Need to be sure that my laptop is clean! [Solved]

Hi Gregg123,

Welcome to Geeks To Go,

I'm sorry that we haven't got to you until now, but the forum can get hectic at times.

I am sage5, and I will be helping you with this problem.

There are a some things that I need to make clear to you, before we continue, that will help us both:

• Please read all of my instructions, in each post, before you continue with the fix. (If there is anything that you need clarified/don't understand, please ask)
• Please don't perform any steps/fixes with tools that I have not asked you to do. Many of the fixes require specific steps to be taken in a set order.
• Make sure that all of the logs/reports, that I ask for, get posted completely.
• Check out the information Here, if you are unsure how to send replies etc

OK, on with the fix:

First I need you to download the following tools & save them to your Desktop.
ComboFix from one of these locations:
Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the text from C:\ComboFix.txt in your next reply.

Cheers,

sage5

Hi,
Thanks for your help!

ComboFix

ComboFix 09-05-19.08 - Gregg 20/05/2009 4:33.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.479.184 [GMT 1:00]
Running from: c:\documents and settings\Gregg\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\MyWebEx
c:\windows\Downloaded Program Files\MyWebEx\419\atarm.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atas32.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atasanot.exe
c:\windows\Downloaded Program Files\MyWebEx\419\atasctrl.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atasnt40.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atcarmcl.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atdl2006.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atjpeg60.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atkbctl.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atlchat.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atmemmgr.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atnetext.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atpack.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atres.dll
c:\windows\Downloaded Program Files\MyWebEx\419\attp.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atwbxui6.dll
c:\windows\Downloaded Program Files\MyWebEx\419\h264dec.dll
c:\windows\Downloaded Program Files\MyWebEx\419\h264enc.dll
c:\windows\Downloaded Program Files\MyWebEx\419\ieatgpc.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mmssl32.dll
c:\windows\Downloaded Program Files\MyWebEx\419\msess.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mticket.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mutiltpd.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mvc.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mwm.ini
c:\windows\Downloaded Program Files\MyWebEx\419\mwmcliun.exe
c:\windows\Downloaded Program Files\MyWebEx\419\mwmproxy.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mwmres.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mwmtrace.txt
c:\windows\Downloaded Program Files\MyWebEx\419\mwmupd.exe
c:\windows\Downloaded Program Files\MyWebEx\419\ratrace.dll
c:\windows\Downloaded Program Files\MyWebEx\419\raurl.dll
c:\windows\Downloaded Program Files\MyWebEx\419\uilibres.dll
c:\windows\Downloaded Program Files\MyWebEx\419\wbxcrypt.dll
c:\windows\Downloaded Program Files\MyWebEx\419\webexmgr.dll
c:\windows\IE4 Error Log.txt

.
((((((((((((((((((((((((( Files Created from 2009-04-20 to 2009-05-20 )))))))))))))))))))))))))))))))
.

2009-05-13 12:41 . 2009-05-13 12:58 -------- d-----w C:\Rooter$
2009-05-13 08:47 . 2009-05-13 08:47 -------- d-----w c:\documents and settings\Gregg\Application Data\Malwarebytes
2009-05-13 08:46 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-13 08:46 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-13 08:46 . 2009-05-13 08:46 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-13 08:46 . 2009-05-13 09:24 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-13 08:35 . 2009-05-13 08:35 -------- d-----w c:\program files\ERUNT
2009-05-10 17:39 . 2009-05-10 17:45 -------- d-----w c:\program files\WhatsRunning
2009-05-10 17:27 . 2009-05-10 17:27 -------- d-----w c:\program files\Lavalys
2009-05-02 21:29 . 2009-05-02 21:29 -------- d-----w c:\documents and settings\Gregg\Application Data\aignes
2009-05-02 18:03 . 2009-05-02 18:03 -------- d-----w c:\program files\AM-DeadLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-19 15:47 . 2008-12-21 23:13 -------- d-----w c:\program files\Fonbet Poker2
2009-05-13 21:36 . 2006-01-23 11:08 -------- d-----w c:\program files\QuickTime Alternative
2009-05-11 12:33 . 2008-12-03 20:29 -------- d-----w c:\program files\SpeedFan
2009-05-10 08:59 . 2009-03-17 07:42 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-10 08:59 . 2009-03-17 07:42 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-10 08:58 . 2009-03-17 07:42 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-05 19:24 . 2004-06-20 01:30 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-01 23:00 . 2009-04-13 13:08 -------- d-----r c:\program files\Skype
2009-05-01 22:51 . 2003-08-12 22:10 -------- d-----w c:\program files\Notebook Maximizer
2009-04-26 21:44 . 2009-01-16 21:54 -------- d-----w c:\program files\UltimateBet
2009-04-21 03:16 . 2009-03-04 14:20 -------- d-----w c:\program files\a-squared Free
2009-04-20 16:36 . 2004-09-24 16:12 -------- d-----w c:\program files\PokerStars
2009-04-19 12:37 . 2006-10-14 22:41 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-14 11:18 . 2009-04-14 11:18 -------- d-----w c:\program files\Windows Desktop Search
2009-04-14 09:03 . 2004-09-06 22:30 79656 -c--a-w c:\documents and settings\Gregg\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-14 08:52 . 2009-04-14 08:52 -------- d-----w c:\program files\MSBuild
2009-04-14 08:51 . 2009-04-14 08:51 -------- d-----w c:\program files\Reference Assemblies
2009-04-13 13:08 . 2009-04-13 13:08 -------- d-----w c:\program files\Common Files\Skype
2009-04-12 13:13 . 2009-04-12 13:13 -------- d-----w c:\program files\TomTom DesktopSuite
2009-04-08 05:17 . 2003-08-12 21:33 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-07 13:36 . 2009-04-07 13:36 -------- d-----w c:\program files\TomTom International B.V
2009-04-07 13:35 . 2009-04-07 13:35 -------- d-----w c:\program files\TomTom HOME 2
2009-04-07 13:34 . 2007-03-23 02:03 -------- d-----w c:\program files\TomTom HOME
2009-03-08 03:34 . 2005-04-27 06:54 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 03:34 . 2003-08-12 17:07 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 03:33 . 2003-08-12 17:07 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 03:33 . 2003-08-12 17:08 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 03:32 . 2003-08-12 17:06 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 03:32 . 2003-08-12 17:07 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 03:31 . 2003-08-12 17:07 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 03:31 . 2003-08-12 17:07 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 03:31 . 2003-08-12 17:07 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 03:22 . 2003-08-12 17:07 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2003-08-12 17:08 284160 ----a-w c:\windows\system32\pdh.dll
2008-01-13 13:58 . 2008-01-13 13:58 73728 -c--a-w c:\program files\mozilla firefox\components\jar50.dll
2008-01-13 13:58 . 2008-01-13 13:58 61440 -c--a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-01-13 13:58 . 2008-01-13 13:58 180224 -c--a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spam Bully for Outlook Express"="c:\program files\Axaware\Spam Bully 2 for OE\oespambully.exe" [2004-06-15 174080]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-10 1947928]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2007-04-27 282624]
"Tpwrtray"="TPWRTRAY.EXE" - c:\windows\system32\TPWRTRAY.EXE [2002-12-10 237568]
"000StTHK"="000StTHK.exe" - c:\windows\system32\000StTHK.exe [2001-06-24 03:28 24576]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-10 08:59 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^22M Wireless LAN Adapter.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\22M Wireless LAN Adapter.lnk.disabled
backup=c:\windows\pss\22M Wireless LAN Adapter.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Firewall Client Connectivity Monitor.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Firewall Client Connectivity Monitor.LNK
backup=c:\windows\pss\Firewall Client Connectivity Monitor.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ICON 225 USB Connect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ICON 225 USB Connect.lnk
backup=c:\windows\pss\ICON 225 USB Connect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Gregg^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\Gregg\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Gregg^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\Gregg\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Gregg^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=c:\documents and settings\Gregg\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"
"kdx"=c:\program files\Kontiki\KHost.exe -all
"LDM"=c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
"PcSync"=c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"4oD"="c:\program files\Kontiki\KHost.exe" -all
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"CnxDslTaskBar"="c:\program files\Conexant\AccessRunner ADSL\CnxDslTb.exe"
"DataLayer"=c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe
"DIGStream"=c:\program files\DIGStream\digstream.exe
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"LtMoh"=c:\program files\ltmoh\Ltmoh.exe
"Motive SmartBridge"=c:\progra~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe
"PCSuiteTrayApplication"=c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
"Pinger"=c:\toshiba\ivp\ism\pinger.exe /run
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe"
"TomTomHOME.exe"="c:\program files\TomTom HOME\TomTomHOME.exe" -s
"WATCHPNP_Xerox"=watchPnp.exe Xerox
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"TFNF5"=TFNF5.exe
"TouchED"=c:\program files\TOSHIBA\TouchED\TouchED.Exe
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\Microsoft Games\\Links 2003 Demo\\LinksMMIII.exe"=
"c:\\Program Files\\ppStream\\ppStream.exe"=
"c:\\Program Files\\Abacast\\Abaclient.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\TomTom HOME 2\\xulrunner\\TomTomHOMERuntime.exe"=
"c:\\Documents and Settings\\Gregg\\Desktop\\SysRestorePoint.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 ALiAGP;ALi AGP Bus Filter Driver;c:\windows\system32\drivers\ALiAGP.SYS [12/08/2003 22:43 26880]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [17/03/2009 08:42 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [17/03/2009 08:42 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [17/03/2009 08:41 298776]
R2 GtDetectSc;GtDetectSc;c:\program files\Orange\ICON 225 USB Connect\GtDetectSc.exe [18/12/2007 13:48 196704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/01/2007 00:34 24652]
R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [14/10/2004 14:27 20160]
R3 tridxp;tridxp;c:\windows\system32\drivers\tridxpm.sys [25/04/2003 00:39 248448]
S2 mrtRate;mrtRate; [x]
S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [12/08/2003 18:08 14336]
S3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\drivers\aliirda.sys [12/08/2003 22:36 26112]
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [01/10/2004 14:38 60288]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [01/10/2004 14:38 646784]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [01/10/2004 14:38 108675]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [13/11/2007 16:50 106112]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [09/10/2007 13:53 59264]
S3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [30/03/2007 13:38 8064]
S3 PCX500;Cisco Wireless LAN Adapters Driver;c:\windows\system32\drivers\pcx500.sys [03/02/2005 20:35 169984]
S3 TEWLN;22M Wireless LAN Adapter;c:\windows\system32\drivers\TEWLN.SYS [11/06/2005 15:52 65385]
S3 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [18/03/2009 01:03 92008]
S3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver;c:\windows\system32\drivers\usb8023.sys [12/08/2003 18:08 12800]
S3 wlags48b;Wireless LAN PCCard Driver;c:\windows\system32\drivers\wlags48b.sys [12/08/2003 22:37 156672]
S3 WLUX96;I-Hotel (v1.1.14.2) -- 3Com 3CRSHEW696 Wireless LAN USB Adapter;c:\windows\system32\drivers\wlux96f.sys [20/11/2004 18:34 80768]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-05-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 15:42]

2009-05-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-13 16:37]

2009-05-19 c:\windows\Tasks\User_Feed_Synchronization-{55EAC085-AAE2-4E9A-98E2-980E90BB2160}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
- - - - ORPHANS REMOVED - - - -

SSODL-systemie-{F37BE1FC-A73A-42D9-B98D-C9E7C9AA1984} - systemie.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://newsvote.bbc.co.uk/1/shared/fds/hi/business/market_data/currency/default.stm
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Connection Wizard,ShellNext = hxxp://www.toshiba.com/
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
IE: &iSearch The Web
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{2D997C72-3052-495c-B6FF-DAE07A5F0604} - c:\microgaming\Poker\GlobetSportPokerMPP\MPPoker.exe
IE: {{7F2F6F5A-CAE2-4954-A461-36B3757B2BFB} - c:\program files\stanjamesgibMPP\MPPoker.exe
IE: {{997F2741-BB7D-4268-A67B-75C5ADB8EC20} - c:\microgaming\Poker\GlobetPokerMPP\MPPoker.exe
LSP: c:\program files\Microsoft Firewall Client\wspwsp.dll
Trusted Zone: fonbet.com\www
Trusted Zone: globet.tv\www
Trusted Zone: nationet.com\olb2
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {27B84445-9953-4E9B-B01C-73D734A57DEA} - hxxp://games.eurobet.com/BigRaceControl.ocx
DPF: {8D68BB78-2B9C-4CED-8E23-15BECB870DC7} - hxxp://games1.eurobet.com/GreyhoundsViewerBig.ocx
DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} - hxxp://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
DPF: {AA44D0B1-B2B4-4BCC-B710-CB45C6C2C270} - hxxp://games1.eurobet.com/GreyhoundsViewer.ocx
DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} - hxxp://mercpuk1.globet.com:8080/qcbin/Spider91.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://canbet.gameassists.co.uk/canbet/FlashAX2.cab
FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signed.applets.codebase_principal_support", true);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("capability.principal.codebase.betopt0.granted", "UniversalBrowserWrite UniversalBrowserRead UniversalXPConnect");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("capability.principal.codebase.betopt0.id", "http://172.16.0.25");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("capability.principal.codebase.betopt0.subjectName", "");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("capability.principal.codebase.betopt1.granted", "UniversalBrowserWrite UniversalBrowserRead UniversalXPConnect");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("capability.principal.codebase.betopt1.id", "http://172.16.0.26");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("capability.principal.codebase.betopt1.subjectName", "");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("capability.principal.codebase.betopt2.granted", "UniversalBrowserWrite UniversalBrowserRead UniversalXPConnect");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("capability.principal.codebase.betopt2.id", "http://10.1.1.33");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("capability.principal.codebase.betopt2.subjectName", "");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("capability.principal.codebase.betopt3.granted", "UniversalBrowserWrite UniversalBrowserRead UniversalXPConnect");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("capability.principal.codebase.betopt3.id", "http://10.1.1.34");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("capability.principal.codebase.betopt3.subjectName", "");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("capability.principal.codebase.betopt4.granted", "UniversalBrowserWrite UniversalBrowserRead UniversalXPConnect");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("capability.principal.codebase.betopt4.id", "http://10.1.1.35");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("capability.principal.codebase.betopt4.subjectName", "");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 04:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\Gregg\LOCALS~1\Temp\mc21.tmp"
.
Completion time: 2009-05-20 4:55
ComboFix-quarantined-files.txt 2009-05-20 03:54

Pre-Run: 27,932,098,560 bytes free
Post-Run: 28,216,676,352 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

309 --- E O F --- 2009-05-12 20:07

Hi Gregg123,

That is looking much better now.

Delete bad services
Please hgihlight all of the text in the Code box below.
Now, copy (Ctrl+C) and paste (Ctrl+V) the following to a new Notepad file.
Save the file, making sure that the Save as type box is set to "All Files", and name it FixServices.bat Please save it on your desktop.

@echo off
sc stop mrtRate
sc delete mrtRate
exit

Double click FixServices.bat. A window will open and close. This is normal.


Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below, to download and install the latest vesion.

Upgrading Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 13.
• Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 13".
• Click the "Download" button to the right.
• Select your Platform and check the box that says: " Java SE Runtime Environment 6 with JavaFX License Agreement".
• Click on Continue.
• Click on the link to download jre-6u13-windows-i586-p.exe & save to your Desktop.
• Close all programs you may have running - especially your web browser, then double click on the jre-6u13-windows-i586-p.exe
  Note: this version should uninstall all the previous versions from your PC
  (Vista users, right click on the jre-6u13-windows-i586-p.exe and select "Run as an Administrator.")

Proceed with the Scan:

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure the following are checked.
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place, like C:\kasper.txt
• Please post this log in your next reply.

Cheers,

sage5

I am having some real problems with the last part:

Proceed with the Scan:

1.Read through the requirements and privacy statement and click on Accept button.
2.It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3.When the downloads have finished, click on Settings.
4.Make sure the following are checked.

Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases5.Click on My Computer under Scan.
6.Once the scan is complete, it will display the results. Click on View Scan Report.
7.You will see a list of infected items there. Click on Save Report As....
8.Save this report to a convenient place, like C:\kasper.txt
9.Please post this log in your next reply.

It downloads & installs the Program and then updates the Database. But at this point I never get prompted to install an application.

Anyway, I continue on with the Scan, but I have had 3 now that have lasted over an hour (one lasted 3 1/2 hours) before appearing to freeze, but there is an Error in the bar at the bottom (that normally displays Done!).

Twice it has found one problem, but when I try to view it it won't open any report.

Anti-virus is off, Java is updated - could I be doing something wrong? Could it be a drop in connection? It has only ever completed 20% of the scan.

I can't attach results because it won't show me any!!

Alright, let's try a different scanner:

Please download the following & save to your Desktop:
Dr.Web CureIt

Run Dr.Web CureIt:

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click Yes to all if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• This report will need to be renamed to Dr.Web.txt in order to post it on the forum.
• Please post the Dr.Web.txt report in your next reply

Just got your reply & I am going to try the alternative. As a footnote to my last post I managed to find the error in a later scan:

Webpage error details

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Timestamp: Fri, 22 May 2009 03:10:22 UTC


Message: Object doesn't support this property or method
Line: 945
Char: 2
Code: 0
URI: http://www.kaspersky...fault/script.js


Message: Target applet or JVM process exited abruptly
Line: 940
Char: 2
Code: 0
URI: http://www.kaspersky...fault/script.js

Dr.Web CureIt.Txt Report:

hookoecreation.dll;c:\program files\axaware\spam bully 2 for oe;BackDoor.Pigeon.origin;Incurable.Moved.;
newpackage.bin\data010;C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\swupdate\newpackage.bin;Probably BACKDOOR.Trojan;;
newpackage.bin;C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\swupdate;Archive contains infected objects;Moved.;
am_ptvalues_mask.8d51e0af3e5fb84383ae86a35cd870f7.dat;C:\Documents and Settings\All Users\Application Data\MGS\cache\a;Modification of Win95.Murkry.983;Moved.;
RegUBP2b-Gregg.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
update.exe;C:\Documents and Settings\Gregg\Application Data\ppStream;Trojan.DownLoad.30695;Deleted.;
_Mansionpoker.exe;C:\Poker\MansionPoker;Probably DLOADER.Trojan;;
A0223764.reg;C:\System Volume Information\_restore{18AC2EAA-6A66-4C32-A00E-B8C5E98B1B03}\RP1250;Trojan.StartPage.1505;Deleted.;
A0228607.bat;C:\System Volume Information\_restore{18AC2EAA-6A66-4C32-A00E-B8C5E98B1B03}\RP1264;Probably BATCH.Virus;;
A0231894.dll;C:\System Volume Information\_restore{18AC2EAA-6A66-4C32-A00E-B8C5E98B1B03}\RP1268;BackDoor.Pigeon.origin;Incurable.Moved.;
A0231895.reg;C:\System Volume Information\_restore{18AC2EAA-6A66-4C32-A00E-B8C5E98B1B03}\RP1268;Trojan.StartPage.1505;Deleted.;
A0231896.exe;C:\System Volume Information\_restore{18AC2EAA-6A66-4C32-A00E-B8C5E98B1B03}\RP1268;Trojan.DownLoad.30695;Deleted.;
Betfred Poker setup.exe;C:\WINDOWS;Probably DLOADER.Trojan;;
Noble Poker setup.exe;C:\WINDOWS;Probably DLOADER.Trojan;;
mwsearch.reg;C:\WINDOWS\Downloaded Program Files;Trojan.StartPage.1505;Deleted.;

Hi Gregg123,

Re-run OTListIt2:

• Close all open windows and double click the OTListIt2.exe icon on your Desktop
• Tick the Scan all Users box, & check Standard Output.
• Set the File Age: box to 30 days
• Make sure that Extra Registry is set to Use SafeList.
• Leave all the other boxes set to the defaults
• Click the Run Scan button and let the program run uninterrupted.
• It will produce a log for you. OTListIt.txt will open automatically.
• I need you to post the text from that log here.

NOTE: This can be a large file, and there is a limit to the number of characters that can be posted at once on this forum.
It may require you to make 2 posts, to get all the information to me

Hi, sorry for the delay I have been travelling.

It saved 2 logs to the desktop: OTListIt & Extras - let me know if you need the other one.

OTListIt.Txt
Available Here

All I get is an Invalid File message at that link.
Just paste the text from that & the Extras file as your next response.

OTListIt.Txt
OTListIt logfile created on: 29/05/2009 12:09:04 - Run 2
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Documents and Settings\Gregg\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

479.48 Mb Total Physical Memory | 212.73 Mb Available Physical Memory | 44.37% Memory free
1.27 Gb Paging File | 0.85 Gb Available in Paging File | 66.79% Paging File free
Paging file location(s): C:\pagefile.sys 900 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 26.22 Gb Free Space | 46.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GREGGLAPTOP
Current User Name: Gregg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/02/25 20:18:14 | 00,425,080 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2004/04/08 05:38:26 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2009/05/10 09:57:40 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2001/09/11 04:08:50 | 00,032,256 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
PRC - [2007/10/26 11:28:06 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2003/03/14 04:44:22 | 00,049,152 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\DVDRAMSV.exe
PRC - [2007/12/18 13:48:40 | 00,196,704 | ---- | M] (OptionNV) -- C:\Program Files\Orange\ICON 225 USB Connect\GtDetectSc.exe
PRC - [2009/05/21 01:07:38 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/05/20 08:11:37 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2007/04/23 09:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2003/06/19 21:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2002/09/21 00:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2007/01/04 22:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2003/04/02 00:18:20 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/01/04 22:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2002/12/10 18:49:14 | 00,237,568 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPWRTRAY.EXE
PRC - [2009/05/10 09:59:03 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/05/21 01:07:38 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/05/10 09:58:44 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2008/12/31 17:04:48 | 00,942,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2009/05/13 09:40:27 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gregg\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/02/25 20:18:14 | 00,425,080 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe -- (a2free [Auto | Running])
SRV - [2004/04/08 05:38:26 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/05/10 09:57:40 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2001/09/11 04:08:50 | 00,032,256 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE -- (C-DillaSrv [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/10/26 11:28:06 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
SRV - [2003/03/14 04:44:22 | 00,049,152 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\DVDRAMSV.exe -- (DVD-RAM_Service [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2007/12/18 13:48:40 | 00,196,704 | ---- | M] (OptionNV) -- C:\Program Files\Orange\ICON 225 USB Connect\GtDetectSc.exe -- (GtDetectSc [Auto | Running])
SRV - [2009/03/29 17:37:28 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/03 22:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/04/14 01:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2009/05/21 01:07:38 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/04/23 09:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe -- (KService [Auto | Running])
SRV - [2003/06/19 21:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2002/08/29 13:00:00 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipxsap.dll -- (NwSapAgent [Auto | Stopped])
SRV - [2003/07/28 10:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/05/11 16:15:50 | 00,052,736 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Stopped])
SRV - [2006/06/05 11:59:18 | 00,174,080 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2002/09/21 00:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2009/03/18 01:03:02 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService [On_Demand | Stopped])
SRV - [2007/01/04 22:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2004/04/01 06:29:14 | 00,824,584 | ---- | M] (Zone Labs Inc.) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [On_Demand | Stopped])
SRV - [2003/04/02 00:18:20 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService [Auto | Running])
SRV - [2006/10/18 18:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 09:11:18 | 00,020,160 | ---- | M] (ADMtek Incorporated) -- C:\WINDOWS\System32\DRIVERS\ADM8511.SYS -- (ADM8511 [On_Demand | Stopped])
DRV - [2003/01/10 23:51:34 | 00,098,912 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2003/02/14 19:59:14 | 01,169,792 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2003/09/05 03:58:24 | 00,053,600 | ---- | M] (THOMSON) -- C:\WINDOWS\System32\DRIVERS\alcan5wn.sys -- (alcan5wn [On_Demand | Stopped])
DRV - [2003/10/27 18:49:30 | 00,070,624 | R--- | M] (THOMSON) -- C:\WINDOWS\System32\DRIVERS\alcaudsl.sys -- (alcaudsl [On_Demand | Stopped])
DRV - [2002/08/29 00:00:48 | 00,231,552 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\ac97ali.sys -- (aliadwdm [On_Demand | Stopped])
DRV - [2002/09/02 21:16:36 | 00,026,880 | ---- | M] (ALi Corporation.) -- C:\WINDOWS\System32\DRIVERS\ALiAGP.sys -- (ALiAGP [Boot | Running])
DRV - [2002/08/29 13:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2001/12/18 07:54:32 | 00,026,112 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliirda.sys -- (ALiIRDA [On_Demand | Stopped])
DRV - [2003/07/29 22:25:52 | 00,322,720 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Running])
DRV - [2009/05/10 09:59:51 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/05/10 09:59:52 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/05/10 09:58:16 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2008/02/27 10:49:00 | 00,003,840 | ---- | M] () -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt [System | Running])
DRV - [2001/09/11 04:09:46 | 00,057,392 | ---- | M] (Macrovision) -- C:\WINDOWS\System32\drivers\CDANT.SYS -- (C-Dilla [On_Demand | Stopped])
DRV - [2003/09/12 07:26:26 | 00,060,288 | R--- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\CnxEtP.sys -- (CnxEtP [On_Demand | Stopped])
DRV - [2003/09/12 07:26:36 | 00,646,784 | R--- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\CnxEtU.sys -- (CnxEtU [On_Demand | Stopped])
DRV - [2003/10/29 12:02:28 | 00,108,675 | R--- | M] (Conexant Systems Inc.) -- C:\WINDOWS\System32\DRIVERS\CnxTgN.sys -- (CnxTgN [On_Demand | Stopped])
DRV - [2007/01/18 13:28:02 | 00,005,275 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
DRV - [2007/01/31 10:45:06 | 00,127,376 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys -- (DNE [On_Demand | Running])
DRV - [2005/02/01 23:21:04 | 00,014,408 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [1996/04/03 20:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [Boot | Running])
DRV - [2007/11/13 16:50:40 | 00,106,112 | ---- | M] (Option N.V.) -- C:\WINDOWS\system32\DRIVERS\Gt51Ip.sys -- (GT72NDISIPXP [On_Demand | Stopped])
DRV - [2007/10/09 13:53:16 | 00,059,264 | ---- | M] (Option N.V.) -- C:\WINDOWS\system32\DRIVERS\gt72ubus.sys -- (GT72UBUS [On_Demand | Stopped])
DRV - [2007/03/30 13:38:14 | 00,008,064 | ---- | M] (Option N.V.) -- C:\WINDOWS\system32\DRIVERS\gtptser.sys -- (GTPTSER [On_Demand | Stopped])
DRV - [2004/06/08 09:35:18 | 00,054,817 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\L8042mou.Sys -- (L8042mou [On_Demand | Running])
DRV - [2004/06/08 09:34:48 | 00,024,637 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LHidKE.Sys -- (LHidKe [On_Demand | Stopped])
DRV - [2004/06/08 09:35:26 | 00,038,081 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LHidUsbK.Sys -- (LHidUsbK [On_Demand | Stopped])
DRV - [2004/06/08 09:35:08 | 00,071,533 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Running])
DRV - [2004/03/03 21:06:29 | 00,011,861 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Running])
DRV - [2003/02/01 01:45:56 | 00,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) -- C:\WINDOWS\System32\Drivers\meiudf.sys -- (meiudf [System | Running])
DRV - [2006/05/29 06:26:36 | 00,008,704 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic [On_Demand | Stopped])
DRV - [2006/05/29 06:26:36 | 00,013,312 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem [On_Demand | Stopped])
DRV - [2006/05/29 06:26:38 | 00,127,488 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent [On_Demand | Stopped])
DRV - [2006/05/29 06:26:36 | 00,013,312 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port [On_Demand | Stopped])
DRV - [2008/04/13 19:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Auto | Stopped])
DRV - [2002/08/29 13:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Auto | Running])
DRV - [2002/08/29 13:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])
DRV - [2001/04/19 00:27:44 | 00,016,292 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\22M Wireless LAN\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped])
DRV - [2008/04/14 08:12:44 | 00,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\Drivers\PCASp50.sys -- (PCASp50 [On_Demand | Stopped])
DRV - [2003/02/12 18:03:54 | 00,015,143 | ---- | M] (TOSHIBA) -- C:\WINDOWS\System32\DRIVERS\tossdpci.sys -- (pciSd [On_Demand | Stopped])
DRV - [2002/08/28 20:59:16 | 00,169,984 | ---- | M] (Cisco Systems) -- C:\WINDOWS\System32\DRIVERS\pcx500.sys -- (PCX500 [On_Demand | Stopped])
DRV - [2002/08/29 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/08/19 19:43:12 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2002/10/04 18:04:10 | 00,046,976 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\R8139n51.SYS -- (rtl8139 [On_Demand | Running])
DRV - [2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2003/01/28 19:32:02 | 00,541,376 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2005/11/18 11:44:04 | 00,390,656 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\snpstd.sys -- (snpstd [On_Demand | Stopped])
DRV - [2006/09/24 14:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [Boot | Running])
DRV - [2008/12/07 13:52:05 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2002/01/24 22:43:40 | 00,006,528 | ---- | M] () -- C:\WINDOWS\System32\Drivers\Tbiosdrv.sys -- (TBiosDrv [On_Demand | Stopped])
DRV - [2002/08/22 13:34:38 | 00,065,385 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\tewln.sys -- (TEWLN [On_Demand | Stopped])
DRV - [2003/04/25 00:39:38 | 00,248,448 | ---- | M] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\DRIVERS\tridxpm.sys -- (tridxp [On_Demand | Running])
DRV - [2003/02/11 01:27:12 | 00,025,888 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\tsdhd.sys -- (tsdhd [On_Demand | Running])
DRV - [2002/06/21 07:53:28 | 00,005,300 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\System32\DRIVERS\TVALD.SYS -- (TVALD [Boot | Running])
DRV - [2001/09/14 03:53:02 | 00,005,936 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\TVALG.SYS -- (TVALG [Boot | Running])
DRV - [2008/04/13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2008/04/13 19:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023.sys -- (USB_RNDIS_51 [On_Demand | Stopped])
DRV - [2005/01/26 08:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])
DRV - [2003/04/02 00:10:52 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
DRV - [2002/06/29 00:29:12 | 00,156,672 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\wlags48b.sys -- (wlags48b [On_Demand | Stopped])
DRV - [2002/08/28 23:59:26 | 00,154,624 | ---- | M] (Lucent Technologies) -- C:\WINDOWS\System32\DRIVERS\wlluc48.sys -- (wlluc48 [On_Demand | Stopped])
DRV - [2003/01/28 12:59:34 | 00,080,768 | R--- | M] (3Com Corporation) -- C:\WINDOWS\System32\DRIVERS\WLUX96F.SYS -- (WLUX96 [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-376703062-3324774183-3156808329-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-376703062-3324774183-3156808329-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-376703062-3324774183-3156808329-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-376703062-3324774183-3156808329-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\S-1-5-21-376703062-3324774183-3156808329-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-376703062-3324774183-3156808329-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://newsvote.bbc....ncy/default.stm
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-376703062-3324774183-3156808329-1005\S-1-5-21-376703062-3324774183-3156808329-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Rambler"
FF - prefs.js..browser.search.selectedEngine: "Rambler"
FF - prefs.js..browser.startup.homepage: "http://start.qip.ru"

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2008/11/13 22:08:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/05/10 18:11:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/04/14 09:58:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/05/21 01:07:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2008/11/13 22:08:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/14 22:02:46 | 00,000,000 | ---D | M]

[2009/04/07 14:37:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gregg\Application Data\mozilla\Extensions
[2009/04/07 14:37:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gregg\Application Data\mozilla\Extensions\[email protected]
[2008/01/13 14:59:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gregg\Application Data\mozilla\Firefox\Profiles\hbnn9ban.default\extensions
[2008/03/23 17:18:46 | 00,000,491 | ---- | M] () -- C:\Documents and Settings\Gregg\Application Data\Mozilla\FireFox\Profiles\hbnn9ban.default\searchplugins\rambler.xml
[2009/05/21 01:08:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/01/13 14:58:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/21 01:08:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2008/01/13 14:58:25 | 00,073,728 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2008/01/13 14:58:27 | 00,061,440 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008/01/13 14:58:25 | 00,180,224 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2008/01/13 14:58:37 | 00,000,680 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png
[2008/01/13 14:58:37 | 00,000,741 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src
[2008/01/13 14:58:37 | 00,001,150 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.png
[2008/01/13 14:58:37 | 00,000,539 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.src
[2008/01/13 14:58:37 | 00,000,356 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png
[2008/01/13 14:58:37 | 00,001,007 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src
[2008/01/13 14:58:37 | 00,000,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif
[2008/01/13 14:58:37 | 00,001,056 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src
[2008/01/13 14:58:37 | 00,001,076 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif
[2008/01/13 14:58:37 | 00,000,718 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src
[2008/01/13 14:58:37 | 00,000,088 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif
[2008/01/13 14:58:37 | 00,001,122 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src

O1 HOSTS File: (698 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-376703062-3324774183-3156808329-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-376703062-3324774183-3156808329-1005\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-376703062-3324774183-3156808329-1005\..\Toolbar\WebBrowser: (no name) - {468CD8A9-7C25-45FA-969E-3D925C689DC4} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-376703062-3324774183-3156808329-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [000StTHK] 000StTHK.exe ()
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Tpwrtray] TPWRTRAY.EXE (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-376703062-3324774183-3156808329-1005..\Run: [Spam Bully for Outlook Express] "C:\Program Files\Axaware\Spam Bully 2 for OE\oespambully.exe" install (Axaware)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-376703062-3324774183-3156808329-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-376703062-3324774183-3156808329-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-376703062-3324774183-3156808329-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 0
O7 - HKU\S-1-5-21-376703062-3324774183-3156808329-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0
O7 - HKU\S-1-5-21-376703062-3324774183-3156808329-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-376703062-3324774183-3156808329-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-376703062-3324774183-3156808329-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-376703062-3324774183-3156808329-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &iSearch The Web - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Globet Poker Poker - {2D997C72-3052-495c-B6FF-DAE07A5F0604} - C:\Microgaming\Poker\GlobetSportPokerMPP\MPPoker.exe (Microgaming)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Stan James Poker.com Poker - {7F2F6F5A-CAE2-4954-A461-36B3757B2BFB} - C:\Program Files\stanjamesgibMPP\MPPoker.exe (Microgaming)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Globet Poker - {997F2741-BB7D-4268-A67B-75C5ADB8EC20} - C:\Microgaming\Poker\GlobetPokerMPP\MPPoker.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [WinSock Proxy Name Space provider] - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-376703062-3324774183-3156808329-1005\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-376703062-3324774183-3156808329-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-376703062-3324774183-3156808329-1005\..Trusted Domains: fonbet.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-376703062-3324774183-3156808329-1005\..Trusted Domains: globet.tv ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-376703062-3324774183-3156808329-1005\..Trusted Domains: nationet.com ([olb2] https in Trusted sites)
O15 - HKU\S-1-5-21-376703062-3324774183-3156808329-1005\..Trusted Domains: 5 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zon...nt.cab27571.cab (MessengerStatsClient Class)
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} http://download.zone...ee/cm/ICSCM.cab (ICSScannerLight Class)
O16 - DPF: {27B84445-9953-4E9B-B01C-73D734A57DEA} http://games.eurobet...RaceControl.ocx (Reg Error: Key error.)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zon...er.cab31267.cab (Minesweeper Flags Class)
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} http://us.chat1.yimg...v45/yacscom.cab (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akama...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase8300.cab (Windows Live Safety Center Base Module)
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} http://chat.yahoo.com/cab/yacsui.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8D68BB78-2B9C-4CED-8E23-15BECB870DC7} http://games1.eurobe...dsViewerBig.ocx (Reg Error: Key error.)
O16 - DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} http://txn02.hkjc.co...ect/eWinCtl.cab (DataStore Class)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab28177.cab (MessengerStatsClient Class)
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} http://download.sopc...oad/SOPCORE.CAB (SopCore Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {AA44D0B1-B2B4-4BCC-B710-CB45C6C2C270} http://games1.eurobe...oundsViewer.ocx (Reg Error: Key error.)
O16 - DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} http://mercpuk1.glob...in/Spider91.cab (Loader Class v4)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://casinoclassi...sic/FlashAX.cab (FlashXControl Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://mwmuk.webex....bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} http://chat.yahoo.com/cab/yvwrctl.cab (Yahoo! Webcam Viewer Wrapper)
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} http://www.smgradio....abasetup144.cab (Reg Error: Key error.)
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} http://messenger.zon...wn.cab31267.cab (Solitaire Showdown Class)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://canbet.gamea...et/FlashAX2.cab (Flash Casino Helper Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Gregg\Desktop\*.tmp files]
[2009/05/28 08:04:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009/05/23 20:25:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gregg\My Documents\PacificPoker
[2009/05/23 20:23:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gregg\Application Data\PacificPoker
[2009/05/23 20:22:22 | 00,000,000 | ---D | C] -- C:\Program Files\PacificPoker
[2009/05/22 04:17:56 | 14,096,560 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Gregg\Desktop\drweb-cureit.exe
[2009/05/20 22:51:18 | 00,000,308 | ---- | C] () -- C:\Documents and Settings\Gregg\Desktop\FixServices.bat
[2009/05/20 15:25:32 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/20 04:55:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gregg\Local Settings\temp
[2009/05/20 04:21:29 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/05/20 04:21:23 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/20 04:19:32 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/20 04:14:44 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/20 04:14:44 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/20 04:14:44 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/20 04:14:44 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/20 04:14:44 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/20 04:14:44 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/20 04:14:44 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/20 04:14:44 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/20 04:12:57 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/20 04:06:45 | 02,989,964 | R--- | C] () -- C:\Documents and Settings\Gregg\Desktop\ComboFix.exe
[2009/05/13 13:41:08 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/13 13:40:43 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Gregg\Desktop\Rooter.exe
[2009/05/13 09:47:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gregg\Application Data\Malwarebytes
[2009/05/13 09:46:22 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/13 09:46:21 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/13 09:46:18 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/13 09:46:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/13 09:46:14 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/13 09:40:27 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gregg\Desktop\OTListIt2.exe
[2009/05/13 09:36:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/13 09:35:41 | 00,000,617 | ---- | C] () -- C:\Documents and Settings\Gregg\Desktop\NTREGOPT.lnk
[2009/05/13 09:35:41 | 00,000,598 | ---- | C] () -- C:\Documents and Settings\Gregg\Desktop\ERUNT.lnk
[2009/05/13 09:35:27 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/13 09:28:54 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Gregg\Desktop\SysRestorePoint.exe
[2009/05/12 14:21:27 | 00,000,026 | ---- | C] () -- C:\WINDOWS\Zone.Identifier
[2009/05/11 14:06:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gregg\Desktop\Process Explorer
[2009/05/10 18:39:29 | 00,000,676 | ---- | C] () -- C:\Documents and Settings\Gregg\Desktop\What's Running.lnk
[2009/05/10 18:39:27 | 00,000,000 | ---D | C] -- C:\Program Files\WhatsRunning
[2009/05/10 18:27:41 | 00,000,773 | ---- | C] () -- C:\Documents and Settings\Gregg\Desktop\EVEREST Home Edition.lnk
[2009/05/10 18:27:36 | 00,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2009/05/10 14:30:56 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/05/10 14:30:56 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/05/08 19:23:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Gregg\Desktop\Fields Data Recovery
[2009/05/02 22:29:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gregg\Application Data\aignes
[2009/05/02 19:03:34 | 00,000,000 | ---D | C] -- C:\Program Files\AM-DeadLink
[2009/03/04 23:58:12 | 00,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2009/02/07 02:11:11 | 00,015,541 | ---- | C] () -- C:\WINDOWS\snpstd.ini
[2009/02/07 02:11:06 | 00,390,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd.sys
[2009/02/07 02:11:03 | 00,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd.dll
[2009/02/07 02:11:03 | 00,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd.dll
[2009/02/07 02:11:03 | 00,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd.dll
[2008/12/31 17:04:42 | 00,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/07 14:46:53 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/07 13:52:01 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/12/03 21:10:33 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/10/26 08:23:42 | 00,002,069 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/24 21:30:23 | 00,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2007/12/18 14:15:50 | 00,000,126 | ---- | C] () -- C:\WINDOWS\mercury.ini
[2007/11/14 12:10:50 | 00,000,155 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/11/14 12:04:50 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\scanx.dll
[2007/11/14 12:04:43 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\wcp412p6.dll
[2007/10/26 11:28:18 | 00,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/10/26 11:28:04 | 00,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/08 20:07:06 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/01/25 00:04:36 | 00,000,564 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2006/01/24 23:51:27 | 00,000,162 | ---- | C] () -- C:\WINDOWS\powerlist.ini
[2006/01/05 00:59:00 | 00,000,596 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2005/12/07 10:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/11/23 21:36:11 | 00,000,101 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2005/11/12 19:42:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\RAWImage.INI
[2005/09/24 22:27:42 | 00,000,600 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/06/11 15:52:11 | 00,065,385 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\TEWLN.SYS
[2005/04/16 21:13:08 | 00,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2005/04/16 21:13:08 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2005/04/16 21:13:07 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/04/16 21:13:06 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/04/16 21:13:02 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2004/11/20 18:34:07 | 00,003,072 | R--- | C] () -- C:\WINDOWS\System32\coinst.dll
[2004/10/09 13:19:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/08/03 16:43:11 | 00,005,607 | R--- | C] () -- C:\WINDOWS\System32\stci.dll
[2004/03/20 12:55:53 | 00,000,092 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/03/03 21:06:27 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2004/03/03 21:06:27 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2003/08/13 00:55:07 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/12 23:07:54 | 00,001,532 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/08/12 23:01:00 | 00,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2003/08/12 23:00:23 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/08/12 23:00:04 | 00,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/08/12 22:52:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2003/08/12 22:52:19 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\getnode.dll
[2003/08/12 22:47:23 | 00,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.ini
[2003/08/12 22:35:10 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2003/08/12 22:35:10 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2003/08/12 22:35:10 | 00,009,149 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2003/08/12 22:35:10 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2003/08/12 22:29:34 | 00,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
[2003/08/12 22:26:34 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/12 18:39:17 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/08/12 18:32:14 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/08/12 18:09:22 | 00,000,382 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/08/12 18:08:42 | 00,001,141 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/08/12 18:08:32 | 00,000,270 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/04/25 00:32:58 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\TVCtrl.dll
[2003/04/25 00:32:36 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\Multview.dll
[2003/04/25 00:32:12 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\LCDCtrl.dll
[2003/04/25 00:31:48 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\GenCtrl.dll
[2003/04/25 00:31:22 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\CRTCtrl.dll
[2003/04/25 00:31:00 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ColorCtr.dll
[2003/01/07 13:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 14:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1996/12/08 21:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/12/08 21:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1996/04/03 20:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[5 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Gregg\Desktop\*.tmp files]
[2009/05/29 11:01:09 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/29 10:00:15 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/05/29 08:55:08 | 36,510,148 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/05/29 08:55:08 | 00,062,921 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/05/29 01:18:04 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{55EAC085-AAE2-4E9A-98E2-980E90BB2160}.job
[2009/05/26 11:17:21 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Gregg\Local Settings\desktop.ini
[2009/05/26 11:16:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/26 11:15:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/26 11:15:37 | 50,284,5440 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/23 21:20:05 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/22 04:17:57 | 14,096,560 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Gregg\Desktop\drweb-cureit.exe
[2009/05/20 22:51:18 | 00,000,308 | ---- | M] () -- C:\Documents and Settings\Gregg\Desktop\FixServices.bat
[2009/05/20 04:45:08 | 00,000,270 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/20 04:21:29 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/20 04:06:46 | 02,989,964 | R--- | M] () -- C:\Documents and Settings\Gregg\Desktop\ComboFix.exe
[2009/05/17 14:57:59 | 00,074,240 | ---- | M] () -- C:\Documents and Settings\Gregg\Desktop\GW & JR Account 07 - 08.xls
[2009/05/17 07:48:40 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/05/14 17:50:08 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/05/13 13:40:48 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Gregg\Desktop\Rooter.exe
[2009/05/13 10:23:52 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/13 09:40:27 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gregg\Desktop\OTListIt2.exe
[2009/05/13 09:35:41 | 00,000,617 | ---- | M] () -- C:\Documents and Settings\Gregg\Desktop\NTREGOPT.lnk
[2009/05/13 09:35:41 | 00,000,598 | ---- | M] () -- C:\Documents and Settings\Gregg\Desktop\ERUNT.lnk
[2009/05/13 09:28:54 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Gregg\Desktop\SysRestorePoint.exe
[2009/05/12 14:21:27 | 00,000,026 | ---- | M] () -- C:\WINDOWS\Zone.Identifier
[2009/05/12 01:06:31 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\Gregg\Desktop\Operation BW, Balances, Poker Codes.doc
[2009/05/11 00:15:26 | 00,001,141 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/11 00:15:26 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/05/10 18:39:29 | 00,000,676 | ---- | M] () -- C:\Documents and Settings\Gregg\Desktop\What's Running.lnk
[2009/05/10 18:27:41 | 00,000,773 | ---- | M] () -- C:\Documents and Settings\Gregg\Desktop\EVEREST Home Edition.lnk
[2009/05/10 14:30:56 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/05/10 09:59:57 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/05/10 09:59:52 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/05/10 09:59:51 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/05/10 09:58:16 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/05/07 20:45:50 | 00,017,591 | ---- | M] () -- C:\Documents and Settings\Gregg\Desktop\BJ Invoice.pdf
[2009/05/07 08:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/04 20:03:48 | 00,000,101 | ---- | M] () -- C:\WINDOWS\DVDRegionFree.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Gregg\Desktop\BJ Invoice.pdf:DocumentSummaryInformation
@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\Gregg\Desktop\BJ Invoice.pdf:SummaryInformation
< End of report >


Extras.Txt
OTListIt Extras logfile created on: 29/05/2009 12:09:04 - Run 2
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Documents and Settings\Gregg\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

479.48 Mb Total Physical Memory | 212.73 Mb Available Physical Memory | 44.37% Memory free
1.27 Gb Paging File | 0.85 Gb Available in Paging File | 66.79% Paging File free
Paging file location(s): C:\pagefile.sys 900 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 26.22 Gb Free Space | 46.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GREGGLAPTOP
Current User Name: Gregg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- Reg Error: Key error. File not found
.ini [@ = inifile] -- C:\WINDOWS\notepad.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\notepad.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/04/08 05:38:28 | 00,496,752 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
[2004/04/08 05:38:26 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/06/26 14:13:24 | 00,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/06/26 14:13:40 | 01,207,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/06/26 14:13:40 | 01,977,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[2009/02/06 19:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 19:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
[2009/03/06 00:51:31 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/11/13 22:07:13 | 00,214,536 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[2005/08/19 14:48:41 | 00,020,480 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger
[2002/09/23 17:40:47 | 05,144,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Games\Links 2003 Demo\LinksMMIII.exe:*:Enabled:Links 2003
[2005/08/31 22:39:08 | 00,421,888 | ---- | M] () -- C:\Program Files\ppStream\ppStream.exe:*:Enabled:ppStream P2P Streaming Player
[2004/02/03 11:30:14 | 00,814,080 | ---- | M] (Abacast, Inc.) -- C:\Program Files\Abacast\Abaclient.exe:*:Enabled:Abaclient
[2004/04/08 05:38:28 | 00,496,752 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
[2004/04/08 05:38:26 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/04/23 09:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service
[2006/06/26 14:13:24 | 00,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/06/26 14:13:40 | 01,207,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/06/26 14:13:40 | 01,977,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[2008/04/14 01:12:33 | 00,077,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing
[2007/03/07 11:27:12 | 00,567,384 | ---- | M] (www.sopcast.com) -- C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver
[2008/04/30 09:32:48 | 01,892,352 | ---- | M] (www.sopcast.com) -- C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
[2008/04/14 01:12:18 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[2009/02/06 19:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 19:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
[2009/03/06 00:51:31 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2009/05/10 09:51:28 | 01,085,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2009/05/10 09:58:44 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
[2009/03/18 01:03:04 | 00,097,128 | ---- | M] (Mozilla Foundation) -- C:\Program Files\TomTom HOME 2\xulrunner\TomTomHOMERuntime.exe:*:Enabled:TomTom HOME
[2009/05/13 09:28:54 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Gregg\Desktop\SysRestorePoint.exe:*:Enabled:Single Click System Restore Point
[2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
[2006/11/24 17:16:50 | 20,058,152 | ---- | M] () -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}" = Nokia N73 highlights
"{06565122-7737-4F0F-ABF3-13019301BF81}" = 22M Wireless LAN Adapter
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12723C3A-0FF8-4A0C-8BD3-DC958F388F67}" = GoBoingo!
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1BAE37F4-250E-4516-ADF1-C5A4C0453F30}" = BetgeniusConsole
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{27B8F080-8CFF-4675-A990-093EA3A3407F}" = ICON 225 USB Connect
"{2C164906-E68F-462A-9010-70DD022223EF}" = RemoteCapture Task 1.0.2
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Internet Library
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3EB3B7E8-1466-405A-B5BC-44513AF85E34}_is1" = UltimateBet
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{48E16D31-C39F-45CB-91D9-357F7B2CEE52}" = SliQ Invoicing & Quoting
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite
"{57383270-6F61-4DC8-A9B8-C1745FC29F38}" = USB PC Camera (SN9C102)
"{59359B3D-ABE7-46BF-AB55-43B67A64DC68}" = Nokia MTP driver
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}" = Microsoft Outlook Web Access S/MIME
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73E30715-9EC4-4DAE-BE67-64500AEB8012}" = Nokia Nseries Skin for Microsoft Windows Media Player
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{76E46F23-8DFB-4993-895E-80D95FEE6E86}" = Atheros Client Utility
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}" = Nokia themes for your device
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0900)
"{80D95911-28E9-40AC-A6B5-1DA6D9F14B29}" = Software Suite
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{884705D8-575F-4F12-9FA6-E4558866A127}" = Spam Bully 2 for Outlook Express
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B7443F5-E141-42A0-AB61-ED2331AAD606}" = 4oD
"{8B7ADE32-F624-481D-9A76-62B2867C67EB}" = GJUpdate Live Lines
"{8C7A59A8-9ABE-459A-9A93-08C281A4A264}" = Microsoft Firewall Client
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9518F764-C54D-47B2-9E73-154B21E79FD2}" = RAW Image Task 1.0
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = Realtek Fast Ethernet Adapter Driver
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{99CC78D1-2356-497C-84C1-F239884001EC}" = Turbo Lister
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A260B422-70E1-41E2-957D-F76FA21266D5}" = Apple Software Update
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A6A286E8-D5C7-4FCB-BB2E-9FA532A8E343}" = ProcessJuggler
"{A962C8E1-4F0B-4BA9-806E-B8D9A3B31F82}" = SurfHere by Toshiba
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B9B9863A-32FD-4133-ADB7-46244ED77694}" = Camera Support Core Library
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
"{DDC146FA-73E0-4FA1-A353-841EA14BF600}" = Drag'n Drop CD+DVD
"{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EC16B64A-38A7-4D7D-BA2E-671ED441304F}" = ALi AGP Driver 2.00
"{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F37942A8-B21B-4C5A-A1D2-B676BF55EAE0}" = Camera Window
"{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"3271E907F27C989F2C244ACB3D32020E3DD3CA6F" = Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
"4oD" = 4oD
"Abacast Client" = Abacast Client
"AccessRunner ADSL" = Conexant AccessRunner USB ADSL WAN Adapter
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agnitum Spam Terrier_is1" = Agnitum Spam Terrier
"aignesamdeadlink" = AM-DeadLink 3.3
"AMCap" = AMCap
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AolCoach" = AOL Coach Version 1.0(Build:20020929.1)
"AOLCoach uk" = AOL Coach Version 1.0(Build:20040229.1 uk)
"a-squared Free_is1" = a-squared Free 4.0
"AT&T Connection Services Software" = AT&T Connection Services Manager
"Atomic Clock Sync" = Atomic Clock Sync
"AVG8Uninstall" = AVG 8.5
"Belarc Advisor" = Belarc Advisor 7.2
"Betfred Casino" = Betfred Casino
"Betfred Poker" = Betfred Poker
"BeTheDealer Casino" = BeTheDealer Casino
"Canbet" = Canbet Casino
"CanbetPoker (Poker)" = Canbet Poker
"CCleaner" = CCleaner (remove only)
"CEDP Stealer 4 for MSN Messenger 6 and 7" = CEDP Stealer 4 for MSN Messenger 6 and 7
"CleanUp!" = CleanUp!
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DIVXCodec" = DivX Codec 3.1alpha release
"DVD Region+CSS Free_is1" = DVD Region+CSS Free 5.82
"ERUNT_is1" = ERUNT 1.1j
"ESPNMotion" = ESPNMotion
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Excel" = Microsoft Excel 97
"FAR manager" = FAR file manager
"Fonbet Poker2" = Fonbet Poker (remove only)
"Globet Poker" = Globet Poker
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HyperLoad" = HyperLoad
"IcoFX_is1" = IcoFX 1.6.4
"Icon Sucker 2 Standard Edition" = Icon Sucker 2 Standard Edition
"IconWorkshop" = Axialis IconWorkshop 6.33
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2C164906-E68F-462A-9010-70DD022223EF}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Canon Internet Library for ZoomBrowser EX
"InstallShield_{9518F764-C54D-47B2-9E73-154B21E79FD2}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{B9B9863A-32FD-4133-ADB7-46244ED77694}" = Canon Camera Support Core Library
"InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{F37942A8-B21B-4C5A-A1D2-B676BF55EAE0}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"InterActual Player" = InterActual Player
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.40 Full
"Links 2003 Demo 1.0" = Microsoft Links 2003 Demo
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mansion Poker" = MansionPoker
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Mozilla Firefox (1.5)" = Mozilla Firefox (1.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MsgPlus! Plugin" = Messenger Plus! 3
"MSN Music Assistant" = MSN Music Assistant
"New Star Soccer 2" = New Star Soccer 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notebook_Maximizer" = Notebook Maximizer
"ObjectDock" = ObjectDock
"Pacific Poker" = Pacific Poker
"PokerSpying.com PokerSpying" = PokerSpying.com PokerSpying
"PokerStars" = PokerStars
"ppStream_is1" = ppStream 1.0.0.98
"QuicktimeAlt_is1" = QuickTime Alternative 1.66
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva (remove only)
"Shockwave" = Shockwave
"Skype_is1" = Skype 2.5
"SopCast" = SopCast 2.0.4
"Spam Bully for OE" = Spam Bully for OE 2.0.0.86
"SpeedFan" = SpeedFan (remove only)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
"Stan James Poker.com" = Stan James Poker.com
"TFNF5" = Toshiba Hotkey Utility for Display Devices
"TomTom HOME" = TomTom HOME 2.6.1.1549
"TOSHIBA Access" = TOSHIBA Access
"Toshiba Power Saver" = TOSHIBA Power Saver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TOSHIBA Software Upgrades" = TOSHIBA Software Upgrades
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"TOSHIBA Utilities" = TOSHIBA Utilities
"TouchED" = TOSHIBA TouchPad On/Off Utility V2.05.00
"Tweak UI 2.10" = Tweak UI
"Unlocker" = Unlocker 1.8.7
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.4a
"What's Running_is1" = What's Running 2.2
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Word8.0" = Microsoft Word 97
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xerox WorkCentre Pro 412 PCL 6" = Xerox WorkCentre Pro 412 PCL 6
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{99CC78D1-2356-497C-84C1-F239884001EC}" = Turbo Lister
"OANDA FXTrade" = OANDA FXTrade

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-376703062-3324774183-3156808329-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{99CC78D1-2356-497C-84C1-F239884001EC}" = Turbo Lister
"OANDA FXTrade" = OANDA FXTrade

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/05/2009 13:55:47 | Computer Name = GREGGLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 24/05/2009 15:41:40 | Computer Name = GREGGLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8237.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 28/05/2009 02:37:09 | Computer Name = GREGGLAPTOP | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 28/05/2009 02:37:49 | Computer Name = GREGGLAPTOP | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 28/05/2009 02:38:53 | Computer Name = GREGGLAPTOP | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 28/05/2009 04:54:46 | Computer Name = GREGGLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application msnmsgr.exe, version 14.0.8064.206, faulting
module livetransport.dll, version 14.0.8064.206, fault address 0x0004c064.

Error - 29/05/2009 01:36:20 | Computer Name = GREGGLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 29/05/2009 01:36:21 | Computer Name = GREGGLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 29/05/2009 01:56:42 | Computer Name = GREGGLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.15.7, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 29/05/2009 01:56:42 | Computer Name = GREGGLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.15.7, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 28/05/2009 10:33:00 | Computer Name = GREGGLAPTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Netman service.

Error - 28/05/2009 10:33:00 | Computer Name = GREGGLAPTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 28/05/2009 11:14:05 | Computer Name = GREGGLAPTOP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {FB7199AB-79BF-11D2-8D94-0000F875C541}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Messenger\msmsgs.exe"
-Embedding

Error - 28/05/2009 11:57:43 | Computer Name = GREGGLAPTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 10.131.15.92 for the Network Card with network
address 00909670F169 has been denied by the DHCP server 10.131.7.1 (The DHCP Server
sent a DHCPNACK message).

Error - 28/05/2009 12:04:09 | Computer Name = GREGGLAPTOP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {FB7199AB-79BF-11D2-8D94-0000F875C541}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Messenger\msmsgs.exe"
-Embedding

Error - 28/05/2009 13:19:28 | Computer Name = GREGGLAPTOP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {FB7199AB-79BF-11D2-8D94-0000F875C541}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Messenger\msmsgs.exe"
-Embedding

Error - 28/05/2009 19:58:13 | Computer Name = GREGGLAPTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 10.131.7.85 for the Network Card with network
address 00909670F169 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 29/05/2009 00:17:10 | Computer Name = GREGGLAPTOP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {FB7199AB-79BF-11D2-8D94-0000F875C541}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Messenger\msmsgs.exe"
-Embedding

Error - 29/05/2009 02:11:34 | Computer Name = GREGGLAPTOP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {FB7199AB-79BF-11D2-8D94-0000F875C541}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Messenger\msmsgs.exe"
-Embedding

Error - 29/05/2009 04:23:10 | Computer Name = GREGGLAPTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.


< End of report >

Hi Gregg123,

Almost done,

Run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  DRV - [2002/08/22 13:34:38 | 00,065,385 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\tewln.sys -- (TEWLN [On_Demand | Stopped])
  O16 - DPF: {27B84445-9953-4E9B-B01C-73D734A57DEA} http://games.eurobet.com/BigRaceControl.ocx (Reg Error: Key error.)
  O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab (Reg Error: Key error.)
  O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe (Reg Error: Key error.)
  O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} http://chat.yahoo.com/cab/yacsui.cab (Reg Error: Key error.)
  O16 - DPF: {8D68BB78-2B9C-4CED-8E23-15BECB870DC7} http://games1.eurobet.com/GreyhoundsViewerBig.ocx (Reg Error: Key error.)
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
  O16 - DPF: {AA44D0B1-B2B4-4BCC-B710-CB45C6C2C270} http://games1.eurobet.com/GreyhoundsViewer.ocx (Reg Error: Key error.)
  O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} http://www.smgradio.com/core/player/abasetup144.cab (Reg Error: Key error.)
  
  :Services
  
  :Reg
  
  :Files
  C:\WINDOWS\System32\drivers\TEWLN.SYS
  
  :Commands
  [purity]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post the new OTL2 log, that should pop up

I have tried this a few times. It works, and asks for a restart, but it isn't producing a log that I can post?!?

OK, just re- run the OTL scan & paste the new log.
I will see if those files are now missing.
Cheers,

sage5

Edited by sage5, 02 June 2009 - 11:09 PM.