win32k.sys
  0x8ED69000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8ED73000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x8ED8A000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x8EDAE000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x96B10000 \SystemRoot\System32\TSDDD.dll
  0x8EDB9000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x96B40000 \SystemRoot\System32\cdd.dll
  0x96B60000 \SystemRoot\System32\ATMFD.DLL
  0x8EDD0000 \SystemRoot\system32\drivers\luafv.sys
  0x8EDEB000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x94230000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x94276000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x94286000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x94299000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x942C3000 \SystemRoot\system32\drivers\HTTP.sys
  0x94360000 \SystemRoot\system32\drivers\peauth.sys
  0x94200000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x9420A000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x94348000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x9782B000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x9787A000 \SystemRoot\System32\DRIVERS\srv.sys
  0x978CC000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x978E5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x97908000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x97943000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x77BA0000 \Windows\System32\ntdll.dll
  0x47610000 \Windows\System32\smss.exe
  0x77DE0000 \Windows\System32\apisetschema.dll
  0x00A30000 \Windows\System32\autochk.exe

Processes (total 46):
       0 System Idle Process
       4 System
     312 C:\Windows\System32\smss.exe
     412 csrss.exe
     456 C:\Windows\System32\wininit.exe
     472 csrss.exe
     512 C:\Windows\System32\services.exe
     528 C:\Windows\System32\lsass.exe
     536 C:\Windows\System32\lsm.exe
     652 C:\Windows\System32\svchost.exe
     732 C:\Windows\System32\svchost.exe
     796 C:\Windows\System32\svchost.exe
     828 C:\Windows\System32\svchost.exe
     864 C:\Windows\System32\svchost.exe
    1012 C:\Windows\System32\winlogon.exe
    1088 C:\Windows\System32\svchost.exe
    1188 C:\Windows\System32\svchost.exe
    1292 C:\Windows\System32\wlanext.exe
    1304 C:\Windows\System32\conhost.exe
    1404 C:\Windows\System32\spoolsv.exe
    1444 C:\Windows\System32\svchost.exe
    1512 C:\Windows\System32\svchost.exe
    1564 C:\Windows\System32\svchost.exe
    1592 C:\Windows\System32\SearchIndexer.exe
    1952 dllhost.exe
     936 C:\Windows\System32\SearchProtocolHost.exe
     956 C:\Windows\System32\SearchFilterHost.exe
    1156 C:\Windows\System32\svchost.exe
    2108 C:\Windows\System32\taskhost.exe
    2160 C:\Windows\System32\userinit.exe
    2180 C:\Windows\System32\taskeng.exe
    2196 C:\Windows\System32\dwm.exe
    2268 C:\Windows\explorer.exe
    2328 C:\Windows\System32\taskeng.exe
    2484 C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
    2500 C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
    2532 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
    2684 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    2700 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2828 C:\Windows\System32\igfxext.exe
    2856 C:\Windows\System32\igfxsrvc.exe
    2888 WmiPrvSE.exe
    3168 dllhost.exe
    3204 dllhost.exe
    3236 C:\Users\David\Desktop\MBRCheck.exe
    3244 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c6500000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003d`c9a00000  (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM321HI, Rev: 2AJ10002

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:


#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:22 PM

Posted 13 June 2011 - 06:56 PM

Apologies for the late reply.

I think that you are clean. Please post a query on the Windows 7 forum.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users