[emufix]

Hi, Computer became infected with fake Vista Malware software.

Norton 360 eventually detected it and removed it. Said I had Trojan.FakeAV

Is my computer fixed or still infected?

Logs below. Ran GMER.exe twice but both times it crashed to blue screen while scanning so no GMER log.

OTL Log:

OTL logfile created on: 26/04/2010 12:09:47 - Run 5
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Steve\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.27 Gb Total Space | 5.11 Gb Free Space | 2.30% Space Free | Partition Type: NTFS
Drive D: | 10.61 Gb Total Space | 1.79 Gb Free Space | 16.89% Space Free | Partition Type: NTFS
Drive E: | 7.17 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEVE-PC
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Steve\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\SMINST\BLService.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Steve\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100425.019\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100425.019\NAVENG.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100415.001\IDSvix86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 11:42:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 20:26:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/20 05:03:26 | 000,000,000 | ---D | M]

[2009/06/23 02:07:25 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2010/04/25 13:21:37 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\e0a97zwc.default\extensions
[2009/06/27 00:46:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\e0a97zwc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/26 11:41:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/14 01:56:40 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/14 01:56:42 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/14 01:56:42 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/14 01:56:42 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/11 03:27:20 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImpulseNow.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation)
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...S/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Silhouette.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 03:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 90 Days ==========

[2010/04/22 02:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\BBC iPlayer Desktop
[2010/03/09 06:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/09 06:00:29 | 003,396,856 | ---- | C] (Piriform Ltd) -- C:\Users\Steve\Documents\ccsetup229.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Steve\Documents\*.tmp files -> C:\Users\Steve\Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/04/26 12:10:03 | 002,097,152 | -HS- | M] () -- C:\Users\Steve\NTUSER.DAT
[2010/04/26 11:47:52 | 000,000,898 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2010/04/26 11:47:30 | 000,000,248 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/04/26 11:41:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/26 11:41:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/26 11:41:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/26 11:41:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/26 11:41:22 | 2951,069,696 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/26 11:40:27 | 000,524,288 | -HS- | M] () -- C:\Users\Steve\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/26 11:40:27 | 000,065,536 | -HS- | M] () -- C:\Users\Steve\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/26 11:40:11 | 002,703,924 | -H-- | M] () -- C:\Users\Steve\AppData\Local\IconCache.db
[2010/04/26 11:25:33 | 001,966,564 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\Cat.DB
[2010/04/26 10:54:08 | 000,000,733 | ---- | M] () -- C:\Users\Steve\Desktop\NTREGOPT.lnk
[2010/04/26 10:54:08 | 000,000,714 | ---- | M] () -- C:\Users\Steve\Desktop\ERUNT.lnk
[2010/04/26 10:50:11 | 000,017,258 | -HS- | M] () -- C:\ProgramData\45GGW
[2010/04/26 10:50:10 | 000,017,258 | -HS- | M] () -- C:\Users\Steve\AppData\Local\45GGW
[2010/04/26 10:29:51 | 000,017,440 | -HS- | M] () -- C:\Users\Steve\AppData\Local\2933622510
[2010/04/26 10:29:51 | 000,017,440 | -HS- | M] () -- C:\ProgramData\2933622510
[2010/04/25 02:22:05 | 000,131,072 | ---- | M] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/22 02:34:51 | 000,000,862 | ---- | M] () -- C:\Users\Public\Desktop\BBC iPlayer Desktop.lnk
[2010/04/20 05:03:27 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/20 05:00:03 | 000,747,142 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/20 05:00:03 | 000,638,782 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/20 05:00:03 | 000,121,746 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/15 13:18:01 | 000,010,675 | ---- | M] () -- C:\Users\Steve\Documents\Music list.docx
[2010/04/07 04:24:15 | 000,008,528 | ---- | M] () -- C:\Users\Steve\Documents\War2 fighter cal.xlsx
[2010/04/06 12:51:07 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/15 14:52:36 | 000,038,912 | ---- | M] () -- C:\Users\Steve\Documents\1169690-10448081 - RW Job Specification.DOC
[2010/03/09 17:15:06 | 000,001,589 | ---- | M] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2010/03/09 06:00:38 | 003,396,856 | ---- | M] (Piriform Ltd) -- C:\Users\Steve\Documents\ccsetup229.exe
[2010/02/25 06:28:59 | 000,075,832 | ---- | M] () -- C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/25 04:30:05 | 000,314,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/08 10:37:48 | 000,019,665 | ---- | M] () -- C:\Users\Steve\Documents\CV - 2010.docx
[2010/02/04 18:00:03 | 000,002,140 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2010/02/03 03:24:16 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\isolate.ini
[2010/02/01 19:33:19 | 000,038,400 | ---- | M] () -- C:\Users\Steve\Documents\job spec (2).doc
[2010/01/30 14:11:41 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Steve\Documents\*.tmp files -> C:\Users\Steve\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/26 11:00:52 | 000,293,376 | ---- | C] () -- C:\Users\Steve\Desktop\gmer.exe
[2010/04/26 10:54:08 | 000,000,733 | ---- | C] () -- C:\Users\Steve\Desktop\NTREGOPT.lnk
[2010/04/26 10:54:08 | 000,000,714 | ---- | C] () -- C:\Users\Steve\Desktop\ERUNT.lnk
[2010/04/26 10:27:12 | 000,017,440 | -HS- | C] () -- C:\Users\Steve\AppData\Local\2933622510
[2010/04/26 10:27:12 | 000,017,440 | -HS- | C] () -- C:\ProgramData\2933622510
[2010/04/26 10:19:58 | 000,017,258 | -HS- | C] () -- C:\Users\Steve\AppData\Local\45GGW
[2010/04/26 10:19:58 | 000,017,258 | -HS- | C] () -- C:\ProgramData\45GGW
[2010/04/07 04:24:04 | 000,008,528 | ---- | C] () -- C:\Users\Steve\Documents\War2 fighter cal.xlsx
[2010/03/15 14:52:32 | 000,038,912 | ---- | C] () -- C:\Users\Steve\Documents\1169690-10448081 - RW Job Specification.DOC
[2010/03/09 17:15:06 | 000,001,589 | ---- | C] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2010/02/01 19:33:14 | 000,038,400 | ---- | C] () -- C:\Users\Steve\Documents\job spec (2).doc
[2009/08/18 23:07:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/23 18:41:33 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/05/09 18:12:25 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/05/01 23:40:43 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/01 23:40:43 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 10:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2009/05/02 23:22:07 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ACD Systems
[2009/05/23 20:04:25 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/08/02 20:11:32 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\DAEMON Tools Lite
[2009/06/17 00:17:14 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\SkynetResearchDCP.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2009/04/25 01:30:46 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Stardock
[2010/04/25 01:57:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\uTorrent
[2009/04/23 03:58:09 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\WildTangent
[2010/04/26 11:40:15 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/10/26 11:07:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2008/10/26 11:07:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2008/10/26 11:07:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2008/10/26 11:07:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/05/18 05:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\drivers\nvraid.sys
[2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/05/09 18:12:26 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/02/20 21:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/23 12:10:13 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 12:10:19 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 12:10:13 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2010/02/18 15:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2010/02/18 12:28:13 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:322EAACD
< End of report >








Mbam Log:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

26/04/2010 12:05:53
mbam-log-2010-04-26 (12-05-53).txt

Scan type: Quick scan
Objects scanned: 107257
Time elapsed: 13 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by emufix, 27 April 2010 - 08:31 PM.

[Advertisements]

A lot of our tools don't work on 64 bit systems so there is not all that much we can do. I do see 4 folders that are bad:

[2010/04/26 10:50:11 | 000,017,258 | -HS- | M] () -- C:\ProgramData\45GGW
[2010/04/26 10:50:10 | 000,017,258 | -HS- | M] () -- C:\Users\Steve\AppData\Local\45GGW
[2010/04/26 10:29:51 | 000,017,440 | -HS- | M] () -- C:\Users\Steve\AppData\Local\2933622510
[2010/04/26 10:29:51 | 000,017,440 | -HS- | M] () -- C:\ProgramData\2933622510

These should be removed manually. These are Hidden System folders so you will need to be able to see them:

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Put a checkmark in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
# Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
# Remove the checkmark from the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.
# Now your computer is configured to show all hidden files.

I see a couple of new .sys files so let's check if they are legitimate:

Start, Programs, Accessories then right click on Command Prompt and select Run As Administrator.

Type the lines in the codebox. Put an Enter after each line. I use two spaces so you can see where a single space goes.

cd  \windows

dir  /a  /s  http.sys  >>  junk.txt


dir  /a  /s  tunnel.sys  >>  junk.txt

notepad  junk.txt

Notepad should open. Copy the text and paste it into a reply.

Let's see if mbr.exe will work on your system.

Download:

http://www2.gmer.net/mbr/mbr.exe

and save it to your desktop. Right click on it and Run As Administrator. It should leave a file called mbr.log on your desktop. Double click on it and it should open in notepad. Copy and paste the text into a reply.

Run a free BitDefender online scan. http://www.bitdefend...nline/free.html

If windows blocks the active x then try putting Bitdefender in your trusted sites: In IE, Tool, Internet Options, Security, Trusted Sites, Sites. Then uncheck the HTTPS box and put in *.bitdefender.com then ADD. OK.

Ron

[RKinner]

A lot of our tools don't work on 64 bit systems so there is not all that much we can do. I do see 4 folders that are bad:

[2010/04/26 10:50:11 | 000,017,258 | -HS- | M] () -- C:\ProgramData\45GGW
[2010/04/26 10:50:10 | 000,017,258 | -HS- | M] () -- C:\Users\Steve\AppData\Local\45GGW
[2010/04/26 10:29:51 | 000,017,440 | -HS- | M] () -- C:\Users\Steve\AppData\Local\2933622510
[2010/04/26 10:29:51 | 000,017,440 | -HS- | M] () -- C:\ProgramData\2933622510

These should be removed manually. These are Hidden System folders so you will need to be able to see them:

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Put a checkmark in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
# Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
# Remove the checkmark from the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.
# Now your computer is configured to show all hidden files.

I see a couple of new .sys files so let's check if they are legitimate:

Start, Programs, Accessories then right click on Command Prompt and select Run As Administrator.

Type the lines in the codebox. Put an Enter after each line. I use two spaces so you can see where a single space goes.

cd  \windows

dir  /a  /s  http.sys  >>  junk.txt


dir  /a  /s  tunnel.sys  >>  junk.txt

notepad  junk.txt

Notepad should open. Copy the text and paste it into a reply.

Let's see if mbr.exe will work on your system.

Download:

http://www2.gmer.net/mbr/mbr.exe

and save it to your desktop. Right click on it and Run As Administrator. It should leave a file called mbr.log on your desktop. Double click on it and it should open in notepad. Copy and paste the text into a reply.

Run a free BitDefender online scan. http://www.bitdefend...nline/free.html

If windows blocks the active x then try putting Bitdefender in your trusted sites: In IE, Tool, Internet Options, Security, Trusted Sites, Sites. Then uncheck the HTTPS box and put in *.bitdefender.com then ADD. OK.

Ron

[emufix]

Thanks Ron,

Here are the various logs produced.

junk.txt:

Volume in drive C has no label.
Volume Serial Number is 35E9-07A9

Directory of C:\Windows\System32\drivers

20/02/2010 21:53 411,648 http.sys
1 File(s) 411,648 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6000.16951_none_aaa5b4031bdbf8a8

03/11/2009 11:37 396,800 http.sys
1 File(s) 396,800 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6000.17022_none_aac6fc331bc2f16e

20/02/2010 22:30 396,800 http.sys
1 File(s) 396,800 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6000.21154_none_ab3229ce34f717b9

03/11/2009 11:31 398,848 http.sys
1 File(s) 398,848 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6000.21227_none_ab559c5634dc0d12

20/02/2010 22:16 398,848 http.sys
1 File(s) 398,848 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6001.18000_none_acc0fc4918daed18

21/01/2008 03:23 401,408 http.sys
1 File(s) 401,408 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6001.18356_none_ac90f41b18fe084c

03/11/2009 20:53 411,136 http.sys
1 File(s) 411,136 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6001.18428_none_acb3665918e3e44e

20/02/2010 22:18 411,136 http.sys
1 File(s) 411,136 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6001.22556_none_ad1a92cc321ba53d

03/11/2009 20:52 411,136 http.sys
1 File(s) 411,136 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6001.22638_none_ad32351e32099d30

20/02/2010 22:20 411,136 http.sys
1 File(s) 411,136 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6002.18005_none_aeac755515fcb864

11/04/2009 05:45 401,408 http.sys
1 File(s) 401,408 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6002.18136_none_ae8d07c1161422b5

03/11/2009 20:41 411,648 http.sys
1 File(s) 411,648 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6002.18210_none_ae9ca7c316094ff0

20/02/2010 21:53 411,648 http.sys
1 File(s) 411,648 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6002.22258_none_af0305482f402d0f

03/11/2009 20:45 411,648 http.sys
1 File(s) 411,648 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6002.22343_none_af08d5a82f3c8f92

20/02/2010 22:06 411,648 http.sys
1 File(s) 411,648 bytes

Total Files Listed:
15 File(s) 6,096,896 bytes
0 Dir(s) 5,403,648,000 bytes free
Volume in drive C has no label.
Volume Serial Number is 35E9-07A9

Directory of C:\Windows\System32\drivers

18/02/2010 12:28 25,088 tunnel.sys
1 File(s) 25,088 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.17021_none_0fe812727f4356a5

18/02/2010 13:04 25,088 tunnel.sys
1 File(s) 25,088 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.21226_none_1076b295985c7249

18/02/2010 12:50 25,088 tunnel.sys
1 File(s) 25,088 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.18000_none_11e312d27c5a6ba6

21/01/2008 03:24 23,040 tunnel.sys
1 File(s) 23,040 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.18427_none_11d47c987c644985

18/02/2010 12:52 25,088 tunnel.sys
1 File(s) 25,088 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.22636_none_12524b13958ae910

18/02/2010 13:00 25,088 tunnel.sys
1 File(s) 25,088 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6002.18005_none_13ce8bde797c36f2

21/01/2008 03:24 23,040 tunnel.sys
1 File(s) 23,040 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6002.18209_none_13d290d27978969c

18/02/2010 12:28 25,088 tunnel.sys
1 File(s) 25,088 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6002.22341_none_1428eb9d92bddb72

18/02/2010 12:42 25,088 tunnel.sys
1 File(s) 25,088 bytes

Total Files Listed:
9 File(s) 221,696 bytes
0 Dir(s) 5,403,643,904 bytes free


mbr log:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK


Quickscan Beta log:

QuickScan Beta 32-bit v0.9.9.18
-------------------------------

Scan date: Tue Apr 27 07:58:43 2010
Machine ID: 35E907A9



No infection found.
-------------------



Processes
---------
<unsigned> BBC iPlayer Desktop.exe 2240 C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
<unsigned> Impulse Now 2728 C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
<unsigned> LightScribe 1988 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

<verified> hpwuSchd Application 2740 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
<verified> DAEMON Tools Lite 2444 C:\Program Files\DAEMON Tools Lite\daemon.exe
<verified> Firefox 15192 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> Flash Player Helper 3772 C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
<verified> HP Quick Launch Buttons 4076 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
<verified> HP QuickPlay 4016 C:\Program Files\HP\QuickPlay\QPService.exe
<verified> HP Total Care Advisor 3304 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
<verified> HP Wireless Assistant 648 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
<verified> HP Wireless Assistant 3828 C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
<verified> HpqToaster Module 3848 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
<verified> Java™ Platform SE 6 U13 2084 C:\Program Files\Java\jre6\bin\jusched.exe
<verified> Microsoft Office OneNote 3748 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
<verified> Microsoft® Windows® Operating System 3592 C:\Program Files\Windows Media Player\wmpnscfg.exe
<verified> Microsoft® Windows® Operating System 2588 C:\Windows\ehome\ehmsas.exe
<verified> Microsoft® Windows® Operating System 3156 C:\Windows\ehome\ehtray.exe
<verified> Microsoft® Windows® Operating System 3356 C:\Windows\Explorer.EXE
<verified> Microsoft® Windows® Operating System 3308 C:\Windows\system32\Dwm.exe
<verified> Microsoft® Windows® Operating System 3172 C:\Windows\system32\taskeng.exe
<verified> Synaptics Pointing Device Driver 4000 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
<verified> Windows® Internet Explorer 2644 C:\Program Files\Internet Explorer\iexplore.exe
<verified> Windows® Internet Explorer 3084 C:\Program Files\Internet Explorer\iexplore.exe
<verified> Windows® Internet Explorer 4224 C:\Program Files\Internet Explorer\iexplore.exe
<verified> Windows® Internet Explorer 4424 C:\Program Files\Internet Explorer\iexplore.exe
<verified> Windows® Internet Explorer 5424 C:\Program Files\Internet Explorer\iexplore.exe


Network activity
----------------
Process iexplore.exe (3084) connected on port 443 (HTTP over SSL) --> nuo.cn
Process iexplore.exe (3084) connected on port 2122 --> nuo.cn
Process iexplore.exe (4224) connected on port 443 (HTTP over SSL) --> nuo.cn
Process iexplore.exe (4224) connected on port 2122 --> nuo.cn
Process iexplore.exe (4424) connected on port 443 (HTTP over SSL) --> nuo.cn
Process iexplore.exe (4424) connected on port 2122 --> nuo.cn
Process firefox.exe (15192) connected on port 80 (HTTP) --> 209.85.227.101
Process firefox.exe (15192) connected on port 80 (HTTP) --> 199.93.52.126
Process firefox.exe (15192) connected on port 80 (HTTP) --> 92.123.128.20
Process firefox.exe (15192) connected on port 80 (HTTP) --> 65.55.177.205
Process firefox.exe (15192) connected on port 80 (HTTP) --> 212.140.233.201
Process firefox.exe (15192) connected on port 80 (HTTP) --> 216.137.63.157
Process firefox.exe (15192) connected on port 80 (HTTP) --> 88.221.173.115
Process firefox.exe (15192) connected on port 80 (HTTP) --> 212.140.233.208
Process firefox.exe (15192) connected on port 80 (HTTP) --> 209.85.229.149
Process firefox.exe (15192) connected on port 80 (HTTP) --> 209.85.227.149
Process firefox.exe (15192) connected on port 80 (HTTP) --> 64.79.79.115
Process firefox.exe (15192) connected on port 80 (HTTP) --> 64.79.79.115
Process firefox.exe (15192) connected on port 80 (HTTP) --> 212.140.233.208
Process firefox.exe (15192) connected on port 80 (HTTP) --> 140.99.94.175
Process firefox.exe (15192) connected on port 80 (HTTP) --> 216.137.63.131
Process firefox.exe (15192) connected on port 80 (HTTP) --> 208.43.225.3



Autoruns and critical files
---------------------------
<unsigned> BBC iPlayer Desktop.exe C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
<unsigned> Impulse Now C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
<unsigned> LightScribe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

<verified> hpwuSchd Application C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
<verified> Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
<verified> Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
<verified> DAEMON Tools Lite C:\Program Files\DAEMON Tools Lite\daemon.exe
<verified> GameSpy Comrade C:\Program Files\GameSpy\Comrade\Comrade.exe
<verified> HP Health Check Scheduler c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
<verified> HP Quick Launch Buttons C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
<verified> HP QuickPlay C:\Program Files\HP\QuickPlay\QPService.exe
<verified> HP Total Care Advisor C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
<verified> HP Wireless Assistant C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
<verified> Java™ Platform SE 6 U13 C:\Program Files\Java\jre6\bin\jusched.exe
<verified> Microsoft Office OneNote C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
<verified> Microsoft® Windows® Operating System C:\Program Files\Windows Media Player\wmpnscfg.exe
<verified> Microsoft® Windows® Operating System C:\Windows\ehome\ehtray.exe
<verified> Microsoft® Windows® Operating System C:\Windows\System32\browseui.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> MUI StartMenu Application C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
<verified> StartMen Application C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
<verified> StartMen Application C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
<verified> StartMen Application C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
<verified> StartMen Application C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
<verified> Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
<verified> Windows® Internet Explorer C:\Windows\System32\webcheck.dll


Browser plugins
---------------
<unsigned> Java™ Platform SE 6 U13 C:\Program Files\Java\jre6\bin\jp2ssv.dll
<unsigned> Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll

<verified> AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
<verified> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verified> Adobe® Flash® Player ActiveX C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
<verified> AOL IE Toolbar c:\program files\aol\aol toolbar 5.0\aoltb.dll
<verified> BitDefender QuickScan C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\e0a97zwc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\e0a97zwc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> Comrade Plugin C:\Program Files\GameSpy\Comrade\npcomrade.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> Norton Confidential C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll
<verified> NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
<verified> Symantec Intrusion Detection C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll
<verified> Symantec Security Check C:\Windows\Downloaded Program Files\rufsi.dll
<verified> Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer C:\Windows\System32\ieframe.dll


Missing files
-------------
File not found: C:\Users\Steve\AppData\Local\Temp\mbr.sys
referenced in: HKLM\System\ControlSet001\services\mbr\"ImagePath"

File not found: C:\Windows\System32\appmgmts.dll
referenced in: HKLM\System\ControlSet001\services\AppMgmt\Parameters\"ServiceDll"

File not found: system32\DRIVERS\ipinip.sys
referenced in: HKLM\System\ControlSet001\services\IpInIp\"ImagePath"

File not found: system32\DRIVERS\nwlnkflt.sys
referenced in: HKLM\System\ControlSet001\services\NwlnkFlt\"ImagePath"

File not found: system32\DRIVERS\nwlnkfwd.sys
referenced in: HKLM\System\ControlSet001\services\NwlnkFwd\"ImagePath"


Scan
----
<unsigned> MD5: 9c833eb4d62fc66189135b168c245ebe C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
<unsigned> MD5: 6f95324909b502e2651442c1548ab12f C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
<unsigned> MD5: 4a9295c9be22739d030ab072e9a0b169 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
<unsigned> MD5: abf90fc5a127f481219b873c1b8dfc1c C:\Program Files\Common Files\LightScribe\LSSrvc.exe
<unsigned> MD5: 3c1dc306f1f20a8071c363fa4fcbe16b C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
<unsigned> MD5: fa6c29f3668505a0c85c770951c68cf6 C:\Program Files\Common Files\LightScribe\QtCore4.dll
<unsigned> MD5: 90703bd8d71099e43993f3afaf2b5a10 C:\Program Files\Common Files\LightScribe\QtGui4.dll
<unsigned> MD5: 805ae1f90c64758d19aaa001cf8cba12 C:\Program Files\CyberLink\Shared files\RichVideo.exe
<unsigned> MD5: d881e8714e6be03d8aaf5d9a483a405c C:\Program Files\Hewlett-Packard\HP Advisor\CommonInterfaces.dll
<unsigned> MD5: f954282c26401f8227646d1222e3ef01 C:\Program Files\Hewlett-Packard\HP Advisor\CommonUtility.dll
<unsigned> MD5: 9ab9d42f8bf993d99f47587feaf2d00e C:\Program Files\Hewlett-Packard\HP Advisor\Content.dll
<unsigned> MD5: 3f1cbe0f1a272f4af7d6c9ee598259f3 C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
<unsigned> MD5: 43f6741416af8d06a6e0e4aaa2ed4f4e C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
<unsigned> MD5: 8daca6607dbae2ec20f180717f5f1300 C:\Program Files\Hewlett-Packard\HP Advisor\Interop.RulesEngineLib.dll
<unsigned> MD5: 57db7a53a6259dca42c38c880bb7ef98 C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
<unsigned> MD5: 9c804fe29746395a7c6ec23530e64682 C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
<unsigned> MD5: bbaeeb38780610e2b8e91a5aab53a417 C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
<unsigned> MD5: 165e396b41fb3d34c9e53cd2c7284b16 C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
<unsigned> MD5: 92d69164a53783be582576a611f10a74 C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECenter.dll
<unsigned> MD5: a72ffe861eae08b43f656ea3d5f45560 C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
<unsigned> MD5: d6118dc0e32a6bb81ba7e6e13eecc983 C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCHealthSecurity\PCHealthSecurityPillar.dll
<unsigned> MD5: f953bf39408f63590efe6cc2d589e56e C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCHelp\HowToPillar.dll
<unsigned> MD5: ed3bf6f346aaaa59f48604c1dde3a48d C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
<unsigned> MD5: 5ac08507fb3d1f37b9050dae1c2d27e8 C:\Program Files\Hewlett-Packard\HP Advisor\SystemStatus.dll
<unsigned> MD5: a19b0bb5a7eb6df2dd4a0711d36955ee c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
<unsigned> MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\Program Files\HP\QuickPlay\MFC71.dll
<unsigned> MD5: 561fa2abb31dfa8fab762145f81667c2 C:\Program Files\HP\QuickPlay\msvcp71.dll
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\Program Files\HP\QuickPlay\msvcr71.dll
<unsigned> MD5: 96a225c7f5346a9e81fc3dfa89a900c0 C:\Program Files\Java\jre6\bin\jp2ssv.dll
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\Program Files\Java\jre6\bin\msvcr71.dll
<unsigned> MD5: 26b018758226a5dc06de45496c394d40 C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: 9dfb30f203999a3ae0f258a33fa598f9 C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: 1fd6c03c0001a5e1eaf61596c2502f0c C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: f4f56ad19c2fd68deecaf7f0f72a586b C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
<unsigned> MD5: de4ef070a8ca700a6a75ddb4650485fb C:\Program Files\WinRAR\RarExt.dll
<unsigned> MD5: 3c97e7131026a968c69892a3002f4003 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\894183c0c47bd4772fbfad4c1a7e3b71\mscorlib.ni.dll
<unsigned> MD5: 712adef0e31e6793afd2179bbb16ea39 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\bfbe98e8737c97d8c938275ceca2b1d8\PresentationCore.ni.dll
<unsigned> MD5: 4978a8d8a2b242b6ab56a7ff38bbb28c C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0fa8eb806fadfff925850522a53c3c18\PresentationFramework.Aero.ni.dll
<unsigned> MD5: fe4100fd139266b7e3402b3086f8eb9d C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\394fd96b27f367e6ffb13bc8c35fdcb2\PresentationFramework.ni.dll
<unsigned> MD5: 44bc9fe94410a7165687d46774d1253d C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\78aac991cacbc9665c628f5466cec9c1\System.Configuration.ni.dll
<unsigned> MD5: 6a8b762947ddec8c7d898e6768593b67 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\74114632794c536c35d28a5c60f694ab\System.Data.ni.dll
<unsigned> MD5: 31d759eb90cccadc5641b6461c8ae180 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\57e722244d3b48cb92b340bc92d7a191\System.Drawing.ni.dll
<unsigned> MD5: 4892baa383e93f253ddec625d769a091 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\7315b1a64bf46430386b938ae3257e27\System.EnterpriseServices.ni.dll
<unsigned> MD5: 25f223605f937214c8304f25860f73cd C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\7315b1a64bf46430386b938ae3257e27\System.EnterpriseServices.Wrapper.dll
<unsigned> MD5: 92b6b5b5b6935d8589a99907c376f810 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3554229f9241c34b5acd5061bb7a9b6\System.Management.ni.dll
<unsigned> MD5: b49d32fba5f5670b45663145947f717a C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5fada30bf7c201ababed5104184b9754\System.Runtime.Remoting.ni.dll
<unsigned> MD5: bd0b784cb104c77f0e8c2884480798f7 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5790f8446c866b543ab1740fd27aaec5\System.Transactions.ni.dll
<unsigned> MD5: 4005c194272628cd1362a7ac88b50718 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\425e95df110b77abad261a46fca54e99\System.Windows.Forms.ni.dll
<unsigned> MD5: 5ed7722d11473666528dadc758e4edf1 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\99e7927ccb9099e607035349814d4cf6\System.Xml.ni.dll
<unsigned> MD5: 96d9ccdfcbdab436bf49ad0ed15c18e3 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\13cce38e8de5fd54853390e4e98abd0e\System.ni.dll
<unsigned> MD5: db6a91031da9d98d8d8829abc631144d C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c681da7e1c7b648cb456f2d90e7c50fe\WindowsBase.ni.dll
<unsigned> MD5: e2318e8514abf50e3ecedab9465a90a1 C:\Windows\system32\Adobe\Director\np32dsw.dll
<unsigned> MD5: 686b224b4987c22b153fbb545fee9657 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfc80u.dll
<unsigned> MD5: d8584c7fb9a1ba8480f9000c1ca1b415 C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80ENU.dll


No file uploaded.

Scan finished - communication took 6 sec
Total traffic - 0.07 MB sent, 2.79 KB recvd
Scanned 1173 files and modules - 191 seconds


OTL log:

OTL logfile created on: 27/04/2010 08:06:10 - Run 6
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Steve\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 30.00% Memory free
6.00 Gb Paging File | 3.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.27 Gb Total Space | 5.04 Gb Free Space | 2.27% Space Free | Partition Type: NTFS
Drive D: | 10.61 Gb Total Space | 1.79 Gb Free Space | 16.89% Space Free | Partition Type: NTFS
Drive E: | 7.17 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEVE-PC
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Steve\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\SMINST\BLService.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Steve\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100426.024\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100426.024\NAVENG.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSvix86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.18

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 12:38:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 20:26:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/20 05:03:26 | 000,000,000 | ---D | M]

[2009/06/23 02:07:25 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2010/04/27 07:57:59 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\e0a97zwc.default\extensions
[2009/06/27 00:46:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\e0a97zwc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/27 07:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\e0a97zwc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/04/26 11:41:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/14 01:56:40 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/14 01:56:42 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/14 01:56:42 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/14 01:56:42 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/11 03:27:20 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImpulseNow.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation)
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...S/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Silhouette.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 03:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 90 Days ==========

[2010/04/27 07:58:27 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\QuickScan
[2010/04/26 11:04:19 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2010/04/22 02:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\BBC iPlayer Desktop
[2010/03/09 06:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/09 06:00:29 | 003,396,856 | ---- | C] (Piriform Ltd) -- C:\Users\Steve\Documents\ccsetup229.exe
[1 C:\Users\Steve\Documents\*.tmp files -> C:\Users\Steve\Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/04/27 08:05:41 | 002,097,152 | -HS- | M] () -- C:\Users\Steve\NTUSER.DAT
[2010/04/27 07:53:17 | 000,077,312 | ---- | M] () -- C:\Users\Steve\Desktop\mbr.exe
[2010/04/27 06:37:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/27 06:37:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/26 12:42:46 | 000,000,898 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2010/04/26 12:41:57 | 000,000,248 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/04/26 12:37:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/26 12:37:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/26 12:37:49 | 2951,036,928 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/26 11:40:27 | 000,524,288 | -HS- | M] () -- C:\Users\Steve\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/26 11:40:27 | 000,065,536 | -HS- | M] () -- C:\Users\Steve\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/26 11:40:11 | 002,703,924 | -H-- | M] () -- C:\Users\Steve\AppData\Local\IconCache.db
[2010/04/26 11:25:33 | 001,966,564 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\Cat.DB
[2010/04/26 11:04:20 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2010/04/26 10:54:08 | 000,000,733 | ---- | M] () -- C:\Users\Steve\Desktop\NTREGOPT.lnk
[2010/04/26 10:54:08 | 000,000,714 | ---- | M] () -- C:\Users\Steve\Desktop\ERUNT.lnk
[2010/04/25 02:22:05 | 000,131,072 | ---- | M] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/22 02:34:51 | 000,000,862 | ---- | M] () -- C:\Users\Public\Desktop\BBC iPlayer Desktop.lnk
[2010/04/20 05:03:27 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/20 05:00:03 | 000,747,142 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/20 05:00:03 | 000,638,782 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/20 05:00:03 | 000,121,746 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/15 13:18:01 | 000,010,675 | ---- | M] () -- C:\Users\Steve\Documents\Music list.docx
[2010/04/07 04:24:15 | 000,008,528 | ---- | M] () -- C:\Users\Steve\Documents\War2 fighter cal.xlsx
[2010/04/06 12:51:07 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/15 14:52:36 | 000,038,912 | ---- | M] () -- C:\Users\Steve\Documents\1169690-10448081 - RW Job Specification.DOC
[2010/03/09 17:15:06 | 000,001,589 | ---- | M] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2010/03/09 06:00:38 | 003,396,856 | ---- | M] (Piriform Ltd) -- C:\Users\Steve\Documents\ccsetup229.exe
[2010/02/25 06:28:59 | 000,075,832 | ---- | M] () -- C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/25 04:30:05 | 000,314,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/08 10:37:48 | 000,019,665 | ---- | M] () -- C:\Users\Steve\Documents\CV - 2010.docx
[2010/02/04 18:00:03 | 000,002,140 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2010/02/03 03:24:16 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\isolate.ini
[2010/02/01 19:33:19 | 000,038,400 | ---- | M] () -- C:\Users\Steve\Documents\job spec (2).doc
[2010/01/30 14:11:41 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.dat
[1 C:\Users\Steve\Documents\*.tmp files -> C:\Users\Steve\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/27 07:53:15 | 000,077,312 | ---- | C] () -- C:\Users\Steve\Desktop\mbr.exe
[2010/04/26 11:00:52 | 000,293,376 | ---- | C] () -- C:\Users\Steve\Desktop\gmer.exe
[2010/04/26 10:54:08 | 000,000,733 | ---- | C] () -- C:\Users\Steve\Desktop\NTREGOPT.lnk
[2010/04/26 10:54:08 | 000,000,714 | ---- | C] () -- C:\Users\Steve\Desktop\ERUNT.lnk
[2010/04/07 04:24:04 | 000,008,528 | ---- | C] () -- C:\Users\Steve\Documents\War2 fighter cal.xlsx
[2010/03/15 14:52:32 | 000,038,912 | ---- | C] () -- C:\Users\Steve\Documents\1169690-10448081 - RW Job Specification.DOC
[2010/03/09 17:15:06 | 000,001,589 | ---- | C] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2010/02/01 19:33:14 | 000,038,400 | ---- | C] () -- C:\Users\Steve\Documents\job spec (2).doc
[2009/08/18 23:07:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/23 18:41:33 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/05/09 18:12:25 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/05/01 23:40:43 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/01 23:40:43 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 10:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2009/05/02 23:22:07 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ACD Systems
[2009/05/23 20:04:25 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/08/02 20:11:32 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\DAEMON Tools Lite
[2010/04/27 08:01:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\QuickScan
[2009/06/17 00:17:14 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\SkynetResearchDCP.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2009/04/25 01:30:46 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Stardock
[2010/04/25 01:57:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\uTorrent
[2009/04/23 03:58:09 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\WildTangent
[2010/04/26 11:40:15 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/09/15 02:50:09 | 271,215,204 | ---- | M] () -- C:\BACKUP.REG
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/06/11 03:32:42 | 000,066,900 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/04/26 12:37:49 | 2951,036,928 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/11 08:16:06 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/10/11 08:16:06 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/04/26 12:37:47 | 3264,942,080 | -HS- | M] () -- C:\pagefile.sys
[2009/06/08 04:34:43 | 000,004,574 | ---- | M] () -- C:\Rooter.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2010/02/23 07:33:44 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/02/20 21:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/23 12:10:13 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 12:10:19 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 12:10:13 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2010/02/18 15:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2010/02/18 12:28:13 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:322EAACD
< End of report >

Edited by emufix, 27 April 2010 - 08:30 PM.

[RKinner]

Everything looks clean. Only thing I see is that you are running an out of date version of Java.

Get the latest (6 Update 20) at:

http://www.java.com/...nload/index.jsp


Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE).

You should clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f


Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.4.
http://oldmcdonald.w...orun-eater-v24/
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on.

Go to go. Have to catch the early ferry today.

Ron

[emufix]

Thanks again Ron,

Java updated. System restore appears to create its own current restore points. Many thanks for sorting my system out.

OTL log:

OTL logfile created on: 28/04/2010 03:34:09 - Run 7
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Steve\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.27 Gb Total Space | 4.54 Gb Free Space | 2.04% Space Free | Partition Type: NTFS
Drive D: | 10.61 Gb Total Space | 1.79 Gb Free Space | 16.89% Space Free | Partition Type: NTFS
Drive E: | 7.17 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEVE-PC
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Steve\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\SMINST\BLService.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Steve\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100427.022\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100427.022\NAVENG.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSvix86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.18

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 12:38:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 20:26:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/28 02:29:42 | 000,000,000 | ---D | M]

[2009/06/23 02:07:25 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2010/04/28 02:34:37 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\e0a97zwc.default\extensions
[2009/06/27 00:46:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\e0a97zwc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/27 07:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\e0a97zwc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/04/28 03:04:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/28 02:29:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/14 01:56:40 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/14 01:56:42 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/14 01:56:42 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/14 01:56:42 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/11 03:27:20 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImpulseNow.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation)
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...S/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Silhouette.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/04/28 02:58:48 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\WinPatrol
[2010/04/28 02:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2010/04/28 02:31:18 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/04/28 02:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/27 07:58:27 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\QuickScan
[2010/04/26 11:04:19 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2010/04/22 02:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\BBC iPlayer Desktop
[2010/03/09 06:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/09 06:00:29 | 003,396,856 | ---- | C] (Piriform Ltd) -- C:\Users\Steve\Documents\ccsetup229.exe
[1 C:\Users\Steve\Documents\*.tmp files -> C:\Users\Steve\Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/04/28 03:36:05 | 002,097,152 | -HS- | M] () -- C:\Users\Steve\NTUSER.DAT
[2010/04/28 03:07:55 | 000,000,898 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2010/04/28 03:07:54 | 000,000,248 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/04/28 03:04:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/28 03:04:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/28 03:04:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/28 03:04:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/28 03:04:45 | 2951,114,752 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/28 03:03:39 | 000,524,288 | -HS- | M] () -- C:\Users\Steve\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/28 03:03:39 | 000,065,536 | -HS- | M] () -- C:\Users\Steve\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/28 03:02:45 | 002,957,572 | -H-- | M] () -- C:\Users\Steve\AppData\Local\IconCache.db
[2010/04/28 02:40:51 | 001,966,564 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\Cat.DB
[2010/04/27 07:53:17 | 000,077,312 | ---- | M] () -- C:\Users\Steve\Desktop\mbr.exe
[2010/04/26 11:04:20 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2010/04/26 10:54:08 | 000,000,733 | ---- | M] () -- C:\Users\Steve\Desktop\NTREGOPT.lnk
[2010/04/26 10:54:08 | 000,000,714 | ---- | M] () -- C:\Users\Steve\Desktop\ERUNT.lnk
[2010/04/25 02:22:05 | 000,131,072 | ---- | M] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/22 02:34:51 | 000,000,862 | ---- | M] () -- C:\Users\Public\Desktop\BBC iPlayer Desktop.lnk
[2010/04/20 05:03:27 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/20 05:00:03 | 000,747,142 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/20 05:00:03 | 000,638,782 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/20 05:00:03 | 000,121,746 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/15 13:18:01 | 000,010,675 | ---- | M] () -- C:\Users\Steve\Documents\Music list.docx
[2010/04/07 04:24:15 | 000,008,528 | ---- | M] () -- C:\Users\Steve\Documents\War2 fighter cal.xlsx
[2010/04/06 12:51:07 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/15 14:52:36 | 000,038,912 | ---- | M] () -- C:\Users\Steve\Documents\1169690-10448081 - RW Job Specification.DOC
[2010/03/09 17:15:06 | 000,001,589 | ---- | M] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2010/03/09 06:00:38 | 003,396,856 | ---- | M] (Piriform Ltd) -- C:\Users\Steve\Documents\ccsetup229.exe
[2010/02/25 06:28:59 | 000,075,832 | ---- | M] () -- C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/25 04:30:05 | 000,314,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/08 10:37:48 | 000,019,665 | ---- | M] () -- C:\Users\Steve\Documents\CV - 2010.docx
[2010/02/04 18:00:03 | 000,002,140 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2010/02/03 03:24:16 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\isolate.ini
[2010/02/01 19:33:19 | 000,038,400 | ---- | M] () -- C:\Users\Steve\Documents\job spec (2).doc
[2010/01/30 14:11:41 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.dat
[1 C:\Users\Steve\Documents\*.tmp files -> C:\Users\Steve\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/27 07:53:15 | 000,077,312 | ---- | C] () -- C:\Users\Steve\Desktop\mbr.exe
[2010/04/26 10:54:08 | 000,000,733 | ---- | C] () -- C:\Users\Steve\Desktop\NTREGOPT.lnk
[2010/04/26 10:54:08 | 000,000,714 | ---- | C] () -- C:\Users\Steve\Desktop\ERUNT.lnk
[2010/04/07 04:24:04 | 000,008,528 | ---- | C] () -- C:\Users\Steve\Documents\War2 fighter cal.xlsx
[2010/03/15 14:52:32 | 000,038,912 | ---- | C] () -- C:\Users\Steve\Documents\1169690-10448081 - RW Job Specification.DOC
[2010/03/09 17:15:06 | 000,001,589 | ---- | C] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2010/02/01 19:33:14 | 000,038,400 | ---- | C] () -- C:\Users\Steve\Documents\job spec (2).doc
[2009/08/18 23:07:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/23 18:41:33 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/05/09 18:12:25 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/05/01 23:40:43 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/01 23:40:43 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 10:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2009/05/02 23:22:07 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ACD Systems
[2009/05/23 20:04:25 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/08/02 20:11:32 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\DAEMON Tools Lite
[2010/04/27 08:01:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\QuickScan
[2009/06/17 00:17:14 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\SkynetResearchDCP.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2009/04/25 01:30:46 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Stardock
[2010/04/25 01:57:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\uTorrent
[2009/04/23 03:58:09 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\WildTangent
[2010/04/28 02:58:48 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\WinPatrol
[2010/04/28 03:03:17 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/09/15 02:50:09 | 271,215,204 | ---- | M] () -- C:\BACKUP.REG
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/06/11 03:32:42 | 000,066,900 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/04/28 03:04:45 | 2951,114,752 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/11 08:16:06 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/10/11 08:16:06 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/04/28 03:04:44 | 3264,942,080 | -HS- | M] () -- C:\pagefile.sys
[2009/06/08 04:34:43 | 000,004,574 | ---- | M] () -- C:\Rooter.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/02/20 21:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/23 12:10:13 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 12:10:19 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 12:10:13 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2010/02/18 15:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2010/02/18 12:28:13 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:322EAACD
< End of report >

[RKinner]

OK. You can uninstall or delete any programs we had you download and their logs.

Ron

[emufix]

Ok. Will do.

Thanks,
Emufix