Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware,Trojans and more - NIGHTMARE PLEASE HELP

Started by Delboy24 , Sep 24 2010 05:00 AM

This topic is locked

#1
Delboy24

Posted 24 September 2010 - 05:00 AM

New Member

Member
9 posts

Hi,

About 3 months ago, I had an infection which opened about 90 trojans in less than 20 minutes (complete panic). I followed the guides on here for removal for a number of issues and all seemed ok....I am guessing I did not get rid of everything..

This evening, AVG flagged 6 trojans coming up in one go, then I got Antimalware Doctor installed automatically on my pc.

I have run MWBytes and removed 3 but cant get rid of the rest and I think I still have issues - 3 blue screens since rebooting when running GMER scan.

I have DDS log and a hijack this log an eventually a GMER log

Oh and MWBytes is now displaying an error 2 code (whatever that is) in spite of 2 re-installs and my pc is sluggish.

I know my pc has been compromised as my hobby website has been hacked yesterday with my FTP credentials - Godaddy confirmed this who host it.

Thx in advance

Del

DDS (Ver_10-03-17.01) - NTFSx86 
Run by paul at 18:55:00.26 on 22/09/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.44.1033.18.3326.1716 [GMT 1:00]

SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\crypserv.exe
C:\Windows\system32\dgdersvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\system32\FsUsbExService.Exe
c:\hp\HPEZBTN\HPBtnSrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxdicoms.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\jureg.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Users\paul\.COMMgr\complmgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\paul\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://dpbuk.co.uk/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
EB: iOpus iMacros: {0483894e-2422-45e0-8384-021aff1af3cd} - c:\program files\imacros\imacros.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [EPSON Stylus SX400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiege.exe /fu "c:\windows\temp\E_SF76A.tmp" /EF "HKCU"
uRun: [EPSON Stylus SX400 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatiege.exe /fu "c:\windows\temp\E_S7561.tmp" /EF "HKCU"
uRun: [Google Update] "c:\users\paul\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
uRun: [DriverScanner] "c:\program files\uniblue\driverscanner\launcher.exe" delay 20000 
uRun: [COM+ Manager] "c:\users\paul\.commgr\complmgr.exe"
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [<NO NAME>] 
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles
mRun: [Nokia FastStart] "c:\program files\nokia\nokia music\NokiaMusic.exe" /command:faststart
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NPSStartup] 
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobe version cue cs4\server\bin\VersionCueCS4Tray.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
StartupFolder: c:\users\paul\appdata\roaming\micros~1\windows\startm~1\programs\startup\antimalware doctor.lnk - c:\users\paul\appdata\roaming\4423fe6cd6270e7cce876c086e1b9805\handlerfix70700en00.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - c:\programs\partygaming\partygammon\RunBackGammon.exe
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD} - c:\program files\imacros\imacros.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\users\paul\appdata\local\temp\ixp000.tmp\InstallerControl.cab
DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} - c:\users\paul\appdata\local\temp\f5tmp\urTermProxy.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - c:\users\paul\appdata\local\temp\f5tmp\urxhost.cab
TCP: {2FA9592D-E2BB-4777-A3C9-80EA6E797A6A} = 194.168.4.100,194.168.8.100
TCP: {9E5FBC06-FD49-493D-99CE-6F217D4AD159} = 194.168.4.100,194.168.8.100
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: c:\progra~1\google\google~3\goec62~1.dll,c:\progra~1\google\google~3\GoogleDesktopNetwork3.dll,avgrs
stx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - c:\program files\pixiepack codec pack\InstallerHelper.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\paul\appdata\roaming\mozilla\firefox\profiles\v03y8lsw.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\paul\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {DBD8D0E4-E9C8-4ED5-BA6A-B4B3BFD6B130} - c:\users\paul\appdata\local\{DBD8D0E4-E9C8-4ED5-BA6A-B4B3BFD6B130}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-4-20 28552]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-9-10 218592]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-31 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-31 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-31 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-31 308136]
R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-7-26 95568]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-8-25 217088]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\hpezbtn\HPBtnSrv.exe [2008-1-9 198240]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-9-22 47640]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2008-9-19 65536]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-9-10 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-9-10 1142224]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-7-26 18136]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-8-25 36640]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2008-1-9 1129344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-9-2 20952]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2008-1-9 464384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-12 135664]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-9-2 304464]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-8-31 431432]
S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 6\DfSdkS.exe [2010-8-31 406016]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-6 21504]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-3-31 30192]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-5 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-5 40552]
S3 pbfilter;pbfilter;c:\users\paul\documents\downloads\peerblock_r181__win32_release_(vista)\pbfilter.s
ys [2010-5-8 16472]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2009-6-3 23096]
S3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [2009-6-3 3768]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\stumbleupon\StumbleUponUpdateService.exe [2010-4-7 120232]

=============== Created Last 30 ================

2010-09-22 16:16:39	0	d-----w-	c:\windows\LastGood.Tmp
2010-09-15 06:38:34	502272	----a-w-	c:\windows\system32\usp10.dll
2010-09-15 06:38:32	128000	----a-w-	c:\windows\system32\spoolsv.exe
2010-09-15 06:38:30	317952	----a-w-	c:\windows\system32\MP4SDECD.DLL
2010-09-15 06:38:27	739328	----a-w-	c:\windows\system32\inetcomm.dll
2010-09-11 15:24:16	0	d-----w-	c:\program files\EasyPHP-5.3.3
2010-09-11 15:14:49	0	d-----w-	c:\program files\Apex Pacific
2010-09-10 17:42:45	7387	----a-w-	c:\windows\system32\drivers\pctgntdi.cat
2010-09-10 17:42:45	233136	----a-w-	c:\windows\system32\drivers\pctgntdi.sys
2010-09-10 17:42:45	100136	----a-w-	c:\windows\system32\drivers\pctwfpfilter.sys
2010-09-10 17:42:36	88040	----a-w-	c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-10 17:42:36	7412	----a-w-	c:\windows\system32\drivers\PCTAppEvent.cat
2010-09-10 17:42:36	7383	----a-w-	c:\windows\system32\drivers\pctcore.cat
2010-09-10 17:42:36	218592	----a-w-	c:\windows\system32\drivers\PCTCore.sys
2010-09-10 17:42:30	7383	----a-w-	c:\windows\system32\drivers\pctplsg.cat
2010-09-10 17:42:30	63360	----a-w-	c:\windows\system32\drivers\pctplsg.sys
2010-09-10 17:42:13	0	d-----w-	c:\users\paul\appdata\roaming\PC Tools
2010-09-10 17:42:13	0	d-----w-	c:\programdata\PC Tools
2010-09-10 17:42:13	0	d-----w-	c:\program files\Spyware Doctor
2010-09-10 17:42:13	0	d-----w-	c:\program files\common files\PC Tools
2010-09-04 16:05:29	0	d-----w-	c:\users\paul\appdata\roaming\Affilorama
2010-09-04 16:05:28	0	d-----w-	c:\program files\Traffic Travis v3
2010-09-04 13:39:29	0	d-----w-	c:\users\paul\DoctorWeb
2010-09-03 21:37:46	221568	----a-w-	c:\windows\system32\drivers\netio.sys
2010-09-03 21:37:24	1238528	----a-w-	c:\windows\system32\zpeng25.dll
2010-09-03 21:23:38	457304	----a-w-	c:\windows\system32\drivers\vsdatant.sys
2010-09-03 21:23:38	420800	---ha-w-	c:\windows\system32\drivers\vsconfig.xml
2010-09-03 21:23:38	0	d-----w-	c:\windows\system32\ZoneLabs
2010-09-03 21:23:38	0	d-----w-	c:\program files\Zone Labs
2010-09-03 21:22:41	0	d-----w-	c:\programdata\CheckPoint
2010-09-03 21:22:38	0	d-----w-	c:\windows\Internet Logs
2010-09-03 21:05:04	65536	--sha-w-	C:\ntuser.dat{6326c0d6-b787-11df-89fe-001e8c765f76}.TM.blf
2010-09-03 21:05:04	524288	--sha-w-	C:\ntuser.dat{6326c0d6-b787-11df-89fe-001e8c765f76}.TMContainer00000000000000000002.regtrans-ms
2010-09-03 21:05:04	524288	--sha-w-	C:\ntuser.dat{6326c0d6-b787-11df-89fe-001e8c765f76}.TMContainer00000000000000000001.regtrans-ms
2010-09-02 21:22:32	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-02 21:22:31	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-09-02 21:22:31	0	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-02 20:36:43	0	d-sh--w-	c:\users\paul\.COMMgr
2010-09-02 20:36:21	0	d-----w-	c:\users\paul\appdata\roaming\4423FE6CD6270E7CCE876C086E1B9805
2010-08-31 22:12:05	0	d--h--w-	C:\$AVG
2010-08-31 21:12:25	0	d-----w-	c:\users\paul\appdata\roaming\GlarySoft
2010-08-31 21:12:24	12536	----a-w-	c:\windows\system32\avgrsstx.dll
2010-08-31 21:12:22	243024	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2010-08-31 21:12:16	216400	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2010-08-31 21:12:14	0	d-----w-	c:\windows\system32\drivers\Avg
2010-08-31 21:12:12	0	d-----w-	c:\programdata\AVG Security Toolbar
2010-08-31 21:10:04	0	d-----w-	c:\program files\AVG
2010-08-31 21:09:46	0	d-----w-	c:\programdata\avg9
2010-08-31 20:17:33	0	d-----w-	c:\programdata\Uniblue
2010-08-31 20:17:29	0	d-----w-	c:\users\paul\appdata\roaming\Uniblue
2010-08-31 20:15:18	28160	----a-w-	c:\windows\system32\DfSdkBt.exe
2010-08-29 17:23:10	0	d-----w-	c:\program files\TwitterBlasterPro
2010-08-29 16:40:38	184076	---ha-w-	c:\windows\system32\mlfcache.dat
2010-08-29 16:16:21	0	d-----w-	c:\users\paul\appdata\roaming\com.mesiablabs.Hummingbird.DD96D946B68711898AC52ED9549DF79715E23D9C.1
2010-08-24 18:14:53	0	d-----w-	c:\users\paul\appdata\roaming\ubot

==================== Find3M ====================

2010-09-22 16:36:56	86016	----a-w-	c:\windows\inf\infpub.dat
2010-09-22 16:36:56	143360	----a-w-	c:\windows\inf\infstrng.dat
2010-09-22 16:36:56	143360	----a-w-	c:\windows\inf\infstor.dat
2010-09-03 21:05:18	262144	----a-w-	C:\ntuser.dat
2010-08-06 17:37:26	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-08-06 17:37:25	0	---ha-w-	c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-08-06 17:12:53	0	---ha-w-	c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2010-07-27 14:57:18	49152	----a-r-	c:\windows\system32\inetwh32.dll
2010-07-27 14:57:18	1044480	----a-r-	c:\windows\system32\roboex32.dll
2010-07-26 13:17:06	95568	----a-w-	c:\windows\system32\dgdersvc.exe
2010-07-26 13:17:06	726352	----a-w-	c:\windows\system32\dgderapi.dll
2010-07-26 13:17:06	319456	----a-w-	c:\windows\system32\DIFxAPI.dll
2010-07-26 13:17:06	18136	----a-w-	c:\windows\system32\drivers\dgderdrv.sys
2010-07-26 13:15:26	36640	----a-w-	c:\windows\system32\FsUsbExDisk.Sys
2010-07-26 13:15:26	217088	----a-w-	c:\windows\system32\FsUsbExService.Exe
2010-06-26 06:05:49	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-26 06:02:15	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-06-26 06:02:15	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-06-26 04:25:02	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-05-05 02:19:17	665600	----a-w-	c:\windows\inf\drvindex.dat
2009-12-28 16:17:03	174	--sha-w-	c:\program files\desktop.ini
2006-11-02 12:42:02	30674	----a-w-	c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02	30674	----a-w-	c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02	287440	----a-w-	c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02	287440	----a-w-	c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21	287440	----a-w-	c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21	287440	----a-w-	c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19	30674	----a-w-	c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19	30674	----a-w-	c:\windows\inf\perflib\0000\perfc.dat
2009-10-15 02:26:13	245760	--sha-w-	c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-12-21 19:39:51	16384	--sha-w-	c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.
dat
2009-12-21 19:39:51	32768	--sha-w-	c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-12-21 19:39:51	16384	--sha-w-	c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-10-16 18:08:10	245760	--sha-w-	c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-01-08 23:03:03	8192	--sha-w-	c:\windows\users\default\NTUSER.DAT

============= FINISH: 18:57:51.97 ===============



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:47:03, on 22/09/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\jureg.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Users\paul\.COMMgr\complmgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\paul\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dpbuk.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [EPSON Stylus SX400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "C:\Windows\TEMP\E_SF76A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus SX400 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "C:\Windows\TEMP\E_S7561.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Google Update] "C:\Users\paul\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [DriverScanner] "C:\Program Files\Uniblue\DriverScanner\launcher.exe" delay 20000 
O4 - HKCU\..\Run: [COM+ Manager] "C:\Users\paul\.COMMgr\complmgr.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2392193440-2477452000-396362505-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')
O4 - Startup: Antimalware Doctor.lnk = C:\Users\paul\AppData\Roaming\4423FE6CD6270E7CCE876C086E1B9805\handlerfix70700en00.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\Users\paul\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - C:\Users\paul\AppData\Local\Temp\f5tmp\urTermProxy.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - C:\Users\paul\AppData\Local\Temp\f5tmp\urxhost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FA9592D-E2BB-4777-A3C9-80EA6E797A6A}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E5FBC06-FD49-493D-99CE-6F217D4AD159}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{2FA9592D-E2BB-4777-A3C9-80EA6E797A6A}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLM\System\CS4\Services\Tcpip\..\{2FA9592D-E2BB-4777-A3C9-80EA6E797A6A}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLM\System\CS5\Services\Tcpip\..\{2FA9592D-E2BB-4777-A3C9-80EA6E797A6A}: NameServer = 194.168.4.100,194.168.8.100
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll,avgrs
stx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: getPlus® Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 18991 bytes

Managed to get a full GMER log overnight (attached) - pc still a nightmare (took over hr to open browser up to log on) - please help..

Also had a firewall block for an .exe called malware.unruy ???

Attached Files

GMER Log.txt 220.8KB 114 downloads

#2
Essexboy

Posted 25 September 2010 - 07:21 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there lets see what we can find

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#3
Delboy24

Posted 25 September 2010 - 12:58 PM

New Member

Topic Starter
Member
9 posts

Hi,

Thx for the response:

I had real trouble running cf until i managed after 3 attempts to get it to run in safe mode (lots of blue screen crashes).

I couldnt download directly as all links were re-directing to all different sites (random blogs etc not warez or false av sites).

Hope the attached helps, it ran once and said it had picked up a rootkit then crashed something TLD? Srry screen flashed up and crashed - I did a quick check and it internet said it was Alureon? rootkit variant or something?

Thx in advance

Del

ComboFix 10-09-24.05 - paul 25/09/2010 19:03:20.2.4 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2654 [GMT 1:00]
Running from: c:\users\paul\Desktop\ComboFix.exe
SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\paul\AppData\Roaming\Ugely\monoo.exe
c:\windows\Fonts\GXiyN36P.com
.
---- Previous Run -------
.
c:\hp\KBD\KbdStub.EXE
c:\hp\support\hpsysdrv.exe
c:\progra~1\AVG\AVG9\avgtray.exe
c:\progra~1\COMMON~1\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe
c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
c:\program files\Common Files\Nero\Lib\NeroCheck.exe
c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
c:\program files\HP\HP Software Update\HPWuSchd2.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
c:\program files\iTunes\iTunesHelper.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
c:\program files\Nokia\Nokia Music\NokiaMusic.exe
c:\program files\QuickTime\QTTask.exe
c:\program files\Samsung\Kies\KiesTrayAgent.exe
c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
c:\program files\ScanSoft\PaperPort\IndexSearch.exe
c:\program files\ScanSoft\PaperPort\pptd40nt.exe
c:\program files\Spyware Doctor\pctsTray.exe
c:\program files\WinPCap\LICENSE
c:\users\paul\.COMMgr\complmgr.exe
c:\users\paul\AppData\Roaming\4423FE6CD6270E7CCE876C086E1B9805\enemies-names.txt
c:\users\paul\AppData\Roaming\4423FE6CD6270E7CCE876C086E1B9805\local.ini
c:\users\paul\AppData\Roaming\4423FE6CD6270E7CCE876C086E1B9805\lsrslt.ini
c:\users\paul\AppData\Roaming\AnyDVDPatcher.exe
c:\users\paul\AppData\Roaming\inst.exe
c:\users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk
c:\users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk
c:\users\paul\AppData\Roaming\Ugely\monoo.exe
c:\users\Public\Documents\Server\admin.txt
c:\users\Public\Documents\Server\server.dat
c:\windows\system32\muzapp.exe

----- File Replicators -----

c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut10_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut11_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut12_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut13_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut14_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut15_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut17_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut18_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut19_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut21_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut22_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut23_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut24_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut25_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut26_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut27_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut28_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut29_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut3_0218AAEC43E544B98DA57039780956CE.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut3_F30B5B541F7D4207BF3032ED8CAF6640.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut30_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut31_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut32_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut33_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut34_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut35_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut36_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut37_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut38_47E27EA8BEDD4AA5BDCE96890FF02974.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut39_47E27EA8BEDD4AA5BDCE96890FF02974.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut4_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut40_47E27EA8BEDD4AA5BDCE96890FF02974.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut41_47E27EA8BEDD4AA5BDCE96890FF02974.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut42_47E27EA8BEDD4AA5BDCE96890FF02974.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut44_F1C1272DFEE64B24862C01F4959997E2.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut5_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut7_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut8_E2CBBE559A074AF98E8596196B075190.exe
c:\windows\Installer\{2FA28330-2028-4033-BD10-425C87EB4D54}\NewShortcut9_E2CBBE559A074AF98E8596196B075190.exe
.
-- Previous Run --

Infected copy of c:\windows\system32\DRIVERS\cdrom.sys was found and disinfected
Restored copy from - Kitty had a snack

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!explorer.exe

Infected copy of c:\windows\System32\wininit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

--------

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GoogleDesktopManager-051210-111108

((((((((((((((((((((((((( Files Created from 2010-08-25 to 2010-09-25 )))))))))))))))))))))))))))))))
.

2010-09-25 18:10 . 2010-09-25 18:10 -------- d-----w- c:\users\paul\AppData\Local\temp
2010-09-25 18:10 . 2010-09-25 18:10 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-25 18:10 . 2010-09-25 18:10 -------- d-----w- c:\users\postgres\AppData\Local\temp
2010-09-25 18:10 . 2010-09-25 18:10 -------- d-----w- c:\users\Po\AppData\Local\temp
2010-09-25 18:10 . 2010-09-25 18:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-25 18:02 . 2010-09-25 18:02 -------- d-----w- C:\32788R22FWJFW
2010-09-25 16:52 . 2009-04-11 04:39 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-09-25 16:26 . 2010-09-25 16:26 1690952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-09-23 08:45 . 2010-09-23 08:45 122368 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ymuq.exe
2010-09-23 08:45 . 2010-09-23 08:45 122368 ----a-w- c:\users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\gehyte.exe
2010-09-23 08:45 . 2010-09-23 08:45 122368 ----a-w- c:\users\Po\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\usyfe.exe
2010-09-22 16:48 . 2010-07-28 11:55 4608 ----a-w- c:\users\paul\AppData\Roaming\Samsung\Kies\UpdateTemp\en-GB\MCS.Thunder.Update.resources.dll
2010-09-22 16:48 . 2010-07-28 11:55 9728 ----a-w- c:\users\paul\AppData\Roaming\Samsung\Kies\UpdateTemp\Interop.CmdAgentLib.dll
2010-09-22 16:48 . 2010-07-28 11:49 48128 ----a-w- c:\users\paul\AppData\Roaming\Samsung\Kies\UpdateTemp\MSC.Thunder.Update.Util.dll
2010-09-22 16:48 . 2010-07-28 11:49 204288 ----a-w- c:\users\paul\AppData\Roaming\Samsung\Kies\UpdateTemp\CabLib.dll
2010-09-22 16:48 . 2010-07-28 11:49 6656 ----a-w- c:\users\paul\AppData\Roaming\Samsung\Kies\UpdateTemp\MSC.Thunder.UAC.dll
2010-09-22 16:48 . 2010-07-28 11:49 12288 ----a-w- c:\users\paul\AppData\Roaming\Samsung\Kies\UpdateTemp\AdminCmdAgent.dll
2010-09-22 16:48 . 2010-07-28 11:56 265528 ----a-w- c:\users\paul\AppData\Roaming\Samsung\Kies\UpdateTemp\MCS.Thunder.Update.exe
2010-09-15 06:38 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 06:38 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 06:38 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 06:38 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-11 15:24 . 2010-09-11 15:24 -------- d-----w- c:\program files\EasyPHP-5.3.3
2010-09-11 15:14 . 2010-09-11 15:14 -------- d-----w- c:\program files\Apex Pacific
2010-09-10 17:42 . 2010-02-05 08:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-09-10 17:42 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-09-10 17:42 . 2010-03-29 09:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-09-10 17:42 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-10 17:42 . 2010-04-08 13:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-09-10 17:42 . 2010-09-25 17:15 -------- d-----w- c:\program files\Spyware Doctor
2010-09-10 17:42 . 2010-09-10 17:42 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-10 17:42 . 2010-09-10 17:42 -------- d-----w- c:\users\paul\AppData\Roaming\PC Tools
2010-09-10 17:42 . 2010-09-10 17:42 -------- d-----w- c:\programdata\PC Tools
2010-09-04 16:11 . 2010-09-10 17:32 6354522 ----a-w- c:\users\paul\AppData\Roaming\Affilorama\TrafficTravisv3\temp\traffic_travis.exe
2010-09-04 16:05 . 2010-09-10 17:32 1157632 ----a-w- c:\users\paul\AppData\Roaming\Affilorama\TrafficTravisv3\temp\ACR4Convert.exe
2010-09-04 16:05 . 2010-09-04 16:05 -------- d-----w- c:\users\paul\AppData\Roaming\Affilorama
2010-09-04 16:05 . 2010-09-10 17:32 -------- d-----w- c:\program files\Traffic Travis v3
2010-09-04 13:39 . 2010-09-04 15:44 -------- d-----w- c:\users\paul\DoctorWeb
2010-09-03 21:37 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2010-09-03 21:37 . 2010-06-23 12:51 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-09-03 21:37 . 2010-06-23 12:51 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-09-03 21:37 . 2010-06-23 12:51 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-09-03 21:23 . 2010-09-03 21:39 -------- d-----w- c:\windows\system32\ZoneLabs
2010-09-03 21:23 . 2010-09-03 21:23 -------- d-----w- c:\program files\Zone Labs
2010-09-03 21:23 . 2010-05-15 15:30 457304 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2010-09-03 21:22 . 2010-09-03 21:22 -------- d-----w- c:\programdata\CheckPoint
2010-09-03 21:22 . 2010-09-25 18:03 -------- d-----w- c:\windows\Internet Logs
2010-09-02 21:22 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-02 21:22 . 2010-09-25 17:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-02 21:22 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-02 20:38 . 2010-09-02 20:38 120 ----a-w- c:\users\paul\AppData\Local\Qkuxuq.dat
2010-09-02 20:38 . 2010-09-02 20:38 0 ----a-w- c:\users\paul\AppData\Local\Shudunogew.bin
2010-09-02 20:38 . 2010-09-02 20:38 -------- d-----w- c:\users\paul\AppData\Local\{DBD8D0E4-E9C8-4ED5-BA6A-B4B3BFD6B130}
2010-09-02 20:37 . 2010-09-02 21:36 -------- d-----w- c:\users\paul\AppData\Local\nannqhqof
2010-08-31 22:12 . 2010-08-31 22:12 -------- d-----w- C:\$AVG
2010-08-31 22:06 . 2010-08-31 22:06 -------- d-----w- c:\users\paul\AppData\Local\AVG Security Toolbar
2010-08-31 21:47 . 2010-06-30 13:22 2102600 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2010-08-31 21:12 . 2010-08-31 21:12 -------- d-----w- c:\users\paul\AppData\Roaming\GlarySoft
2010-08-31 21:12 . 2010-08-31 21:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-31 21:12 . 2010-08-31 21:12 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-31 21:12 . 2010-08-31 21:12 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-31 21:12 . 2010-08-31 21:12 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-31 21:12 . 2010-09-22 17:21 -------- d-----w- c:\windows\system32\drivers\Avg
2010-08-31 21:12 . 2010-08-31 21:47 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-08-31 21:10 . 2010-08-31 21:10 -------- d-----w- c:\program files\AVG
2010-08-31 21:09 . 2010-08-31 21:10 -------- d-----w- c:\programdata\avg9
2010-08-31 20:17 . 2010-08-31 20:17 -------- d-----w- c:\programdata\Uniblue
2010-08-31 20:17 . 2010-08-31 20:17 -------- d-----w- c:\users\paul\AppData\Roaming\Uniblue
2010-08-31 20:15 . 2009-08-24 20:08 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2010-08-29 17:23 . 2010-08-29 17:49 -------- d-----w- c:\program files\TwitterBlasterPro
2010-08-29 16:40 . 2010-08-29 16:40 184076 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-29 16:28 . 2010-08-29 16:27 53632 ----a-w- c:\users\paul\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-29 16:16 . 2010-08-29 16:16 -------- d-----w- c:\users\paul\AppData\Roaming\com.mesiablabs.Hummingbird.DD96D946B68711898AC52ED9549DF79715E23D9C.1

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-25 17:15 . 2009-09-05 17:59 -------- d-----w- c:\program files\QuickTime
2010-09-25 17:15 . 2009-09-05 18:03 -------- d-----w- c:\program files\iTunes
2010-09-25 15:55 . 2010-09-25 15:58 1902592 ----a-w- c:\windows\Internet Logs\xDBF41E.tmp
2010-09-23 08:56 . 2008-04-11 23:59 -------- d-----w- c:\users\paul\AppData\Roaming\Duoqa
2010-09-22 20:07 . 2010-09-23 08:31 509440 ----a-w- c:\windows\Internet Logs\xDBEBD4.tmp
2010-09-22 19:06 . 2010-09-22 19:06 53825 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_09_22_19_54_06_small.dmp.zip
2010-09-22 16:47 . 2008-01-08 23:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-22 16:16 . 2009-08-25 12:06 -------- d-----w- c:\program files\Samsung
2010-09-22 16:14 . 2009-08-25 12:08 -------- d-----w- c:\program files\PC Connectivity Solution
2010-09-22 16:12 . 2009-08-25 12:08 -------- d-----w- c:\users\paul\AppData\Roaming\Samsung
2010-09-22 16:12 . 2010-08-15 16:21 -------- d-----w- c:\programdata\Samsung
2010-09-22 16:12 . 2010-08-15 16:01 -------- d-----w- c:\program files\Common Files\Samsung
2010-09-16 02:04 . 2008-04-01 07:56 -------- d-----w- c:\programdata\Microsoft Help
2010-09-16 02:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-15 16:44 . 2009-12-20 13:02 -------- d-----w- c:\users\paul\AppData\Roaming\FileZilla
2010-09-10 19:55 . 2008-04-03 21:13 -------- d-----w- c:\users\paul\AppData\Roaming\Vso
2010-09-10 17:34 . 2008-03-31 17:44 -------- d-----w- c:\programdata\Google Updater
2010-09-09 16:06 . 2008-01-08 23:26 -------- d-----w- c:\program files\Hewlett-Packard
2010-09-09 16:01 . 2008-01-08 23:45 -------- d---a-w- c:\program files\Common Files\LightScribe
2010-09-03 23:09 . 2009-06-30 18:57 -------- d-----w- c:\programdata\NOS
2010-09-03 23:06 . 2008-10-26 10:56 -------- d-----w- c:\program files\DVDFab 5
2010-09-03 21:39 . 2010-09-03 21:23 420800 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-09-03 21:05 . 2009-10-15 18:09 262144 ----a-w- C:\ntuser.dat
2010-09-03 17:44 . 2009-03-04 22:06 -------- d-----w- c:\users\paul\AppData\Roaming\Xesuti
2010-09-02 21:36 . 2009-09-17 17:11 -------- d-----w- c:\users\paul\AppData\Roaming\Awzaa
2010-08-31 20:02 . 2009-09-05 14:52 -------- d-----w- c:\program files\McAfee
2010-08-31 20:02 . 2009-09-05 14:50 -------- d-----w- c:\programdata\McAfee
2010-08-31 20:02 . 2009-09-05 14:52 -------- d-----w- c:\program files\Common Files\McAfee
2010-08-31 19:47 . 2008-03-31 18:53 1356 ----a-w- c:\users\paul\AppData\Local\d3d9caps.dat
2010-08-30 09:39 . 2009-10-27 07:49 -------- d-----w- c:\program files\StumbleUpon
2010-08-29 21:46 . 2008-10-30 08:36 -------- d-----w- c:\users\paul\AppData\Roaming\Ofepb
2010-08-29 16:28 . 2009-10-10 19:51 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-29 16:27 . 2009-10-10 19:51 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-24 18:14 . 2010-08-24 18:14 -------- d-----w- c:\users\paul\AppData\Roaming\ubot
2010-08-23 19:04 . 2010-08-23 19:02 -------- d-----w- c:\users\paul\AppData\Roaming\vlc
2010-08-23 18:58 . 2008-07-29 20:28 -------- d-----w- c:\program files\VideoLAN
2010-08-13 02:29 . 2009-06-13 19:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-13 02:10 . 2008-01-08 23:48 -------- d-----w- c:\program files\Microsoft Works
2010-08-06 18:01 . 2009-06-25 19:41 -------- d-----w- c:\users\paul\AppData\Roaming\Nokia
2010-08-06 17:46 . 2010-08-06 17:46 -------- d-----w- c:\programdata\Nokia
2010-08-06 17:37 . 2010-08-06 17:37 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-08-06 17:37 . 2010-08-06 17:37 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-08-06 17:31 . 2010-08-06 17:31 -------- d-----w- c:\program files\Common Files\PCSuite
2010-08-06 17:31 . 2009-06-25 19:35 -------- d-----w- c:\program files\Common Files\Nokia
2010-08-06 17:31 . 2009-06-25 19:25 -------- d-----w- c:\program files\Nokia
2010-08-06 17:29 . 2010-08-06 17:31 36365624 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_eng_web (1).exe
2010-08-06 17:25 . 2009-06-25 19:33 -------- d-----w- c:\program files\DIFX
2010-08-06 17:16 . 2010-08-06 17:16 95232 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\pcswpcsi.exe
2010-08-06 17:16 . 2010-08-06 17:16 61440 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-08-06 17:16 . 2010-08-06 17:16 10240 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCS.exe
2010-08-06 17:15 . 2010-08-06 17:15 8192 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstCCD.exe
2010-08-06 17:15 . 2010-08-06 17:15 -------- d-----w- c:\programdata\Installations
2010-08-06 17:15 . 2010-08-06 17:16 36365624 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_eng_web.exe
2010-08-06 17:12 . 2010-08-06 17:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2010-08-05 17:09 . 2010-08-05 17:09 -------- d-----w- c:\programdata\eBay
2010-08-05 17:09 . 2010-08-05 17:09 -------- d-----w- c:\program files\eBay
2010-08-05 11:21 . 2010-08-02 16:30 -------- d-----w- c:\users\paul\AppData\Roaming\Mozilla-Cache
2010-07-27 14:57 . 2010-07-27 14:57 49152 ----a-r- c:\windows\system32\inetwh32.dll
2010-07-27 14:57 . 2010-07-27 14:57 1044480 ----a-r- c:\windows\system32\roboex32.dll
2010-07-26 13:17 . 2010-07-26 13:17 95568 ----a-w- c:\windows\system32\dgdersvc.exe
2010-07-26 13:17 . 2010-07-26 13:17 726352 ----a-w- c:\windows\system32\dgderapi.dll
2010-07-26 13:17 . 2010-07-26 13:17 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2010-07-26 13:17 . 2010-07-26 13:17 18136 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2010-07-26 13:15 . 2009-08-25 12:09 36640 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2010-07-26 13:15 . 2009-08-25 12:09 217088 ----a-w- c:\windows\system32\FsUsbExService.Exe
2010-07-15 13:45 . 2010-07-15 13:45 187128 ----a-w- c:\users\paul\AppData\Roaming\Virgin Broadband\advisor\downloads\VirginDetectionScriptsBundle.41.zip.dir\tools\NetworkFinder.signed.exe
2010-07-14 20:31 . 2010-07-14 20:31 15360 ----a-w- c:\users\paul\AppData\Roaming\Samsung\Kies-OutlookAddIn\KiesOutlookAddin.dll
2010-07-06 20:02 . 2010-07-06 20:02 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbAD61.tmp.exe
2010-07-06 19:41 . 2008-03-30 20:29 111232 ----a-w- c:\users\paul\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-06 18:43 . 2010-07-06 18:43 92 ----a-w- c:\users\paul\AppData\Local\fusioncache.dat
2010-07-23 17:50 . 2010-05-03 08:40 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-01-08 23:03 . 2008-01-08 22:58 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

<pre>
c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl .exe
c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray .exe
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray .exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier .exe
c:\program files\Common Files\Nero\Lib\NeroCheck .exe
c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
c:\program files\Google\Google Desktop Search\GoogleDesktop .exe
c:\program files\Google\Quick Search Box\GoogleQuickSearchBox .exe
c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan .exe
c:\program files\Nokia\Nokia Music\NokiaMusic .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\Samsung\Kies\KiesTrayAgent .exe
c:\program files\ScanSoft\PaperPort\IndexSearch .exe
c:\program files\ScanSoft\PaperPort\pptd40nt .exe
c:\program files\ScanSoft\PaperPort\Ereg\Ereg .exe
c:\program files\Spyware Doctor\pctsTray .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-31 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-03-17 2387968]
"Google Update"="c:\users\paul\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-08-15 133104]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-10-26 160592]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [N/A]
"DriverScanner"="c:\program files\Uniblue\DriverScanner\launcher.exe" [N/A]
"COM+ Manager"="c:\users\paul\.COMMgr\complmgr.exe" [N/A]
"{7F4B9A1A-2678-4DE3-1131-0B6A67FE4652}"="c:\users\paul\AppData\Roaming\Ugely\monoo.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [N/A]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [N/A]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [N/A]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2009-07-25 55072]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [N/A]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [N/A]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [N/A]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [N/A]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [N/A]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [N/A]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [N/A]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [N/A]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [N/A]
"KBD"="c:\hp\KBD\KbdStub.EXE" [N/A]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [N/A]
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [N/A]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [N/A]
"NPSStartup"="" [N/A]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [N/A]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [N/A]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-10 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-10 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-10 88608]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [N/A]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [N/A]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [N/A]
"Adobe_ID0ENQBO"="c:\progra~1\COMMON~1\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe" [N/A]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [N/A]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [N/A]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [N/A]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [N/A]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"<NO NAME>"="" [N/A]

c:\users\Po\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
usyfe.exe [2010-9-23 122368]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ymuq.exe [2010-9-23 122368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\roadangelclient]
2008-04-30 17:05 307200 ----a-w- c:\program files\Road Angel\RoadAngelClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-31 216400]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-31 308136]
R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-07-26 95568]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-26 217088]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-04-26 517040]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-06-30 431432]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 406016]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-07-26 18136]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-07-26 36640]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2007-10-01 1129344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
R3 pbfilter;pbfilter;c:\users\paul\Documents\Downloads\PeerBlock_r181__Win32_Release_(Vista)\pbfilter.sys [2009-09-28 16472]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2008-11-11 23096]
R3 SndTVideo;SndTVideo;c:\windows\system32\DRIVERS\SndTVideo.sys [2008-11-11 3768]
R3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [2010-04-07 120232]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-07-23 716272]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-08-31 243024]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-09-24 464384]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 14:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-09-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-31 08:11]

2010-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 18:12]

2010-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 18:12]

2010-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2392193440-2477452000-396362505-1000Core.job
- c:\users\paul\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-15 09:04]

2010-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2392193440-2477452000-396362505-1000UA.job
- c:\users\paul\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-15 09:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://dpbuk.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
TCP: {2FA9592D-E2BB-4777-A3C9-80EA6E797A6A} = 194.168.4.100,194.168.8.100
TCP: {9E5FBC06-FD49-493D-99CE-6F217D4AD159} = 194.168.4.100,194.168.8.100
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
FF - ProfilePath - c:\users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\v03y8lsw.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\paul\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {DBD8D0E4-E9C8-4ED5-BA6A-B4B3BFD6B130} - c:\users\paul\AppData\Local\{DBD8D0E4-E9C8-4ED5-BA6A-B4B3BFD6B130}

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-25 19:10
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
COM+ Manager = "c:\users\paul\.COMMgr\complmgr.exe"?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-2392193440-2477452000-396362505-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7C7EEFAA-0C66-6908-CDA0-7E93BCDB98D3}*]
"oaebhklhccnpodiceoeoabmjcbkpbh"=hex:6a,61,64,69,61,65,63,65,70,65,67,6d,6f,64,
63,6c,6e,65,6b,66,00,52
"naobnimngnkfafkhkmhbjmpjamca"=hex:6a,61,64,69,61,65,63,65,70,65,67,6d,6f,64,
63,6c,6e,65,6b,66,00,52

[HKEY_USERS\S-1-5-21-2392193440-2477452000-396362505-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:50,d7,7d,ce,05,da,24,55,50,c5,7e,56,6d,6e,4e,18,86,52,6c,f9,d6,f4,55,
01,f1,bf,93,2f,a7,c5,7b,e3,0a,40,be,13,30,c1,d2,2c,60,f9,9a,0a,bd,85,b3,18,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-25 19:12:13
ComboFix-quarantined-files.txt 2010-09-25 18:12
ComboFix2.txt 2010-06-01 11:50

Pre-Run: 165,496,512,512 bytes free
Post-Run: 165,396,381,696 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - EBEAB8AA0F46844B7403C7BEBC936796

Attached Files

Combofix Log.txt 42.1KB 173 downloads

Edited by Essexboy, 25 September 2010 - 01:07 PM.

#4
Essexboy

Posted 25 September 2010 - 01:19 PM

GeekU Moderator

Retired Staff
69,964 posts

This is one badly infected system - yes the TDSS rootkit has now gone but there is more to remove

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ymuq.exe
c:\users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\gehyte.exe
c:\users\Po\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\usyfe.exe
c:\users\paul\AppData\Local\Qkuxuq.dat
c:\users\paul\AppData\Local\Shudunogew.bin
c:\users\paul\AppData\Roaming\com.mesiablabs.Hummingbird.DD96D946B68711898AC52ED9549DF79715E23D9C.1

Folder::
c:\users\paul\AppData\Local\nannqhqof
c:\users\paul\AppData\Roaming\Xesuti
c:\users\paul\AppData\Roaming\Awzaa
c:\users\paul\AppData\Roaming\Duoqa
c:\users\paul\.COMMgr
c:\users\paul\AppData\Roaming\Ugely

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COM+ Manager"=-
"{7F4B9A1A-2678-4DE3-1131-0B6A67FE4652}"=-

Renv::
c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl .exe
c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray .exe
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray .exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier .exe
c:\program files\Common Files\Nero\Lib\NeroCheck .exe
c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
c:\program files\Google\Google Desktop Search\GoogleDesktop .exe
c:\program files\Google\Quick Search Box\GoogleQuickSearchBox .exe
c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan .exe
c:\program files\Nokia\Nokia Music\NokiaMusic .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\Samsung\Kies\KiesTrayAgent .exe
c:\program files\ScanSoft\PaperPort\IndexSearch .exe
c:\program files\ScanSoft\PaperPort\pptd40nt .exe
c:\program files\ScanSoft\PaperPort\Ereg\Ereg .exe
c:\program files\Spyware Doctor\pctsTray .exe

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
A new OTListit log.

#5
Delboy24

Posted 25 September 2010 - 01:29 PM

New Member

Topic Starter
Member
9 posts

told you it was bad!!!

What is "A new OTListit log" - I have not seen this before?

#6
Essexboy

Posted 25 September 2010 - 01:32 PM

GeekU Moderator

Retired Staff
69,964 posts

Ooops I went in with the big guns first didn't I

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click on Minimal Output at the top
Select All Users
Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
Double click inside the Custom Scan box at the bottom
A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
Select scan.txt and click Open. Writing will now appear under the Custom Scan box
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

#7
Delboy24

Posted 25 September 2010 - 01:36 PM

New Member

Topic Starter
Member
9 posts

lol no worries - glad you can help.

Am I ok using a zip pen to get the downloads down and off onto my infected pc - my laptop is clean - just with issues over internet redirecting.

Am I likely to infect the laptop?

What have you seen so far in terms of "bad" or shouldnt i ask?

#8
Essexboy

Posted 25 September 2010 - 02:13 PM

GeekU Moderator

Retired Staff
69,964 posts

Is the laptop getting re-directs as well ? Do you use a router ?

Do the following on the laptop and ensure that the pen drive you are going to use is plugged in

1 - Flash Drive Disinfector
Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.

Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

#9
Delboy24

Posted 25 September 2010 - 04:34 PM

New Member

Topic Starter
Member
9 posts

Hi,

Here are my 3 logs:

Note: - Combo fix asked to submit files to the server for further analysis - I clicked ok, assume this was right??

ComboFix 10-09-24.05 - paul 25/09/2010 21:30:53.3.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.1865 [GMT 1:00]
Running from: c:\users\paul\Desktop\ComboFix.exe
Command switches used :: c:\users\paul\Desktop\CFScript.txt
SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ymuq.exe"
"c:\users\paul\AppData\Local\Qkuxuq.dat"
"c:\users\paul\AppData\Local\Shudunogew.bin"
"c:\users\paul\AppData\Roaming\com.mesiablabs.Hummingbird.DD96D946B68711898AC52ED9549DF79715E23D9C.1"
"c:\users\Po\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\usyfe.exe"
"c:\users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\gehyte.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ymuq.exe
c:\users\paul\AppData\Local\nannqhqof
c:\users\paul\AppData\Local\Qkuxuq.dat
c:\users\paul\AppData\Local\Shudunogew.bin
c:\users\paul\AppData\Roaming\Awzaa
c:\users\paul\AppData\Roaming\Duoqa
c:\users\paul\AppData\Roaming\Xesuti
c:\users\Po\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\usyfe.exe
c:\users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\gehyte.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-25 to 2010-09-25 )))))))))))))))))))))))))))))))
.

2010-09-25 20:47 . 2010-09-25 20:47 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-25 20:47 . 2010-09-25 20:47 -------- d-----w- c:\users\postgres\AppData\Local\temp
2010-09-25 20:47 . 2010-09-25 20:47 -------- d-----w- c:\users\Po\AppData\Local\temp
2010-09-25 20:47 . 2010-09-25 20:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-25 18:12 . 2010-09-25 20:52 -------- d-----w- c:\users\paul\AppData\Local\temp
2010-09-25 16:52 . 2009-04-11 04:39 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-09-15 06:38 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 06:38 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 06:38 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 06:38 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-11 15:24 . 2010-09-11 15:24 -------- d-----w- c:\program files\EasyPHP-5.3.3
2010-09-11 15:14 . 2010-09-11 15:14 -------- d-----w- c:\program files\Apex Pacific
2010-09-10 17:42 . 2010-02-05 08:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-09-10 17:42 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-09-10 17:42 . 2010-03-29 09:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-09-10 17:42 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-10 17:42 . 2010-04-08 13:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-09-10 17:42 . 2010-09-25 20:52 -------- d-----w- c:\program files\Spyware Doctor
2010-09-10 17:42 . 2010-09-10 17:42 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-10 17:42 . 2010-09-10 17:42 -------- d-----w- c:\users\paul\AppData\Roaming\PC Tools
2010-09-10 17:42 . 2010-09-10 17:42 -------- d-----w- c:\programdata\PC Tools
2010-09-04 16:05 . 2010-09-04 16:05 -------- d-----w- c:\users\paul\AppData\Roaming\Affilorama
2010-09-04 16:05 . 2010-09-10 17:32 -------- d-----w- c:\program files\Traffic Travis v3
2010-09-04 13:39 . 2010-09-04 15:44 -------- d-----w- c:\users\paul\DoctorWeb
2010-09-03 21:37 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2010-09-03 21:37 . 2010-06-23 12:51 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-09-03 21:37 . 2010-06-23 12:51 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-09-03 21:37 . 2010-06-23 12:51 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-09-03 21:23 . 2010-09-03 21:39 -------- d-----w- c:\windows\system32\ZoneLabs
2010-09-03 21:23 . 2010-09-03 21:23 -------- d-----w- c:\program files\Zone Labs
2010-09-03 21:23 . 2010-05-15 15:30 457304 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2010-09-03 21:22 . 2010-09-03 21:22 -------- d-----w- c:\programdata\CheckPoint
2010-09-03 21:22 . 2010-09-25 20:52 -------- d-----w- c:\windows\Internet Logs
2010-09-02 21:22 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-02 21:22 . 2010-09-25 20:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-02 21:22 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-02 20:38 . 2010-09-02 20:38 -------- d-----w- c:\users\paul\AppData\Local\{DBD8D0E4-E9C8-4ED5-BA6A-B4B3BFD6B130}
2010-08-31 22:12 . 2010-08-31 22:12 -------- d-----w- C:\$AVG
2010-08-31 22:06 . 2010-08-31 22:06 -------- d-----w- c:\users\paul\AppData\Local\AVG Security Toolbar
2010-08-31 21:12 . 2010-08-31 21:12 -------- d-----w- c:\users\paul\AppData\Roaming\GlarySoft
2010-08-31 21:12 . 2010-08-31 21:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-31 21:12 . 2010-08-31 21:12 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-31 21:12 . 2010-08-31 21:12 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-31 21:12 . 2010-08-31 21:12 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-31 21:12 . 2010-09-22 17:21 -------- d-----w- c:\windows\system32\drivers\Avg
2010-08-31 21:12 . 2010-08-31 21:47 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-08-31 21:10 . 2010-08-31 21:10 -------- d-----w- c:\program files\AVG
2010-08-31 21:09 . 2010-08-31 21:10 -------- d-----w- c:\programdata\avg9
2010-08-31 20:17 . 2010-08-31 20:17 -------- d-----w- c:\programdata\Uniblue
2010-08-31 20:17 . 2010-08-31 20:17 -------- d-----w- c:\users\paul\AppData\Roaming\Uniblue
2010-08-31 20:15 . 2009-08-24 20:08 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2010-08-29 17:23 . 2010-08-29 17:49 -------- d-----w- c:\program files\TwitterBlasterPro
2010-08-29 16:40 . 2010-08-29 16:40 184076 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-29 16:16 . 2010-08-29 16:16 -------- d-----w- c:\users\paul\AppData\Roaming\com.mesiablabs.Hummingbird.DD96D946B68711898AC52ED9549DF79715E23D9C.1

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-25 20:30 . 2009-09-05 18:03 -------- d-----w- c:\program files\iTunes
2010-09-25 20:30 . 2009-09-05 17:59 -------- d-----w- c:\program files\QuickTime
2010-09-22 16:47 . 2008-01-08 23:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-22 16:16 . 2009-08-25 12:06 -------- d-----w- c:\program files\Samsung
2010-09-22 16:14 . 2009-08-25 12:08 -------- d-----w- c:\program files\PC Connectivity Solution
2010-09-22 16:12 . 2009-08-25 12:08 -------- d-----w- c:\users\paul\AppData\Roaming\Samsung
2010-09-22 16:12 . 2010-08-15 16:21 -------- d-----w- c:\programdata\Samsung
2010-09-22 16:12 . 2010-08-15 16:01 -------- d-----w- c:\program files\Common Files\Samsung
2010-09-16 02:04 . 2008-04-01 07:56 -------- d-----w- c:\programdata\Microsoft Help
2010-09-16 02:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-15 16:44 . 2009-12-20 13:02 -------- d-----w- c:\users\paul\AppData\Roaming\FileZilla
2010-09-10 19:55 . 2008-04-03 21:13 -------- d-----w- c:\users\paul\AppData\Roaming\Vso
2010-09-10 17:34 . 2008-03-31 17:44 -------- d-----w- c:\programdata\Google Updater
2010-09-09 16:06 . 2008-01-08 23:26 -------- d-----w- c:\program files\Hewlett-Packard
2010-09-09 16:01 . 2008-01-08 23:45 -------- d---a-w- c:\program files\Common Files\LightScribe
2010-09-03 23:09 . 2009-06-30 18:57 -------- d-----w- c:\programdata\NOS
2010-09-03 23:06 . 2008-10-26 10:56 -------- d-----w- c:\program files\DVDFab 5
2010-09-03 21:39 . 2010-09-03 21:23 420800 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-09-03 21:05 . 2009-10-15 18:09 262144 ----a-w- C:\ntuser.dat
2010-08-31 20:02 . 2009-09-05 14:52 -------- d-----w- c:\program files\McAfee
2010-08-31 20:02 . 2009-09-05 14:50 -------- d-----w- c:\programdata\McAfee
2010-08-31 20:02 . 2009-09-05 14:52 -------- d-----w- c:\program files\Common Files\McAfee
2010-08-31 19:47 . 2008-03-31 18:53 1356 ----a-w- c:\users\paul\AppData\Local\d3d9caps.dat
2010-08-30 09:39 . 2009-10-27 07:49 -------- d-----w- c:\program files\StumbleUpon
2010-08-29 21:46 . 2008-10-30 08:36 -------- d-----w- c:\users\paul\AppData\Roaming\Ofepb
2010-08-29 16:28 . 2009-10-10 19:51 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-24 18:14 . 2010-08-24 18:14 -------- d-----w- c:\users\paul\AppData\Roaming\ubot
2010-08-23 19:04 . 2010-08-23 19:02 -------- d-----w- c:\users\paul\AppData\Roaming\vlc
2010-08-23 18:58 . 2008-07-29 20:28 -------- d-----w- c:\program files\VideoLAN
2010-08-13 02:29 . 2009-06-13 19:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-13 02:10 . 2008-01-08 23:48 -------- d-----w- c:\program files\Microsoft Works
2010-08-06 18:01 . 2009-06-25 19:41 -------- d-----w- c:\users\paul\AppData\Roaming\Nokia
2010-08-06 17:46 . 2010-08-06 17:46 -------- d-----w- c:\programdata\Nokia
2010-08-06 17:37 . 2010-08-06 17:37 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-08-06 17:37 . 2010-08-06 17:37 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-08-06 17:31 . 2010-08-06 17:31 -------- d-----w- c:\program files\Common Files\PCSuite
2010-08-06 17:31 . 2009-06-25 19:35 -------- d-----w- c:\program files\Common Files\Nokia
2010-08-06 17:31 . 2009-06-25 19:25 -------- d-----w- c:\program files\Nokia
2010-08-06 17:25 . 2009-06-25 19:33 -------- d-----w- c:\program files\DIFX
2010-08-06 17:15 . 2010-08-06 17:15 -------- d-----w- c:\programdata\Installations
2010-08-06 17:12 . 2010-08-06 17:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2010-08-05 17:09 . 2010-08-05 17:09 -------- d-----w- c:\programdata\eBay
2010-08-05 17:09 . 2010-08-05 17:09 -------- d-----w- c:\program files\eBay
2010-08-05 11:21 . 2010-08-02 16:30 -------- d-----w- c:\users\paul\AppData\Roaming\Mozilla-Cache
2010-07-27 14:57 . 2010-07-27 14:57 49152 ----a-r- c:\windows\system32\inetwh32.dll
2010-07-27 14:57 . 2010-07-27 14:57 1044480 ----a-r- c:\windows\system32\roboex32.dll
2010-07-26 13:17 . 2010-07-26 13:17 95568 ----a-w- c:\windows\system32\dgdersvc.exe
2010-07-26 13:17 . 2010-07-26 13:17 726352 ----a-w- c:\windows\system32\dgderapi.dll
2010-07-26 13:17 . 2010-07-26 13:17 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2010-07-26 13:17 . 2010-07-26 13:17 18136 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2010-07-26 13:15 . 2009-08-25 12:09 36640 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2010-07-26 13:15 . 2009-08-25 12:09 217088 ----a-w- c:\windows\system32\FsUsbExService.Exe
2010-07-06 19:41 . 2008-03-30 20:29 111232 ----a-w- c:\users\paul\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-06 18:43 . 2010-07-06 18:43 92 ----a-w- c:\users\paul\AppData\Local\fusioncache.dat
2010-07-23 17:50 . 2010-05-03 08:40 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-01-08 23:03 . 2008-01-08 22:58 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-31 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-03-17 2387968]
"Google Update"="c:\users\paul\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-08-15 133104]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-10-26 160592]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2010-07-28 3365176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [BU]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2009-07-25 55072]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-08 68592]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-02-26 2376992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NPSStartup"="" [BU]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-10 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-10 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-10 88608]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"Adobe_ID0ENQBO"="c:\progra~1\COMMON~1\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe" [2008-08-15 378224]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-23 30192]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-31 2065760]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-05-11 1287120]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2010-07-28 3365176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-23 17:50 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\roadangelclient]
2008-04-30 17:05 307200 ----a-w- c:\program files\Road Angel\RoadAngelClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-06-30 431432]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 406016]
R3 pbfilter;pbfilter;c:\users\paul\Documents\Downloads\PeerBlock_r181__Win32_Release_(Vista)\pbfilter.sys [2009-09-28 16472]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2008-11-11 23096]
R3 SndTVideo;SndTVideo;c:\windows\system32\DRIVERS\SndTVideo.sys [2008-11-11 3768]
R3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [2010-04-07 120232]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-07-23 716272]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-31 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-08-31 243024]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-31 308136]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-07-26 95568]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-26 217088]
S2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-04-26 517040]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-07-26 18136]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-07-26 36640]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2007-10-01 1129344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-09-24 464384]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 14:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-09-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-31 08:11]

2010-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 18:12]

2010-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 18:12]

2010-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2392193440-2477452000-396362505-1000Core.job
- c:\users\paul\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-15 09:04]

2010-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2392193440-2477452000-396362505-1000UA.job
- c:\users\paul\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-15 09:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://dpbuk.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
TCP: {2FA9592D-E2BB-4777-A3C9-80EA6E797A6A} = 194.168.4.100,194.168.8.100
TCP: {9E5FBC06-FD49-493D-99CE-6F217D4AD159} = 194.168.4.100,194.168.8.100
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
FF - ProfilePath - c:\users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\v03y8lsw.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\paul\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {DBD8D0E4-E9C8-4ED5-BA6A-B4B3BFD6B130} - c:\users\paul\AppData\Local\{DBD8D0E4-E9C8-4ED5-BA6A-B4B3BFD6B130}

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DriverScanner - c:\program files\Uniblue\DriverScanner\launcher.exe
HKLM-Run-hpsysdrv - c:\hp\support\hpsysdrv.exe
HKLM-Run-KBD - c:\hp\KBD\KbdStub.EXE

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-2392193440-2477452000-396362505-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7C7EEFAA-0C66-6908-CDA0-7E93BCDB98D3}*]
"oaebhklhccnpodiceoeoabmjcbkpbh"=hex:6a,61,64,69,61,65,63,65,70,65,67,6d,6f,64,
63,6c,6e,65,6b,66,00,52
"naobnimngnkfafkhkmhbjmpjamca"=hex:6a,61,64,69,61,65,63,65,70,65,67,6d,6f,64,
63,6c,6e,65,6b,66,00,52

[HKEY_USERS\S-1-5-21-2392193440-2477452000-396362505-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:50,d7,7d,ce,05,da,24,55,50,c5,7e,56,6d,6e,4e,18,86,52,6c,f9,d6,f4,55,
01,f1,bf,93,2f,a7,c5,7b,e3,0a,40,be,13,30,c1,d2,2c,60,f9,9a,0a,bd,85,b3,18,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(780)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'Explorer.exe'(4296)
c:\windows\system32\cscapi.dll
c:\windows\system32\FunDisc.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\crypserv.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\schtasks.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\windows\System32\rundll32.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2010-09-25 22:08:25 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-25 21:08
ComboFix2.txt 2010-09-25 18:12
ComboFix3.txt 2010-06-01 11:50

Pre-Run: 165,379,141,632 bytes free
Post-Run: 165,325,361,152 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 892C33C63E3B601C8E8283022957EBF7

OTL logfile created on: 25/09/2010 22:20:44 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\paul\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.37 Gb Total Space | 153.81 Gb Free Space | 33.78% Space Free | Partition Type: NTFS
Drive D: | 10.39 Gb Total Space | 1.41 Gb Free Space | 13.60% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 399.96 Gb Free Space | 85.87% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 465.75 Gb Total Space | 45.15 Gb Free Space | 9.69% Space Free | Partition Type: NTFS
Drive M: | 247.21 Mb Total Space | 239.99 Mb Free Space | 97.08% Space Free | Partition Type: FAT

Computer Name: ADMIN
Current User Name: paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\paul\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
PRC - c:\hp\HPEZBTN\HPBtnSrv.exe ()
PRC - C:\Windows\System32\lxdicoms.exe ( )
PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)

========== Modules (SafeList) ==========

MOD - C:\Users\paul\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files\Spyware Doctor\smum32.dll (PC Tools)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll (Microsoft Corporation)
MOD - C:\Windows\System32\PortableDeviceApi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Windows\System32\WMVCORE.DLL (Microsoft Corporation)
MOD - C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\System32\networkexplorer.dll (Microsoft Corporation)
MOD - C:\Windows\System32\SLC.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msshsq.dll (Microsoft Corporation)
MOD - C:\Windows\System32\EhStorAPI.dll (Microsoft Corporation)
MOD - C:\Windows\System32\EhStorShell.dll (Microsoft Corporation)
MOD - C:\Windows\System32\davclnt.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveNew.dll (Microsoft Corporation)
MOD - C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
MOD - C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll (Adobe Systems Incorporated)
MOD - C:\Windows\System32\WMASF.DLL (Microsoft Corporation)
MOD - C:\Windows\System32\thumbcache.dll (Microsoft Corporation)
MOD - C:\Windows\System32\ntlanman.dll (Microsoft Corporation)
MOD - C:\Windows\System32\duser.dll (Microsoft Corporation)
MOD - C:\Windows\System32\actxprxy.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\System32\drprov.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (getPlus® Helper) getPlus® -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe File not found
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (dgdersvc) -- C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (StumbleUponUpdateService) -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe (stumbleupon.com)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (DfSdkS) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe (mst software GmbH, Germany)
SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (HPBtnSrv) -- c:\hp\HPEZBTN\HPBtnSrv.exe ()
SRV - (lxdi_device) -- C:\Windows\System32\lxdicoms.exe ( )
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)

========== Driver Services (SafeList) ==========

DRV - (vsdatant7) -- C:\Windows\System32\drivers\vsdatant.win7.sys File not found
DRV - (RPSKT) Security Services Driver (x86) -- C:\Windows\System32\DRIVERS\rp_skt32.sys File not found
DRV - (pgfilter) -- C:\Program Files\PeerGuardian2\pgfilter.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\RaInfo.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (pbfilter) -- C:\Users\paul\Documents\Downloads\PeerBlock_r181__Win32_Release_(Vista)\pbfilter.sys ()
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (SndTVideo) -- C:\Windows\System32\drivers\SndTVideo.sys (Windows ® 2000 DDK provider)
DRV - (SndTAudio) -- C:\Windows\System32\drivers\SndTAudio.sys (Windows ® Codename Longhorn DDK provider)
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (HCW85BDA) -- C:\Windows\System32\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (BrSerIf) -- C:\Windows\System32\drivers\BrSerIf.sys (Brother Industries Ltd.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (BrUsbSer) -- C:\Windows\System32\drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (NetworkX) -- C:\Windows\system32\ckldrv.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dpbuk.co.uk/
IE - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092

IE - HKU\S-1-5-21-2392193440-2477452000-396362505-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKU\S-1-5-21-2392193440-2477452000-396362505-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: avg@igeared:4.906.030.002
FF - prefs.js..extensions.enabledItems: {DBD8D0E4-E9C8-4ED5-BA6A-B4B3BFD6B130}:1.9.1
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.3
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.6.6
FF - prefs.js..extensions.enabledItems: [email protected]:3.2
FF - prefs.js..extensions.enabledItems: {fae5bcbc-dd73-439a-a15e-5b9ff39c0e9b}:1.1.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.4
FF - prefs.js..extensions.enabledItems: {6b6601f1-361e-4b9f-bb6d-f8305000e4f6}:0.9.20.03
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20100827

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/08/06 18:31:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/08/31 22:11:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/08/31 22:12:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{DBD8D0E4-E9C8-4ED5-BA6A-B4B3BFD6B130}: C:\Users\paul\AppData\Local\{DBD8D0E4-E9C8-4ED5-BA6A-B4B3BFD6B130} [2010/09/02 21:38:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/21 19:39:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/21 19:39:55 | 000,000,000 | ---D | M]

[2009/11/24 14:31:53 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Mozilla\Extensions
[2010/09/22 11:36:57 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\v03y8lsw.default\extensions
[2010/09/03 20:17:15 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\v03y8lsw.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/09/03 20:17:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\v03y8lsw.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/09/03 20:18:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\v03y8lsw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/22 11:36:56 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\v03y8lsw.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010/09/05 13:35:07 | 000,000,000 | ---D | M] (googlebar) -- C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\v03y8lsw.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}
[2010/09/03 20:17:14 | 000,000,000 | ---D | M] (KeywordSpyâ„¢ SEO/PPC) -- C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\v03y8lsw.default\extensions\{fae5bcbc-dd73-439a-a15e-5b9ff39c0e9b}
[2010/09/03 20:17:14 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\v03y8lsw.default\extensions\[email protected]
[2010/09/08 15:39:29 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\v03y8lsw.default\extensions\[email protected]
[2010/09/03 20:17:14 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\v03y8lsw.default\extensions\[email protected]
[2010/09/22 11:33:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/23 01:29:54 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/23 01:29:54 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/23 01:29:54 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/23 01:29:54 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/09/25 21:50:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Nokia FastStart] C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe (Nokia)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2392193440-2477452000-396362505-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-2392193440-2477452000-396362505-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll (iOpus Software GmbH)
O9 - Extra 'Tools' menuitem : iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Value error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O9 - Extra 'Tools' menuitem : PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-2392193440-2477452000-396362505-1002\..Trusted Ranges: Range1 ([http] in )
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\paul\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab (F5 Networks Auto Update)
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} C:\Users\paul\AppData\Local\Temp\f5tmp\urTermProxy.cab (F5 Networks SSLTunnel)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\paul\AppData\Local\Temp\f5tmp\urxhost.cab (F5 Networks Host Control)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.co...inAxControl.CAB (Reg Error: Key error.)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Users\paul\Desktop\anastasia391600x1200.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/09 00:46:34 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.at3 - C:\Windows\System32\atrac3.acm ()
Drivers32: msacm.divxa32 - C:\Windows\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.hfyu - C:\Windows\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.vp60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/09/25 21:50:37 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/09/25 21:20:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/09/25 21:15:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\paul\Desktop\OTL.exe
[2010/09/25 19:12:15 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\temp
[2010/09/25 17:16:17 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/09/25 17:16:17 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/09/25 17:16:17 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/09/25 17:15:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/22 18:11:37 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/09/15 17:39:21 | 000,000,000 | ---D | C] -- C:\Users\paul\Desktop\thesis
[2010/09/13 18:37:58 | 000,000,000 | ---D | C] -- C:\Users\paul\Desktop\Pushchair Photos
[2010/09/12 19:18:35 | 000,000,000 | ---D | C] -- C:\Users\paul\Desktop\Malina
[2010/09/12 16:58:54 | 000,000,000 | ---D | C] -- C:\Users\paul\Desktop\AzonTheme
[2010/09/11 16:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\EasyPHP-5.3.3
[2010/09/11 16:15:47 | 000,000,000 | ---D | C] -- C:\Users\paul\Documents\xGenSEO
[2010/09/11 16:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\Apex Pacific
[2010/09/11 16:11:28 | 000,000,000 | ---D | C] -- C:\Users\paul\Desktop\XgenSEO
[2010/09/10 18:42:45 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/09/10 18:42:45 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/09/10 18:42:36 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/09/10 18:42:36 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/09/10 18:42:30 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/09/10 18:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/09/10 18:42:13 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\PC Tools
[2010/09/10 18:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/09/10 18:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/09/04 17:05:29 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\Affilorama
[2010/09/04 17:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\Traffic Travis v3
[2010/09/04 14:39:29 | 000,000,000 | ---D | C] -- C:\Users\paul\DoctorWeb
[2010/09/03 22:23:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\ZoneLabs
[2010/09/03 22:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/09/03 22:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010/09/03 22:22:38 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010/09/02 22:22:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/02 22:22:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/02 22:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/02 21:38:29 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\{DBD8D0E4-E9C8-4ED5-BA6A-B4B3BFD6B130}
[2010/08/31 23:12:05 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/08/31 23:06:32 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\AVG Security Toolbar
[2010/08/31 22:12:25 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\GlarySoft
[2010/08/31 22:12:24 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/08/31 22:12:22 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/08/31 22:12:16 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/08/31 22:12:15 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/08/31 22:12:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/08/31 22:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/08/31 22:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/08/31 22:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/08/31 21:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2010/08/31 21:17:29 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\Uniblue
[2010/08/31 21:15:18 | 000,028,160 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\System32\DfSdkBt.exe
[2010/08/29 18:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\TwitterBlasterPro
[2010/08/29 18:22:14 | 000,000,000 | ---D | C] -- C:\Users\paul\Desktop\Twitter Automation
[2010/08/29 17:16:21 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\com.mesiablabs.Hummingbird.DD96D946B68711898AC52ED9549DF79715E23D9C.1
[2010/08/27 17:04:09 | 000,000,000 | ---D | C] -- C:\Users\paul\Desktop\instadigi-2.4.2
[2010/08/24 19:14:53 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\ubot
[2010/08/24 19:14:45 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\Xenocode
[2010/08/24 19:10:22 | 000,000,000 | ---D | C] -- C:\Users\paul\Desktop\Forum Profile Creator
[2010/08/23 20:02:04 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\vlc
[2010/08/22 19:51:47 | 000,000,000 | ---D | C] -- C:\Users\paul\Desktop\Cute Rabbits
[2010/08/16 19:06:14 | 000,000,000 | ---D | C] -- C:\Users\paul\Documents\Turbo Lister Backup
[2010/08/16 16:36:40 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\assembly
[2010/08/15 18:00:35 | 000,000,000 | ---D | C] -- C:\Users\paul\Documents\Samsung
[2010/08/15 17:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2010/08/15 17:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Samsung
[2010/08/15 16:57:08 | 000,000,000 | ---D | C] -- C:\Users\paul\Desktop\Samsung Photos
[2010/08/08 18:48:49 | 000,000,000 | ---D | C] -- C:\Users\paul\Documents\Turbo Lister
[2010/08/06 18:49:43 | 000,000,000 | ---D | C] -- C:\Users\paul\Desktop\Nokia 5800 Backup
[2010/08/06 18:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia
[2010/08/06 18:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2010/08/06 18:25:33 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010/08/06 18:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2010/08/05 18:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\eBay
[2010/08/05 18:09:06 | 000,000,000 | ---D | C] -- C:\Program Files\eBay
[2010/08/02 17:30:35 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\Mozilla-Cache
[2010/07/27 15:57:18 | 001,044,480 | R--- | C] (eHelp Corporation.) -- C:\Windows\System32\roboex32.dll
[2010/07/27 15:57:18 | 000,049,152 | R--- | C] (Blue Sky Software Corporation.) -- C:\Windows\System32\inetwh32.dll
[2010/07/26 14:18:38 | 000,569,344 | ---- | C] (© MusicCity) -- C:\Windows\System32\muzdecode.ax
[2010/07/26 14:18:38 | 000,491,520 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzapp.dll
[2010/07/26 14:18:38 | 000,352,256 | ---- | C] (Sample Corporation) -- C:\Windows\System32\MSLUR71.dll
[2010/07/26 14:18:38 | 000,258,048 | ---- | C] (© PeeringPortal) -- C:\Windows\System32\muzoggsp.ax
[2010/07/26 14:18:38 | 000,245,760 | ---- | C] (Teruten Inc.) -- C:\Windows\System32\MSCLib.dll
[2010/07/26 14:18:38 | 000,243,576 | ---- | C] ((주)마크애니) -- C:\Windows\System32\MASetupCaller.dll
[2010/07/26 14:18:38 | 000,200,704 | ---- | C] ( © MusicCity) -- C:\Windows\System32\muzwmts.dll
[2010/07/26 14:18:38 | 000,155,648 | ---- | C] (Teruten Inc.) -- C:\Windows\System32\MSFLib.dll
[2010/07/26 14:18:38 | 000,135,168 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzaf1.dll
[2010/07/26 14:18:38 | 000,131,072 | ---- | C] (© MusicCity) -- C:\Windows\System32\muzmpgsp.ax
[2010/07/26 14:18:38 | 000,122,880 | ---- | C] (© MUSICCITY) -- C:\Windows\System32\muzeffect.ax
[2010/07/26 14:18:38 | 000,118,784 | ---- | C] ((주)마크애니) -- C:\Windows\System32\MaDRM.dll
[2010/07/26 14:18:38 | 000,110,592 | ---- | C] (© MusicCity) -- C:\Windows\System32\muzmp4sp.ax
[2010/07/26 14:18:38 | 000,057,344 | ---- | C] (Marktek) -- C:\Windows\System32\MK_Lyric.dll
[2010/07/26 14:18:38 | 000,057,344 | ---- | C] (Marktek Inc.) -- C:\Windows\System32\MTXSYNCICON.dll
[2010/07/26 14:18:38 | 000,049,152 | ---- | C] ((주) 마크애니) -- C:\Windows\System32\MaJGUILib.dll
[2010/07/26 14:18:38 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\Windows\System32\MaXMLProto.dll
[2010/07/26 14:18:38 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\Windows\System32\MACXMLProto.dll
[2010/07/26 14:18:38 | 000,040,960 | ---- | C] (마크애니연구소) -- C:\Windows\System32\MAMACExtract.dll
[2010/07/26 14:18:38 | 000,040,960 | ---- | C] (Telechips Inc.,) -- C:\Windows\System32\MTTELECHIP.dll
[2010/07/26 14:18:38 | 000,024,576 | ---- | C] ((주)마크애니) -- C:\Windows\System32\MASetupCleaner.exe
[2010/07/26 14:17:06 | 000,726,352 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2010/07/26 14:17:06 | 000,095,568 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgdersvc.exe
[2010/07/26 14:17:06 | 000,018,136 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys
[2010/07/18 09:12:18 | 000,000,000 | ---D | C] -- C:\Users\paul\Desktop\Mini Lops
[2010/07/11 14:50:06 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\CoffeeCup Software
[2010/07/11 14:49:41 | 000,000,000 | ---D | C] -- C:\Users\paul\Documents\CoffeeCup Software
[2010/07/11 14:49:36 | 000,233,472 | ---- | C] (Creative Development LTD) -- C:\Windows\System32\Ilda32.dll
[2010/07/11 14:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\CoffeeCup Software
[2010/07/06 19:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/07/06 19:42:47 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\ApplicationHistory
[2010/07/06 19:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Pinnacle
[2010/07/06 19:37:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2010/06/29 16:31:32 | 000,000,000 | ---D | C] -- C:\Users\paul\KironRaceViewer
[2008/04/03 22:13:55 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\paul\AppData\Roaming\pcouffin.sys
[2007/04/12 20:05:06 | 000,614,400 | ---- | C] ( ) -- C:\Windows\System32\lxdipmui.dll
[2007/04/12 20:03:34 | 001,187,840 | ---- | C] ( ) -- C:\Windows\System32\lxdiserv.dll
[2007/04/12 19:58:30 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdicomm.dll
[2007/04/12 19:58:24 | 000,532,480 | ---- | C] ( ) -- C:\Windows\System32\lxdilmpm.dll
[2007/04/12 19:57:42 | 000,671,744 | ---- | C] ( ) -- C:\Windows\System32\lxdihbn3.dll
[2007/04/12 19:56:28 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdipplc.dll
[2007/04/12 19:56:10 | 000,942,080 | ---- | C] ( ) -- C:\Windows\System32\lxdiusb1.dll
[2007/04/12 19:55:32 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxdicomc.dll
[2007/04/12 19:52:38 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdiiesc.dll
[2007/04/12 19:52:32 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdiinpa.dll
[2007/04/12 19:51:38 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdiprox.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/25 22:25:09 | 005,242,880 | -HS- | M] () -- C:\Users\paul\ntuser.dat
[2010/09/25 22:21:16 | 000,706,818 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/25 22:21:16 | 000,611,010 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/25 22:21:16 | 000,109,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/25 22:17:29 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/09/25 22:17:07 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/25 22:15:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/25 22:15:03 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/25 22:15:02 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/25 22:14:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/25 22:14:53 | 415,872,735 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/25 22:12:41 | 006,291,456 | -H-- | M] () -- C:\Users\paul\AppData\Local\IconCache.db
[2010/09/25 22:00:10 | 065,288,245 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/09/25 21:50:57 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/09/25 21:50:28 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/09/25 21:47:56 | 000,524,288 | -HS- | M] () -- C:\Users\paul\ntuser.dat{72c52a62-8935-11df-bfeb-001e8c765f76}.TMContainer00000000000000000001.regtrans-ms
[2010/09/25 21:47:56 | 000,065,536 | -HS- | M] () -- C:\Users\paul\ntuser.dat{72c52a62-8935-11df-bfeb-001e8c765f76}.TM.blf
[2010/09/25 21:46:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2392193440-2477452000-396362505-1000UA.job
[2010/09/25 21:27:51 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/25 21:16:55 | 000,002,039 | ---- | M] () -- C:\Users\paul\Desktop\Google Chrome.lnk
[2010/09/25 21:16:55 | 000,002,001 | ---- | M] () -- C:\Users\paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/25 20:41:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\paul\Desktop\OTL.exe
[2010/09/25 17:12:06 | 003,852,394 | R--- | M] () -- C:\Users\paul\Desktop\ComboFix.exe
[2010/09/22 20:46:00 | 000,000,850 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2392193440-2477452000-396362505-1000Core.job
[2010/09/22 17:48:07 | 000,001,746 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2010/09/22 17:12:10 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2010/09/22 14:11:33 | 000,031,186 | ---- | M] () -- C:\Users\paul\Documents\SAMSUNG GALAXY S.docx
[2010/09/18 13:15:16 | 000,211,119 | ---- | M] () -- C:\Users\paul\Desktop\img045.jpg
[2010/09/18 13:15:12 | 000,162,814 | ---- | M] () -- C:\Users\paul\Desktop\img046.jpg
[2010/09/18 13:15:04 | 000,178,431 | ---- | M] () -- C:\Users\paul\Desktop\img047.jpg
[2010/09/11 18:09:17 | 000,001,030 | ---- | M] () -- C:\Users\paul\Application Data\Microsoft\Internet Explorer\Quick Launch\xGenSEO.Patched - Shortcut.lnk
[2010/09/11 17:48:40 | 001,386,747 | ---- | M] () -- C:\Users\paul\Desktop\xgenseohelp.pdf
[2010/09/11 16:57:42 | 000,001,744 | ---- | M] () -- C:\Users\paul\Desktop\EasyPHP 5.3.3.lnk
[2010/09/10 20:55:02 | 000,000,668 | ---- | M] () -- C:\Users\paul\AppData\Roaming\vso_ts_preview.xml
[2010/09/10 19:42:23 | 000,024,064 | ---- | M] () -- C:\Users\paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/10 19:13:09 | 000,071,146 | ---- | M] () -- C:\Users\paul\Desktop\graco niche.xlsx
[2010/09/10 18:32:20 | 000,000,860 | ---- | M] () -- C:\Users\paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Traffic Travis.lnk
[2010/09/10 18:32:20 | 000,000,836 | ---- | M] () -- C:\Users\paul\Desktop\Traffic Travis.lnk
[2010/09/09 17:12:47 | 000,171,525 | ---- | M] () -- C:\Users\paul\Desktop\7_Traffic_Methods_Report.pdf
[2010/09/09 16:44:11 | 002,930,072 | ---- | M] () -- C:\Users\paul\Desktop\Amazonian_Profit_Plan.pdf
[2010/09/08 17:28:21 | 001,820,188 | ---- | M] () -- C:\Users\paul\Desktop\niche_site_formula.pdf
[2010/09/08 16:28:52 | 000,000,804 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.bak
[2010/09/06 20:00:57 | 001,178,659 | ---- | M] () -- C:\Users\paul\Desktop\InstantRankingFormula.pdf
[2010/09/06 19:57:37 | 000,859,665 | ---- | M] () -- C:\Users\paul\Desktop\RBLinkDatabase.pdf
[2010/09/03 22:39:34 | 000,420,800 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010/09/03 22:39:12 | 000,000,873 | ---- | M] () -- C:\Users\paul\Desktop\ZoneAlarm Security.lnk
[2010/09/03 22:05:18 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2010/09/03 22:05:17 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{6326c0d6-b787-11df-89fe-001e8c765f76}.TMContainer00000000000000000002.regtrans-ms
[2010/09/03 22:05:17 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{6326c0d6-b787-11df-89fe-001e8c765f76}.TMContainer00000000000000000001.regtrans-ms
[2010/09/03 22:05:17 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{6326c0d6-b787-11df-89fe-001e8c765f76}.TM.blf
[2010/09/03 19:52:21 | 000,001,750 | ---- | M] () -- C:\Users\paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/03 19:52:21 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/09/03 19:28:32 | 000,000,036 | ---- | M] () -- C:\Users\paul\AppData\Local\housecall.guid.cache
[2010/09/03 18:09:46 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/09/02 22:22:34 | 000,000,838 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/01 18:47:06 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/09/01 18:18:16 | 000,002,439 | ---- | M] () -- C:\Users\Public\Desktop\TwitterBlasterPro.lnk
[2010/08/31 22:12:25 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/08/31 22:12:25 | 000,001,649 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/08/31 22:12:23 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/08/31 22:12:17 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/08/31 22:12:16 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/08/31 22:12:15 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/08/31 21:15:18 | 000,000,931 | ---- | M] () -- C:\Users\paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo WinOptimizer 6.lnk
[2010/08/31 20:47:18 | 000,001,356 | ---- | M] () -- C:\Users\paul\AppData\Local\d3d9caps.dat
[2010/08/29 22:57:00 | 000,224,256 | ---- | M] () -- C:\Users\paul\Documents\manage panic attacks.msam
[2010/08/29 18:22:04 | 000,153,600 | ---- | M] () -- C:\Users\paul\Documents\rabbit forum.msam
[2010/08/29 17:40:38 | 000,184,076 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2010/08/29 17:16:21 | 000,000,287 | ---- | M] () -- C:\Users\paul\Documents\hb2-setings.json
[2010/08/27 17:33:44 | 000,008,229 | ---- | M] () -- C:\Users\paul\Desktop\index_body.html
[2010/08/23 20:15:44 | 012,198,734 | ---- | M] () -- C:\Users\paul\Desktop\fg-usage.flv
[2010/08/23 19:59:07 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/08/23 19:32:10 | 006,165,629 | ---- | M] () -- C:\Users\paul\Desktop\fg-install.flv
[2010/08/22 21:29:22 | 004,538,153 | ---- | M] () -- C:\Users\paul\Desktop\Bunny Forum.mp3
[2010/08/22 21:22:12 | 000,911,960 | ---- | M] () -- C:\Users\paul\Desktop\Tooth-Fairy-Certificate-Printable.pdf
[2010/08/21 14:49:22 | 000,036,352 | ---- | M] () -- C:\Users\paul\Documents\Pages Indexed.doc
[2010/08/16 16:57:22 | 000,010,871 | ---- | M] () -- C:\Users\paul\Desktop\inventory 15.05.10.xlsx
[2010/08/13 03:30:15 | 002,330,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/13 03:07:29 | 000,000,355 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010/08/06 18:37:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010/08/06 18:37:25 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/08/06 18:31:57 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2010/08/06 18:12:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2010/08/05 18:09:32 | 000,001,916 | ---- | M] () -- C:\Users\Public\Desktop\eBay Turbo Lister 2.lnk
[2010/08/05 18:09:02 | 000,001,581 | ---- | M] () -- C:\Users\paul\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay Turbo Lister 2.lnk
[2010/07/27 15:57:18 | 001,044,480 | R--- | M] (eHelp Corporation.) -- C:\Windows\System32\roboex32.dll
[2010/07/27 15:57:18 | 000,049,152 | R--- | M] (Blue Sky Software Corporation.) -- C:\Windows\System32\inetwh32.dll
[2010/07/26 14:18:38 | 000,974,848 | ---- | M] () -- C:\Windows\System32\cis-2.4.dll
[2010/07/26 14:18:38 | 000,569,344 | ---- | M] (© MusicCity) -- C:\Windows\System32\muzdecode.ax
[2010/07/26 14:18:38 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzapp.dll
[2010/07/26 14:18:38 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\Windows\System32\MSLUR71.dll
[2010/07/26 14:18:38 | 000,258,048 | ---- | M] (© PeeringPortal) -- C:\Windows\System32\muzoggsp.ax
[2010/07/26 14:18:38 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\Windows\System32\MSCLib.dll
[2010/07/26 14:18:38 | 000,243,576 | ---- | M] ((주)마크애니) -- C:\Windows\System32\MASetupCaller.dll
[2010/07/26 14:18:38 | 000,200,704 | ---- | M] ( © MusicCity) -- C:\Windows\System32\muzwmts.dll
[2010/07/26 14:18:38 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\Windows\System32\MSFLib.dll
[2010/07/26 14:18:38 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzaf1.dll
[2010/07/26 14:18:38 | 000,131,072 | ---- | M] (© MusicCity) -- C:\Windows\System32\muzmpgsp.ax
[2010/07/26 14:18:38 | 000,122,880 | ---- | M] (© MUSICCITY) -- C:\Windows\System32\muzeffect.ax
[2010/07/26 14:18:38 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\Windows\System32\MaDRM.dll
[2010/07/26 14:18:38 | 000,110,592 | ---- | M] (© MusicCity) -- C:\Windows\System32\muzmp4sp.ax
[2010/07/26 14:18:38 | 000,081,920 | ---- | M] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2010/07/26 14:18:38 | 000,065,536 | ---- | M] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2010/07/26 14:18:38 | 000,057,344 | ---- | M] (Marktek) -- C:\Windows\System32\MK_Lyric.dll
[2010/07/26 14:18:38 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\Windows\System32\MTXSYNCICON.dll
[2010/07/26 14:18:38 | 000,057,344 | ---- | M] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010/07/26 14:18:38 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\Windows\System32\MaJGUILib.dll
[2010/07/26 14:18:38 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\System32\MaXMLProto.dll
[2010/07/26 14:18:38 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\System32\MACXMLProto.dll
[2010/07/26 14:18:38 | 000,040,960 | ---- | M] (마크애니연구소) -- C:\Windows\System32\MAMACExtract.dll
[2010/07/26 14:18:38 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\Windows\System32\MTTELECHIP.dll
[2010/07/26 14:18:38 | 000,024,576 | ---- | M] ((주)마크애니) -- C:\Windows\System32\MASetupCleaner.exe
[2010/07/26 14:17:06 | 000,726,352 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2010/07/26 14:17:06 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgdersvc.exe
[2010/07/26 14:17:06 | 000,018,136 | ---- | M] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys
[2010/07/26 14:15:26 | 000,217,088 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
[2010/07/26 14:15:26 | 000,036,640 | ---- | M] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/07/24 13:49:07 | 001,908,760 | ---- | M] () -- C:\Users\paul\Desktop\ToyStory3_Cover.jpg
[2010/07/15 03:04:28 | 000,002,609 | ---- | M] () -- C:\Users\paul\Desktop\Access 2007.lnk
[2010/07/11 14:50:44 | 000,000,826 | ---- | M] () -- C:\Users\paul\Application Data\Microsoft\Internet Explorer\Quick Launch\CoffeeCup HTML Editor.lnk
[2010/07/11 14:50:44 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\CoffeeCup HTML Editor.lnk
[2010/07/11 14:38:16 | 000,026,624 | ---- | M] () -- C:\Users\paul\Documents\PL mainpage.doc
[2010/07/06 20:41:11 | 000,111,232 | ---- | M] () -- C:\Users\paul\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/06 20:36:41 | 000,524,288 | -HS- | M] () -- C:\Users\paul\ntuser.dat{72c52a62-8935-11df-bfeb-001e8c765f76}.TMContainer00000000000000000002.regtrans-ms
[2010/07/06 19:43:23 | 000,000,092 | ---- | M] () -- C:\Users\paul\AppData\Local\fusioncache.dat
[2010/07/04 10:38:39 | 000,000,166 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010/07/02 17:19:53 | 000,524,288 | -HS- | M] () -- C:\Users\paul\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/07/02 17:19:53 | 000,065,536 | -HS- | M] () -- C:\Users\paul\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/25 17:16:17 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/25 17:16:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/09/25 17:16:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/25 17:16:17 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/25 17:16:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/25 17:11:57 | 003,852,394 | R--- | C] () -- C:\Users\paul\Desktop\ComboFix.exe
[2010/09/22 19:26:49 | 000,293,376 | ---- | C] () -- C:\Users\paul\Desktop\gmer.exe
[2010/09/22 19:10:55 | 415,872,735 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/09/22 17:48:07 | 000,001,746 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2010/09/22 13:55:47 | 000,031,186 | ---- | C] () -- C:\Users\paul\Documents\SAMSUNG GALAXY S.docx
[2010/09/18 13:12:37 | 000,178,431 | ---- | C] () -- C:\Users\paul\Desktop\img047.jpg
[2010/09/18 13:12:22 | 000,162,814 | ---- | C] () -- C:\Users\paul\Desktop\img046.jpg
[2010/09/18 13:12:08 | 000,211,119 | ---- | C] () -- C:\Users\paul\Desktop\img045.jpg
[2010/09/11 18:09:17 | 000,001,030 | ---- | C] () -- C:\Users\paul\Application Data\Microsoft\Internet Explorer\Quick Launch\xGenSEO.Patched - Shortcut.lnk
[2010/09/11 17:48:40 | 001,386,747 | ---- | C] () -- C:\Users\paul\Desktop\xgenseohelp.pdf
[2010/09/11 16:57:42 | 000,001,744 | ---- | C] () -- C:\Users\paul\Desktop\EasyPHP 5.3.3.lnk
[2010/09/10 18:42:45 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/09/10 18:42:36 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/09/10 18:42:36 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/09/10 18:42:30 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/09/09 17:12:47 | 000,171,525 | ---- | C] () -- C:\Users\paul\Desktop\7_Traffic_Methods_Report.pdf
[2010/09/09 16:44:10 | 002,930,072 | ---- | C] () -- C:\Users\paul\Desktop\Amazonian_Profit_Plan.pdf
[2010/09/08 21:34:25 | 000,071,146 | ---- | C] () -- C:\Users\paul\Desktop\graco niche.xlsx
[2010/09/08 17:28:20 | 001,820,188 | ---- | C] () -- C:\Users\paul\Desktop\niche_site_formula.pdf
[2010/09/06 20:00:57 | 001,178,659 | ---- | C] () -- C:\Users\paul\Desktop\InstantRankingFormula.pdf
[2010/09/06 19:57:37 | 000,859,665 | ---- | C] () -- C:\Users\paul\Desktop\RBLinkDatabase.pdf
[2010/09/04 17:05:30 | 000,000,860 | ---- | C] () -- C:\Users\paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Traffic Travis.lnk
[2010/09/04 17:05:30 | 000,000,836 | ---- | C] () -- C:\Users\paul\Desktop\Traffic Travis.lnk
[2010/09/04 14:32:52 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2010/09/03 22:39:12 | 000,000,873 | ---- | C] () -- C:\Users\paul\Desktop\ZoneAlarm Security.lnk
[2010/09/03 22:23:38 | 000,420,800 | -H-- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010/09/03 22:05:04 | 000,524,288 | -HS- | C] () -- C:\ntuser.dat{6326c0d6-b787-11df-89fe-001e8c765f76}.TMContainer00000000000000000002.regtrans-ms
[2010/09/03 22:05:04 | 000,524,288 | -HS- | C] () -- C:\ntuser.dat{6326c0d6-b787-11df-89fe-001e8c765f76}.TMContainer00000000000000000001.regtrans-ms
[2010/09/03 22:05:04 | 000,065,536 | -HS- | C] () -- C:\ntuser.dat{6326c0d6-b787-11df-89fe-001e8c765f76}.TM.blf
[2010/09/03 19:52:21 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/09/03 19:28:32 | 000,000,036 | ---- | C] () -- C:\Users\paul\AppData\Local\housecall.guid.cache
[2010/09/03 18:09:46 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/02 22:22:34 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/31 22:12:25 | 000,001,649 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/08/31 22:12:15 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/08/31 22:12:14 | 065,288,245 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/29 22:47:35 | 000,224,256 | ---- | C] () -- C:\Users\paul\Documents\manage panic attacks.msam
[2010/08/29 18:23:11 | 000,002,439 | ---- | C] () -- C:\Users\Public\Desktop\TwitterBlasterPro.lnk
[2010/08/29 17:40:38 | 000,184,076 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/08/29 17:40:30 | 000,153,600 | ---- | C] () -- C:\Users\paul\Documents\rabbit forum.msam
[2010/08/29 17:16:21 | 000,000,287 | ---- | C] () -- C:\Users\paul\Documents\hb2-setings.json
[2010/08/27 17:33:44 | 000,008,229 | ---- | C] () -- C:\Users\paul\Desktop\index_body.html
[2010/08/23 20:11:55 | 012,198,734 | ---- | C] () -- C:\Users\paul\Desktop\fg-usage.flv
[2010/08/23 19:59:07 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/08/23 19:30:10 | 006,165,629 | ---- | C] () -- C:\Users\paul\Desktop\fg-install.flv
[2010/08/22 21:02:07 | 000,911,960 | ---- | C] () -- C:\Users\paul\Desktop\Tooth-Fairy-Certificate-Printable.pdf
[2010/08/22 20:05:30 | 004,538,153 | ---- | C] () -- C:\Users\paul\Desktop\Bunny Forum.mp3
[2010/08/21 14:49:22 | 000,036,352 | ---- | C] () -- C:\Users\paul\Documents\Pages Indexed.doc
[2010/08/15 16:55:09 | 000,002,006 | ---- | C] () -- C:\aqua_bitmap.cpp
[2010/08/08 19:07:33 | 000,010,871 | ---- | C] () -- C:\Users\paul\Desktop\inventory 15.05.10.xlsx
[2010/08/06 18:37:26 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010/08/06 18:37:25 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/08/06 18:36:51 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2010/08/06 18:31:57 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2010/08/06 18:12:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2010/08/05 18:09:32 | 000,001,916 | ---- | C] () -- C:\Users\Public\Desktop\eBay Turbo Lister 2.lnk
[2010/08/05 18:09:02 | 000,001,581 | ---- | C] () -- C:\Users\paul\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay Turbo Lister 2.lnk
[2010/07/26 14:18:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2010/07/26 14:18:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2010/07/26 14:18:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2010/07/26 14:18:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010/07/24 13:49:07 | 001,908,760 | ---- | C] () -- C:\Users\paul\Desktop\ToyStory3_Cover.jpg
[2010/07/11 14:50:44 | 000,000,826 | ---- | C] () -- C:\Users\paul\Application Data\Microsoft\Internet Explorer\Quick Launch\CoffeeCup HTML Editor.lnk
[2010/07/11 14:50:44 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\CoffeeCup HTML Editor.lnk
[2010/07/11 14:38:15 | 000,026,624 | ---- | C] () -- C:\Users\paul\Documents\PL mainpage.doc
[2010/07/06 20:36:41 | 000,524,288 | -HS- | C] () -- C:\Users\paul\ntuser.dat{72c52a62-8935-11df-bfeb-001e8c765f76}.TMContainer00000000000000000002.regtrans-ms
[2010/07/06 20:36:41 | 000,524,288 | -HS- | C] () -- C:\Users\paul\ntuser.dat{72c52a62-8935-11df-bfeb-001e8c765f76}.TMContainer00000000000000000001.regtrans-ms
[2010/07/06 20:36:41 | 000,065,536 | -HS- | C] () -- C:\Users\paul\ntuser.dat{72c52a62-8935-11df-bfeb-001e8c765f76}.TM.blf
[2010/07/06 19:43:23 | 000,000,092 | ---- | C] () -- C:\Users\paul\AppData\Local\fusioncache.dat
[2010/04/01 20:11:01 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/01/01 11:30:35 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/12/29 10:13:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/12/19 12:47:09 | 000,478,208 | ---- | C] () -- C:\Users\paul\AppData\Roaming\TweetAdder
[2009/09/26 10:36:07 | 000,343,224 | ---- | C] () -- C:\Windows\System32\iimds.dll
[2009/09/26 10:36:07 | 000,233,144 | ---- | C] () -- C:\Windows\System32\IMImage.dll
[2009/09/26 10:36:07 | 000,057,016 | ---- | C] () -- C:\Windows\System32\imsys.dll
[2009/09/26 10:36:07 | 000,014,848 | ---- | C] () -- C:\Windows\System32\iimir.dll
[2009/09/26 09:42:16 | 000,004,096 | -H-- | C] () -- C:\Users\paul\AppData\Local\keyfile3.drm
[2009/08/25 13:09:22 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009/08/25 13:09:22 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009/07/04 16:12:32 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/07/04 16:05:41 | 000,000,025 | ---- | C] () -- C:\Windows\CDE SX400DEFGIPS.ini
[2009/04/08 22:59:51 | 000,000,355 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/09/01 08:42:03 | 000,245,760 | ---- | C] () -- C:\Windows\System32\SGSchemeXml.dll
[2008/09/01 08:42:03 | 000,221,184 | ---- | C] () -- C:\Windows\System32\SGSchemeManager.dll
[2008/09/01 08:42:03 | 000,118,784 | ---- | C] () -- C:\Windows\System32\SGSchemeXP.dll
[2008/09/01 08:42:02 | 000,212,992 | R--- | C] () -- C:\Windows\System32\SGSchemeConfig.dll
[2008/09/01 08:42:02 | 000,176,128 | ---- | C] () -- C:\Windows\System32\SGSchemeDefault.dll
[2008/09/01 08:42:02 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SGCom32.dll
[2008/08/24 10:32:52 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/08/24 10:32:52 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/08/24 10:30:39 | 000,000,226 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2008/08/24 10:30:39 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2008/08/24 10:24:31 | 000,000,009 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2008/08/24 10:24:30 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2008/08/24 10:21:34 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2008/07/26 10:59:58 | 000,000,105 | ---- | C] () -- C:\ProgramData\lxdi
[2008/07/25 07:43:37 | 000,000,064 | ---- | C] () -- C:\Windows\Crypkey.ini
[2008/07/25 07:43:34 | 000,031,654 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2008/07/25 07:43:34 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2008/07/23 20:58:55 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2008/07/23 20:58:55 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2008/07/23 20:58:55 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2008/07/23 20:58:55 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2008/07/13 17:35:17 | 000,000,986 | ---- | C] () -- C:\Users\paul\AppData\Local\7F68A003.il
[2008/07/13 17:35:17 | 000,000,280 | ---- | C] () -- C:\Users\paul\AppData\Local\IndexIE_7F68A003.il
[2008/06/18 14:59:56 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/05/29 13:16:14 | 000,282,624 | ---- | C] () -- C:\Windows\System32\SGList32.dll
[2008/05/29 13:16:10 | 000,278,528 | ---- | C] () -- C:\Windows\System32\SGTool32.dll
[2008/05/29 13:16:06 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SGIntl32.dll
[2008/05/29 13:16:04 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SGHelp32.dll
[2008/05/29 13:16:04 | 000,073,728 | ---- | C] () -- C:\Windows\System32\SGDt32.dll
[2008/05/29 13:15:04 | 000,237,568 | ---- | C] () -- C:\Windows\System32\SGWebBrowser.dll
[2008/05/18 17:49:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL
[2008/05/18 17:49:46 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL
[2008/05/18 17:49:26 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2008/05/18 17:49:26 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2008/04/09 23:34:55 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2008/04/03 22:19:10 | 000,000,166 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008/04/03 22:15:44 | 000,000,668 | ---- | C] () -- C:\Users\paul\AppData\Roaming\vso_ts_preview.xml
[2008/04/03 22:14:11 | 000,000,034 | ---- | C] () -- C:\Users\paul\AppData\Roaming\pcouffin.log
[2008/04/03 22:13:55 | 000,007,887 | ---- | C] () -- C:\Users\paul\AppData\Roaming\pcouffin.cat
[2008/04/03 22:13:55 | 000,001,144 | ---- | C] () -- C:\Users\paul\AppData\Roaming\pcouffin.inf
[2008/04/03 00:38:50 | 000,000,024 | ---- | C] () -- C:\Users\paul\AppData\Local\SkyNewsGadget.log
[2008/03/31 20:07:10 | 000,024,064 | ---- | C] () -- C:\Users\paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/31 19:53:37 | 000,001,356 | ---- | C] () -- C:\Users\paul\AppData\Local\d3d9caps.dat
[2008/02/28 15:30:08 | 000,008,784 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2008/02/02 21:39:56 | 003,114,496 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008/02/02 21:39:56 | 001,216,512 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/02/02 21:39:56 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2008/02/02 21:39:56 | 000,523,776 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2008/02/02 21:39:56 | 000,405,504 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008/02/02 21:39:56 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2008/02/02 21:39:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2008/02/02 21:39:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2008/02/02 21:39:56 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2008/02/02 21:39:56 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2008/02/02 21:39:56 | 000,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2008/02/02 21:39:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2008/02/02 21:39:56 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2008/02/02 21:39:56 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2008/02/02 21:39:56 | 000,081,408 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2008/02/02 21:39:56 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2008/02/02 21:39:56 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2008/02/02 21:39:56 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2008/02/02 21:39:56 | 000,008,192 | ---- | C] () -- C:\Windows\System32\FLT_ffdshow.dll
[2008/02/02 21:39:56 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/01/09 00:40:27 | 000,000,342 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/01/09 00:36:11 | 000,003,758 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2008/01/09 00:35:53 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2008/01/09 00:23:39 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/01/09 00:23:39 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/12/29 01:04:02 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2007/12/29 01:04:00 | 000,245,248 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2007/12/29 01:03:56 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2007/12/29 01:03:48 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2007/12/29 01:03:48 | 000,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2007/12/29 01:03:46 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2007/12/29 01:03:46 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2007/12/29 01:03:40 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2007/12/29 01:03:38 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2007/12/29 01:03:34 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2007/12/29 01:03:34 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2007/12/11 23:34:56 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/12/11 23:33:14 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2007/12/11 23:33:14 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2007/06/28 19:54:10 | 000,237,568 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/05/19 11:29:32 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Sage.Accounts.InstallHelper.dll
[2007/04/26 08:20:22 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdigrd.dll
[2007/03/30 16:13:24 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdicoin.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/01 07:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdivs.dll
[2005/03/26 16:01:34 | 000,049,152 | ---- | C] () -- C:\Windows\System32\rtjpg.dll
[2005/03/26 16:01:32 | 000,106,496 | ---- | C] () -- C:\Windows\System32\DSMyth.dll
[2005/03/26 16:01:28 | 000,180,224 | ---- | C] () -- C:\Windows\System32\MythSource.dll
[2005/02/14 15:27:30 | 001,069,056 | ---- | C] () -- C:\Windows\System32\libmySQL.dll

========== LOP Check ==========

[2010/09/04 17:05:29 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Affilorama
[2009/10/18 18:52:52 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Aleo Software
[2010/07/11 14:50:06 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\CoffeeCup Software
[2010/08/29 17:16:21 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\com.mesiablabs.Hummingbird.DD96D946B68711898AC52ED9549DF79715E23D9C.1
[2010/07/07 05:30:40 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\DAEMON Tools
[2010/07/07 05:30:40 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Disney Mix It Plug-in
[2009/07/04 20:22:40 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\EPSON
[2010/09/15 17:44:50 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\FileZilla
[2009/08/11 19:19:11 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\GARMIN
[2010/08/31 22:12:25 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\GlarySoft
[2008/11/07 20:25:58 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\ImgBurn
[2008/06/06 14:45:40 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Lexmark Productivity Studio
[2008/10/06 18:51:17 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\MailWasherPro
[2009/10/10 20:56:40 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2009/05/03 22:28:41 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\muvee Technologies
[2010/03/28 12:51:12 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\NewsLeecher
[2010/08/06 19:01:05 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Nokia
[2009/06/26 08:11:29 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Nseries
[2010/08/29 22:46:46 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Ofepb
[2009/06/26 08:23:01 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\PC Suite
[2010/07/06 20:41:45 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Qebihy
[2008/07/19 13:12:29 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Road Angel
[2010/09/22 17:12:42 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Samsung
[2009/08/26 12:59:18 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\ScanSoft
[2008/11/16 19:45:32 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Sports Interactive
[2009/09/30 16:54:22 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Thinstall
[2010/08/24 19:14:53 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\ubot
[2010/08/31 21:17:29 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Uniblue
[2009/09/05 15:17:06 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Virgin Broadband
[2010/09/10 20:55:02 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Vso
[2009/10/16 22:03:27 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\WaterProof
[2008/08/24 11:44:36 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\WildTangent
[2008/04/08 19:37:28 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\WinBatch
[2009/07/11 09:13:44 | 000,000,000 | ---D | M] -- C:\Users\Po\AppData\Roaming\PC Suite
[2009/09/05 15:17:06 | 000,000,000 | ---D | M] -- C:\Users\Po\AppData\Roaming\Virgin Broadband
[2010/09/25 21:47:58 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/09/22 16:46:37 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/09/22 17:12:10 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2008/01/09 00:46:34 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/01/08 23:58:08 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/09/25 22:08:34 | 000,031,146 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/09/09 17:07:34 | 000,000,125 | ---- | M] () -- C:\FINIS_IT.TXT
[2010/08/05 18:10:34 | 000,000,384 | ---- | M] () -- C:\InstallHelper.log
[2008/04/08 19:38:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/10 20:58:42 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2008/04/08 19:38:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/09/03 22:05:18 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2010/09/03 22:05:17 | 000,005,120 | -H-- | M] () -- C:\ntuser.dat.LOG1
[2009/10/15 19:09:34 | 000,000,000 | -H-- | M] () -- C:\ntuser.dat.LOG2
[2010/09/03 22:05:17 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{6326c0d6-b787-11df-89fe-001e8c765f76}.TM.blf
[2010/09/03 22:05:17 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{6326c0d6-b787-11df-89fe-001e8c765f76}.TMContainer00000000000000000001.regtrans-ms
[2010/09/03 22:05:17 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{6326c0d6-b787-11df-89fe-001e8c765f76}.TMContainer00000000000000000002.regtrans-ms
[2009/10/15 19:09:34 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{ef4ea1da-b931-11de-b1c6-001e8c765f76}.TM.blf
[2009/10/15 19:09:34 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{ef4ea1da-b931-11de-b1c6-001e8c765f76}.TMContainer00000000000000000001.regtrans-ms
[2009/10/15 19:09:34 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{ef4ea1da-b931-11de-b1c6-001e8c765f76}.TMContainer00000000000000000002.regtrans-ms
[2010/09/25 22:14:54 | 3802,546,176 | -HS- | M] () -- C:\pagefile.sys
[2008/04/08 19:38:43 | 000,000,477 | ---- | M] () -- C:\RHDSetup.log
[2010/09/22 18:29:25 | 000,001,204 | ---- | M] () -- C:\rkill.log

< %systemroot%\Fonts\*.com >
[2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2008/10/16 20:35:48 | 000,047,416 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\LMIproc.dll
[2007/03/16 04:08:12 | 000,113,664 | ---- | M] () -- C:\Windows\System32\spool\prtprocs\w32x86\lxdidrpp.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/12/28 17:17:03 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/06/13 21:15:20 | 000,000,286 | -HS- | M] () -- C:\Users\paul\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/09/25 17:12:06 | 003,852,394 | R--- | M] () -- C:\Users\paul\Desktop\ComboFix.exe
[2009/12/15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Users\paul\Desktop\gmer.exe
[2010/09/25 20:41:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\paul\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/05/04 06:40:03 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/05/04 06:39:33 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2009/12/28 17:15:52 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2009/12/28 17:15:52 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/05/04 06:39:33 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/03/30 21:29:41 | 000,000,402 | -HS- | M] () -- C:\Users\paul\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/07/04 10:38:39 | 000,000,166 | -HS- | M] () -- C:\ProgramData\.zreglib
[2008/01/09 00:40:43 | 000,000,342 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2008/07/26 15:51:27 | 000,000,105 | ---- | M] () -- C:\ProgramData\lxdi
[2010/09/03 18:09:46 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >
[2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >
[2006/09/18 22:31:55 | 000,107,620 | ---- | M] () -- C:\Windows\System32\acwizard.ico

< %systemroot%\system\*.dat >
[2008/03/30 21:29:29 | 000,000,044 | ---- | M] () -- C:\Windows\system\hpsysdrv.dat

< %systemroot%\system\*.exe >

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >
[2008/11/16 19:34:42 | 000,333,778 | ---- | M] () -- C:\Windows\Logs\DirectX.log

< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

< %AppData%\Adobe\dlluplwin25\*.* >

< %UserProfile%\*.dat >
[2010/09/25 22:27:44 | 005,242,880 | -HS- | M] () -- C:\Users\paul\ntuser.dat

< %UserProfile%\*.dll >

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

< %appdata%\Microsoft\Windows\*.* >

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< %systemroot%\system32\windows32\*.* >

< %ProgramFiles%\win\*.* >

< %AppData%\Microsoft\CD Burning\*.* >

< %systemroot%\*.cab >

< %systemroot%\K.Backup\*.* >

< %ProgramFiles%\Massenger\*.* >

< %systemroot%\System32\*.doc >

< %systemroot%\Office12\*.* >

< %systemroot%\System32\Rundl32.exe\*.* >

< %ProgramFiles%\yahoo.net\*.* >

< %systemroot%\system32\*.igo >

< %systemroot%\*.rew >

< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >
[2007/01/26 03:06:00 | 000,116,544 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\spool\drivers\w32x86\3\brqikmon.exe
[2008/09/12 11:11:00 | 000,483,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\EREGISTR.EXE
[2008/05/03 01:40:14 | 000,309,144 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_DUPA30.EXE
[2007/11/15 15:02:00 | 000,175,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FAMTEGE.EXE
[2008/01/07 15:04:00 | 000,159,744 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FARNEGE.EXE
[2007/12/17 16:00:00 | 000,188,928 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEGE.EXE
[2007/12/17 11:03:00 | 000,177,152 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FBCSEGE.EXE
[2008/05/01 20:26:00 | 000,105,984 | ---- | M] (SEIKO EPSON Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FHUTEGE.EXE
[2008/04/16 17:05:00 | 000,804,784 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FINSEGE.EXE
[2007/11/26 14:00:00 | 000,204,800 | ---- | M] (SEIKO EPSON CORP.) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FPREEGE.EXE
[2007/01/11 14:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_S40RP7.EXE
[2007/12/17 14:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_S40ST7.EXE
[2007/04/26 16:39:08 | 000,116,416 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxdicfgx.exe
[2007/04/26 16:38:48 | 000,398,256 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxdijswx.exe
[2007/04/26 16:38:46 | 000,291,760 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxdipswx.exe
[2007/04/26 16:38:22 | 000,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdiserv.exe
[2007/04/26 16:38:32 | 000,082,864 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxditime.exe
[2007/04/26 16:38:28 | 000,082,864 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdiupld.exe
[2007/04/26 16:38:24 | 000,082,864 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdiview.exe
[2007/02/14 10:08:46 | 000,343,086 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxdiwavs.exe
[2007/04/26 16:38:34 | 000,140,208 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxdiwbgw.exe

< %USERPROFILE%\.COMMgr\*.* >

< %USERPROFILE%\Desktop\*.bat >

< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >

< %PROGRAMFILES%\Internet Explorer\*.Jmp >

< %PROGRAMFILES%\Windows NT\system\*.dll >

< %systemroot%\system32\*.ext >

< %systemroot%\system32\Com\*.cfg >

< %systemroot%\system32\btz\*.* >

< %systemroot%\system32\EMP\*.* >

< %systemroot%\system32\expo\*.* >

< %systemroot%\system32\inet2\*.* >

< %systemroot%\system32\xrem\*.* >

< %ProgramFiles%\Microsoft\*.* >

< %systemroot%\usgwmt\*.* >

< %ProgramFiles%\B\*.* >

< %SYSTEMDRIVE%\lspp\*.* >

< %systemroot%\Kral\*.* >

< %SYSTEMDRIVE%\windowsdvd.exe\*.* >

< %systemroot%\system32\*.ipo >

< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >

< %systemroot%\system32\*.mof >

< %systemroot%\*.atm >

< %systemroot%\system32\svhost\*.* >

< %ProgramFiles%\system32\*.* >

< %ProgramFiles%\Docmentt\*.* >

< %systemroot%\Help\*.vbs >

< %ProgramFiles%\Windows WinSxs\*.* /s >

< %ProgramFiles%\Outlook Express\IDT\*.* /s >

< %ProgramFiles%\Microsoft Office\365\*.* /s >

< %ProgramFiles%\Windows Live\*.* >

< %systemroot%\system32\win32\*.* >

< %SYSTEMDRIVE%\RECYCLER\*.* >

< %systemroot%\Fresh1\*.* >

< %ProgramFiles%\Kekj\*.* /s >

< %systemroot%\GDU\*.* >

< %systemroot%\KA\*.* >

< %systemroot%\R\*.* >

< %systemroot%\system32\*.fyo >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-17 02:05:36

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\paul\Desktop\Bunny Forum.mp3:TOC.WMV
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FA5F15C4
< End of report >

Attached Files

OTL.Txt 207.68KB 143 downloads
Comobofix log v2.txt 30.42KB 100 downloads
Extras.Txt 56.19KB 72 downloads

#10
Essexboy

Posted 26 September 2010 - 05:15 AM

GeekU Moderator

Retired Staff
69,964 posts

Yep no problem on the combofix upload

On completion of this run can you let me know what problems remain - connect to the internet

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2392193440-2477452000-396362505-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2010/08/29 17:16:21 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\com.mesiablabs.Hummingbird.DD96D946B68711898AC52ED9549DF79715E23D9C.1

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

#11
Delboy24

Posted 26 September 2010 - 10:11 AM

New Member

Topic Starter
Member
9 posts

Thx again for the help.

I have included the "run fix" log and the re-scan and also a MWBytes log which shows as clean on a quick scan.

I had to open the internet for a download of MWB as I kept getting the error code 2 message on it, so I was not comfortable it was working - uninstalled and re-installed a clean new version and updating database.

Seems to be running faster, but I still had 4 re-directs on internet - pointing mainly to monster.co.uk and a couple of blog sites - even the MWB download pointed me from the MWB offical site to Download.com.

Trust this is ok, but still worried there is something not quite right.

So far what have you seen in terms of infection, what baddies have you found?

Do I need to be concerned with System Restore?

OTL logfile created on: 26/09/2010 16:44:40 - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\paul\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.37 Gb Total Space | 151.64 Gb Free Space | 33.30% Space Free | Partition Type: NTFS
Drive D: | 10.39 Gb Total Space | 1.41 Gb Free Space | 13.60% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 399.96 Gb Free Space | 85.87% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 465.75 Gb Total Space | 45.15 Gb Free Space | 9.69% Space Free | Partition Type: NTFS
Drive M: | 247.21 Mb Total Space | 239.70 Mb Free Space | 96.96% Space Free | Partition Type: FAT

Computer Name: ADMIN
Current User Name: paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\paul\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe (Nokia)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrodist.exe (Adobe Systems Incorporated.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
PRC - c:\hp\HPEZBTN\HPBtnSrv.exe ()
PRC - C:\Windows\System32\lxdicoms.exe ( )
PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)

========== Modules (SafeList) ==========

MOD - C:\Users\paul\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Spyware Doctor\smum32.dll (PC Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (getPlus® Helper) getPlus® -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe File not found
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (dgdersvc) -- C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (StumbleUponUpdateService) -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe (stumbleupon.com)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (DfSdkS) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe (mst software GmbH, Germany)
SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (HPBtnSrv) -- c:\hp\HPEZBTN\HPBtnSrv.exe ()
SRV - (lxdi_device) -- C:\Windows\System32\lxdicoms.exe ( )
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)

========== Driver Services (SafeList) ==========

DRV - (vsdatant7) -- C:\Windows\System32\drivers\vsdatant.win7.sys File not found
DRV - (RPSKT) Security Services Driver (x86) -- C:\Windows\System32\DRIVERS\rp_skt32.sys File not found
DRV - (pgfilter) -- C:\Program Files\PeerGuardian2\pgfilter.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\RaInfo.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (pbfilter) -- C:\Users\paul\Documents\Downloads\PeerBlock_r181__Win32_Release_(Vista)\pbfilter.sys ()
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (SndTVideo) -- C:\Windows\System32\drivers\SndTVideo.sys (Windows ® 2000 DDK provider)
DRV - (SndTAudio) -- C:\Windows\System32\drivers\SndTAudio.sys (Windows ® Codename Longhorn DDK provider)
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (HCW85BDA) -- C:\Windows\System32\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (BrSerIf) -- C:\Windows\System32\drivers\BrSerIf.sys (Brother Industries Ltd.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (BrUsbSer) -- C:\Windows\System32\drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (NetworkX) -- C:\Windows\system32\ckldrv.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dpbuk.co.uk/
IE - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-2392193440-2477452000-396362505-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKU\S-1-5-21-2392193440-2477452000-396362505-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: avg@igeared:4.906.030.002
FF - prefs.js..extensions.enabledItems: {DBD8D0E4-E9C8-4ED5-BA6A-B4B3BFD6B130}:1.9.1
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.3
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.6.6
FF - prefs.js..extensions.enabledItems: [email protected]:3.2
FF - prefs.js..extensions.enabledItems: {fae5bcbc-dd73-439a-a15e-5b9ff39c0e9b}:1.1.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.4
FF - prefs.js..extensions.enabledItems: {6b6601f1-361e-4b9f-bb6d-f8305000e4f6}:0.9.20.03
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20100827

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/08/06 18:31:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/26 16:18:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/08/31 22:12:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{DBD8D0E4-E9C8-4ED5-BA6A-B4B3BFD6B130}: C:\Users\paul\AppData\Local\{DBD8D0E4-E9C8-4ED5-BA6A-B4B3BFD6B130} [2010/09/02 21:38:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/21 19:39:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/21 19:39:55 | 000,000,000 | ---D | M]

[2009/11/24 14:31:53 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Mozilla\Extensions
[2010/09/22 11:36:57 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\v03y8lsw.default\extensions
[2010/09/03 20:17:15 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\v03y8lsw.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/09/03 20:17:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\v03y8lsw.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/09/03 20:18:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\v03y8lsw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/22 11:36:56 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\v03y8lsw.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010/09/05 13:35:07 | 000,000,000 | ---D | M] (googlebar) -- C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\v03y8lsw.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}
[2010/09/03 20:17:14 | 000,000,000 | ---D | M] (KeywordSpyâ„¢ SEO/PPC) -- C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\v03y8lsw.default\extensions\{fae5bcbc-dd73-439a-a15e-5b9ff39c0e9b}
[2010/09/03 20:17:14 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\v03y8lsw.default\extensions\[email protected]
[2010/09/08 15:39:29 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\v03y8lsw.default\extensions\[email protected]
[2010/09/03 20:17:14 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\v03y8lsw.default\extensions\[email protected]
[2010/09/22 11:33:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/23 01:29:54 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/23 01:29:54 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/23 01:29:54 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/23 01:29:54 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/09/26 16:14:56 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Nokia FastStart] C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe (Nokia)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2392193440-2477452000-396362505-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll (iOpus Software GmbH)
O9 - Extra 'Tools' menuitem : iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Value error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O9 - Extra 'Tools' menuitem : PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2392193440-2477452000-396362505-1000\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-2392193440-2477452000-396362505-1002\..Trusted Ranges: Range1 ([http] in )
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\paul\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab (F5 Networks Auto Update)
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} C:\Users\paul\AppData\Local\Temp\f5tmp\urTermProxy.cab (F5 Networks SSLTunnel)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\paul\AppData\Local\Temp\f5tmp\urxhost.cab (F5 Networks Host Control)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.co...inAxControl.CAB (Reg Error: Key error.)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Users\paul\Desktop\anastasia391600x1200.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/09 00:46:34 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/26 16:14:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/25 21:50:37 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/09/25 21:20:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/09/25 21:15:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\paul\Desktop\OTL.exe
[2010/09/25 19:12:15 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\temp
[2010/09/25 17:16:17 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/09/25 17:16:17 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/09/25 17:16:17 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/09/25 17:15:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/22 18:11:37 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/09/15 17:39:21 | 000,000,000 | ---D | C] -- C:\Users\paul\Desktop\thesis
[2010/09/15 07:38:30 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010/09/13 18:37:58 | 000,000,000 | ---D | C] -- C:\Users\paul\Desktop\Pushchair Photos
[2010/09/12 19:18:35 | 000,000,000 | ---D | C] -- C:\Users\paul\Desktop\Malina
[2010/09/12 16:58:54 | 000,000,000 | ---D | C] -- C:\Users\paul\Desktop\AzonTheme
[2010/09/11 16:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\EasyPHP-5.3.3
[2010/09/11 16:15:47 | 000,000,000 | ---D | C] -- C:\Users\paul\Documents\xGenSEO
[2010/09/11 16:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\Apex Pacific
[2010/09/11 16:11:28 | 000,000,000 | ---D | C] -- C:\Users\paul\Desktop\XgenSEO
[2010/09/10 18:42:45 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/09/10 18:42:45 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/09/10 18:42:36 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/09/10 18:42:36 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/09/10 18:42:30 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/09/10 18:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/09/10 18:42:13 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\PC Tools
[2010/09/10 18:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/09/10 18:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/09/04 17:05:29 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\Affilorama
[2010/09/04 17:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\Traffic Travis v3
[2010/09/04 14:39:29 | 000,000,000 | ---D | C] -- C:\Users\paul\DoctorWeb
[2010/09/03 22:39:10 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsregexp.dll
[2010/09/03 22:37:46 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010/09/03 22:37:28 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcommdb.dll
[2010/09/03 22:37:28 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcomm.dll
[2010/09/03 22:37:25 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vswmi.dll
[2010/09/03 22:37:24 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zpeng25.dll
[2010/09/03 22:37:23 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsxml.dll
[2010/09/03 22:37:22 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vspubapi.dll
[2010/09/03 22:37:20 | 000,108,032 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsmonapi.dll
[2010/09/03 22:37:18 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsdata.dll
[2010/09/03 22:23:38 | 000,457,304 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\drivers\vsdatant.sys
[2010/09/03 22:23:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\ZoneLabs
[2010/09/03 22:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/09/03 22:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010/09/03 22:22:38 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010/09/03 22:22:25 | 000,713,728 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsutil.dll
[2010/09/03 22:22:25 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsinit.dll
[2010/09/02 22:22:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/02 22:22:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/02 22:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/02 21:38:29 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\{DBD8D0E4-E9C8-4ED5-BA6A-B4B3BFD6B130}
[2010/08/31 23:12:05 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/08/31 23:06:32 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\AVG Security Toolbar
[2010/08/31 22:12:25 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\GlarySoft
[2010/08/31 22:12:24 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/08/31 22:12:22 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/08/31 22:12:16 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/08/31 22:12:15 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/08/31 22:12:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/08/31 22:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/08/31 22:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/08/31 22:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/08/31 21:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2010/08/31 21:17:29 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\Uniblue
[2010/08/31 21:15:18 | 000,028,160 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\System32\DfSdkBt.exe
[2010/08/29 18:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\TwitterBlasterPro
[2010/08/29 18:22:14 | 000,000,000 | ---D | C] -- C:\Users\paul\Desktop\Twitter Automation
[2010/08/27 17:04:09 | 000,000,000 | ---D | C] -- C:\Users\paul\Desktop\instadigi-2.4.2
[2008/04/03 22:13:55 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\paul\AppData\Roaming\pcouffin.sys
[2007/04/12 20:05:06 | 000,614,400 | ---- | C] ( ) -- C:\Windows\System32\lxdipmui.dll
[2007/04/12 20:03:34 | 001,187,840 | ---- | C] ( ) -- C:\Windows\System32\lxdiserv.dll
[2007/04/12 19:58:30 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdicomm.dll
[2007/04/12 19:58:24 | 000,532,480 | ---- | C] ( ) -- C:\Windows\System32\lxdilmpm.dll
[2007/04/12 19:57:42 | 000,671,744 | ---- | C] ( ) -- C:\Windows\System32\lxdihbn3.dll
[2007/04/12 19:56:28 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdipplc.dll
[2007/04/12 19:56:10 | 000,942,080 | ---- | C] ( ) -- C:\Windows\System32\lxdiusb1.dll
[2007/04/12 19:55:32 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxdicomc.dll
[2007/04/12 19:52:38 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdiiesc.dll
[2007/04/12 19:52:32 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdiinpa.dll
[2007/04/12 19:51:38 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdiprox.dll

========== Files - Modified Within 30 Days ==========

[2010/09/26 16:49:42 | 005,242,880 | -HS- | M] () -- C:\Users\paul\ntuser.dat
[2010/09/26 16:48:17 | 000,706,818 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/26 16:48:17 | 000,611,010 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/26 16:48:17 | 000,109,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/26 16:46:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2392193440-2477452000-396362505-1000UA.job
[2010/09/26 16:44:26 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/09/26 16:43:06 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/26 16:42:03 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/26 16:42:00 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/26 16:42:00 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/26 16:41:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/26 16:39:18 | 000,524,288 | -HS- | M] () -- C:\Users\paul\ntuser.dat{72c52a62-8935-11df-bfeb-001e8c765f76}.TMContainer00000000000000000001.regtrans-ms
[2010/09/26 16:39:18 | 000,065,536 | -HS- | M] () -- C:\Users\paul\ntuser.dat{72c52a62-8935-11df-bfeb-001e8c765f76}.TM.blf
[2010/09/26 16:27:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/26 16:16:58 | 065,291,793 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/09/26 16:14:56 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/09/25 22:30:19 | 003,272,581 | -H-- | M] () -- C:\Users\paul\AppData\Local\IconCache.db
[2010/09/25 22:14:53 | 415,872,735 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/25 21:50:57 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/09/25 21:16:55 | 000,002,039 | ---- | M] () -- C:\Users\paul\Desktop\Google Chrome.lnk
[2010/09/25 21:16:55 | 000,002,001 | ---- | M] () -- C:\Users\paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/25 20:41:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\paul\Desktop\OTL.exe
[2010/09/25 17:12:06 | 003,852,394 | R--- | M] () -- C:\Users\paul\Desktop\ComboFix.exe
[2010/09/22 20:46:00 | 000,000,850 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2392193440-2477452000-396362505-1000Core.job
[2010/09/22 17:48:07 | 000,001,746 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2010/09/22 17:12:10 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2010/09/22 14:11:33 | 000,031,186 | ---- | M] () -- C:\Users\paul\Documents\SAMSUNG GALAXY S.docx
[2010/09/18 13:15:16 | 000,211,119 | ---- | M] () -- C:\Users\paul\Desktop\img045.jpg
[2010/09/18 13:15:12 | 000,162,814 | ---- | M] () -- C:\Users\paul\Desktop\img046.jpg
[2010/09/18 13:15:04 | 000,178,431 | ---- | M] () -- C:\Users\paul\Desktop\img047.jpg
[2010/09/11 18:09:17 | 000,001,030 | ---- | M] () -- C:\Users\paul\Application Data\Microsoft\Internet Explorer\Quick Launch\xGenSEO.Patched - Shortcut.lnk
[2010/09/11 17:48:40 | 001,386,747 | ---- | M] () -- C:\Users\paul\Desktop\xgenseohelp.pdf
[2010/09/11 16:57:42 | 000,001,744 | ---- | M] () -- C:\Users\paul\Desktop\EasyPHP 5.3.3.lnk
[2010/09/10 20:55:02 | 000,000,668 | ---- | M] () -- C:\Users\paul\AppData\Roaming\vso_ts_preview.xml
[2010/09/10 19:42:23 | 000,024,064 | ---- | M] () -- C:\Users\paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/10 19:13:09 | 000,071,146 | ---- | M] () -- C:\Users\paul\Desktop\graco niche.xlsx
[2010/09/10 18:32:20 | 000,000,860 | ---- | M] () -- C:\Users\paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Traffic Travis.lnk
[2010/09/10 18:32:20 | 000,000,836 | ---- | M] () -- C:\Users\paul\Desktop\Traffic Travis.lnk
[2010/09/09 17:12:47 | 000,171,525 | ---- | M] () -- C:\Users\paul\Desktop\7_Traffic_Methods_Report.pdf
[2010/09/09 16:44:11 | 002,930,072 | ---- | M] () -- C:\Users\paul\Desktop\Amazonian_Profit_Plan.pdf
[2010/09/08 17:28:21 | 001,820,188 | ---- | M] () -- C:\Users\paul\Desktop\niche_site_formula.pdf
[2010/09/08 16:28:52 | 000,000,804 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.bak
[2010/09/06 20:00:57 | 001,178,659 | ---- | M] () -- C:\Users\paul\Desktop\InstantRankingFormula.pdf
[2010/09/06 19:57:37 | 000,859,665 | ---- | M] () -- C:\Users\paul\Desktop\RBLinkDatabase.pdf
[2010/09/03 22:39:34 | 000,420,800 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010/09/03 22:39:12 | 000,000,873 | ---- | M] () -- C:\Users\paul\Desktop\ZoneAlarm Security.lnk
[2010/09/03 22:05:18 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2010/09/03 22:05:17 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{6326c0d6-b787-11df-89fe-001e8c765f76}.TMContainer00000000000000000002.regtrans-ms
[2010/09/03 22:05:17 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{6326c0d6-b787-11df-89fe-001e8c765f76}.TMContainer00000000000000000001.regtrans-ms
[2010/09/03 22:05:17 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{6326c0d6-b787-11df-89fe-001e8c765f76}.TM.blf
[2010/09/03 19:52:21 | 000,001,750 | ---- | M] () -- C:\Users\paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/03 19:52:21 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/09/03 19:28:32 | 000,000,036 | ---- | M] () -- C:\Users\paul\AppData\Local\housecall.guid.cache
[2010/09/03 18:09:46 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/09/02 22:22:34 | 000,000,838 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/01 18:47:06 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/09/01 18:18:16 | 000,002,439 | ---- | M] () -- C:\Users\Public\Desktop\TwitterBlasterPro.lnk
[2010/08/31 22:12:25 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/08/31 22:12:25 | 000,001,649 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/08/31 22:12:23 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/08/31 22:12:17 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/08/31 22:12:16 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/08/31 22:12:15 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/08/31 21:15:18 | 000,000,931 | ---- | M] () -- C:\Users\paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo WinOptimizer 6.lnk
[2010/08/31 20:47:18 | 000,001,356 | ---- | M] () -- C:\Users\paul\AppData\Local\d3d9caps.dat
[2010/08/29 22:57:00 | 000,224,256 | ---- | M] () -- C:\Users\paul\Documents\manage panic attacks.msam
[2010/08/29 18:22:04 | 000,153,600 | ---- | M] () -- C:\Users\paul\Documents\rabbit forum.msam
[2010/08/29 17:40:38 | 000,184,076 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2010/08/29 17:16:21 | 000,000,287 | ---- | M] () -- C:\Users\paul\Documents\hb2-setings.json
[2010/08/27 17:33:44 | 000,008,229 | ---- | M] () -- C:\Users\paul\Desktop\index_body.html

========== Files Created - No Company Name ==========

[2010/09/25 17:16:17 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/25 17:16:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/09/25 17:16:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/25 17:16:17 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/25 17:16:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/25 17:11:57 | 003,852,394 | R--- | C] () -- C:\Users\paul\Desktop\ComboFix.exe
[2010/09/22 19:26:49 | 000,293,376 | ---- | C] () -- C:\Users\paul\Desktop\gmer.exe
[2010/09/22 19:10:55 | 415,872,735 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/09/22 17:48:07 | 000,001,746 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2010/09/22 13:55:47 | 000,031,186 | ---- | C] () -- C:\Users\paul\Documents\SAMSUNG GALAXY S.docx
[2010/09/18 13:12:37 | 000,178,431 | ---- | C] () -- C:\Users\paul\Desktop\img047.jpg
[2010/09/18 13:12:22 | 000,162,814 | ---- | C] () -- C:\Users\paul\Desktop\img046.jpg
[2010/09/18 13:12:08 | 000,211,119 | ---- | C] () -- C:\Users\paul\Desktop\img045.jpg
[2010/09/11 18:09:17 | 000,001,030 | ---- | C] () -- C:\Users\paul\Application Data\Microsoft\Internet Explorer\Quick Launch\xGenSEO.Patched - Shortcut.lnk
[2010/09/11 17:48:40 | 001,386,747 | ---- | C] () -- C:\Users\paul\Desktop\xgenseohelp.pdf
[2010/09/11 16:57:42 | 000,001,744 | ---- | C] () -- C:\Users\paul\Desktop\EasyPHP 5.3.3.lnk
[2010/09/10 18:42:45 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/09/10 18:42:36 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/09/10 18:42:36 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/09/10 18:42:30 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/09/09 17:12:47 | 000,171,525 | ---- | C] () -- C:\Users\paul\Desktop\7_Traffic_Methods_Report.pdf
[2010/09/09 16:44:10 | 002,930,072 | ---- | C] () -- C:\Users\paul\Desktop\Amazonian_Profit_Plan.pdf
[2010/09/08 21:34:25 | 000,071,146 | ---- | C] () -- C:\Users\paul\Desktop\graco niche.xlsx
[2010/09/08 17:28:20 | 001,820,188 | ---- | C] () -- C:\Users\paul\Desktop\niche_site_formula.pdf
[2010/09/06 20:00:57 | 001,178,659 | ---- | C] () -- C:\Users\paul\Desktop\InstantRankingFormula.pdf
[2010/09/06 19:57:37 | 000,859,665 | ---- | C] () -- C:\Users\paul\Desktop\RBLinkDatabase.pdf
[2010/09/04 17:05:30 | 000,000,860 | ---- | C] () -- C:\Users\paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Traffic Travis.lnk
[2010/09/04 17:05:30 | 000,000,836 | ---- | C] () -- C:\Users\paul\Desktop\Traffic Travis.lnk
[2010/09/04 14:32:52 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2010/09/03 22:39:12 | 000,000,873 | ---- | C] () -- C:\Users\paul\Desktop\ZoneAlarm Security.lnk
[2010/09/03 22:23:38 | 000,420,800 | -H-- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010/09/03 22:05:04 | 000,524,288 | -HS- | C] () -- C:\ntuser.dat{6326c0d6-b787-11df-89fe-001e8c765f76}.TMContainer00000000000000000002.regtrans-ms
[2010/09/03 22:05:04 | 000,524,288 | -HS- | C] () -- C:\ntuser.dat{6326c0d6-b787-11df-89fe-001e8c765f76}.TMContainer00000000000000000001.regtrans-ms
[2010/09/03 22:05:04 | 000,065,536 | -HS- | C] () -- C:\ntuser.dat{6326c0d6-b787-11df-89fe-001e8c765f76}.TM.blf
[2010/09/03 19:52:21 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/09/03 19:28:32 | 000,000,036 | ---- | C] () -- C:\Users\paul\AppData\Local\housecall.guid.cache
[2010/09/03 18:09:46 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/02 22:22:34 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/31 22:12:25 | 000,001,649 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/08/31 22:12:15 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/08/31 22:12:14 | 065,291,793 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/29 22:47:35 | 000,224,256 | ---- | C] () -- C:\Users\paul\Documents\manage panic attacks.msam
[2010/08/29 18:23:11 | 000,002,439 | ---- | C] () -- C:\Users\Public\Desktop\TwitterBlasterPro.lnk
[2010/08/29 17:40:38 | 000,184,076 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/08/29 17:40:30 | 000,153,600 | ---- | C] () -- C:\Users\paul\Documents\rabbit forum.msam
[2010/08/29 17:16:21 | 000,000,287 | ---- | C] () -- C:\Users\paul\Documents\hb2-setings.json
[2010/08/27 17:33:44 | 000,008,229 | ---- | C] () -- C:\Users\paul\Desktop\index_body.html
[2010/07/26 14:18:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2010/07/26 14:18:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2010/07/26 14:18:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2010/07/26 14:18:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010/07/06 19:43:23 | 000,000,092 | ---- | C] () -- C:\Users\paul\AppData\Local\fusioncache.dat
[2010/04/01 20:11:01 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/01/01 11:30:35 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/12/29 10:13:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/12/19 12:47:09 | 000,478,208 | ---- | C] () -- C:\Users\paul\AppData\Roaming\TweetAdder
[2009/09/26 10:36:07 | 000,343,224 | ---- | C] () -- C:\Windows\System32\iimds.dll
[2009/09/26 10:36:07 | 000,233,144 | ---- | C] () -- C:\Windows\System32\IMImage.dll
[2009/09/26 10:36:07 | 000,057,016 | ---- | C] () -- C:\Windows\System32\imsys.dll
[2009/09/26 10:36:07 | 000,014,848 | ---- | C] () -- C:\Windows\System32\iimir.dll
[2009/09/26 09:42:16 | 000,004,096 | -H-- | C] () -- C:\Users\paul\AppData\Local\keyfile3.drm
[2009/08/25 13:09:22 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009/08/25 13:09:22 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009/07/04 16:12:32 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/07/04 16:05:41 | 000,000,025 | ---- | C] () -- C:\Windows\CDE SX400DEFGIPS.ini
[2009/04/08 22:59:51 | 000,000,355 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/09/01 08:42:03 | 000,245,760 | ---- | C] () -- C:\Windows\System32\SGSchemeXml.dll
[2008/09/01 08:42:03 | 000,221,184 | ---- | C] () -- C:\Windows\System32\SGSchemeManager.dll
[2008/09/01 08:42:03 | 000,118,784 | ---- | C] () -- C:\Windows\System32\SGSchemeXP.dll
[2008/09/01 08:42:02 | 000,212,992 | R--- | C] () -- C:\Windows\System32\SGSchemeConfig.dll
[2008/09/01 08:42:02 | 000,176,128 | ---- | C] () -- C:\Windows\System32\SGSchemeDefault.dll
[2008/09/01 08:42:02 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SGCom32.dll
[2008/08/24 10:32:52 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/08/24 10:32:52 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/08/24 10:30:39 | 000,000,226 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2008/08/24 10:30:39 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2008/08/24 10:24:31 | 000,000,009 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2008/08/24 10:24:30 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2008/08/24 10:21:34 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2008/07/26 10:59:58 | 000,000,105 | ---- | C] () -- C:\ProgramData\lxdi
[2008/07/25 07:43:37 | 000,000,064 | ---- | C] () -- C:\Windows\Crypkey.ini
[2008/07/25 07:43:34 | 000,031,654 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2008/07/25 07:43:34 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2008/07/23 20:58:55 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2008/07/23 20:58:55 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2008/07/23 20:58:55 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2008/07/23 20:58:55 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2008/07/13 17:35:17 | 000,000,986 | ---- | C] () -- C:\Users\paul\AppData\Local\7F68A003.il
[2008/07/13 17:35:17 | 000,000,280 | ---- | C] () -- C:\Users\paul\AppData\Local\IndexIE_7F68A003.il
[2008/06/18 14:59:56 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/05/29 13:16:14 | 000,282,624 | ---- | C] () -- C:\Windows\System32\SGList32.dll
[2008/05/29 13:16:10 | 000,278,528 | ---- | C] () -- C:\Windows\System32\SGTool32.dll
[2008/05/29 13:16:06 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SGIntl32.dll
[2008/05/29 13:16:04 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SGHelp32.dll
[2008/05/29 13:16:04 | 000,073,728 | ---- | C] () -- C:\Windows\System32\SGDt32.dll
[2008/05/29 13:15:04 | 000,237,568 | ---- | C] () -- C:\Windows\System32\SGWebBrowser.dll
[2008/05/18 17:49:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL
[2008/05/18 17:49:46 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL
[2008/05/18 17:49:26 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2008/05/18 17:49:26 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2008/04/09 23:34:55 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2008/04/03 22:19:10 | 000,000,166 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008/04/03 22:15:44 | 000,000,668 | ---- | C] () -- C:\Users\paul\AppData\Roaming\vso_ts_preview.xml
[2008/04/03 22:14:11 | 000,000,034 | ---- | C] () -- C:\Users\paul\AppData\Roaming\pcouffin.log
[2008/04/03 22:13:55 | 000,007,887 | ---- | C] () -- C:\Users\paul\AppData\Roaming\pcouffin.cat
[2008/04/03 22:13:55 | 000,001,144 | ---- | C] () -- C:\Users\paul\AppData\Roaming\pcouffin.inf
[2008/04/03 00:38:50 | 000,000,024 | ---- | C] () -- C:\Users\paul\AppData\Local\SkyNewsGadget.log
[2008/03/31 20:07:10 | 000,024,064 | ---- | C] () -- C:\Users\paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/31 19:53:37 | 000,001,356 | ---- | C] () -- C:\Users\paul\AppData\Local\d3d9caps.dat
[2008/02/28 15:30:08 | 000,008,784 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2008/02/02 21:39:56 | 003,114,496 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008/02/02 21:39:56 | 001,216,512 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/02/02 21:39:56 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2008/02/02 21:39:56 | 000,523,776 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2008/02/02 21:39:56 | 000,405,504 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008/02/02 21:39:56 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2008/02/02 21:39:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2008/02/02 21:39:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2008/02/02 21:39:56 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2008/02/02 21:39:56 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2008/02/02 21:39:56 | 000,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2008/02/02 21:39:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2008/02/02 21:39:56 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2008/02/02 21:39:56 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2008/02/02 21:39:56 | 000,081,408 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2008/02/02 21:39:56 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2008/02/02 21:39:56 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2008/02/02 21:39:56 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2008/02/02 21:39:56 | 000,008,192 | ---- | C] () -- C:\Windows\System32\FLT_ffdshow.dll
[2008/02/02 21:39:56 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/01/09 00:40:27 | 000,000,342 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/01/09 00:36:11 | 000,003,758 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2008/01/09 00:35:53 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2008/01/09 00:23:39 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/01/09 00:23:39 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/12/29 01:04:02 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2007/12/29 01:04:00 | 000,245,248 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2007/12/29 01:03:56 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2007/12/29 01:03:48 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2007/12/29 01:03:48 | 000,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2007/12/29 01:03:46 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2007/12/29 01:03:46 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2007/12/29 01:03:40 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2007/12/29 01:03:38 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2007/12/29 01:03:34 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2007/12/29 01:03:34 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2007/12/11 23:34:56 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/12/11 23:33:14 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2007/12/11 23:33:14 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2007/06/28 19:54:10 | 000,237,568 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/05/19 11:29:32 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Sage.Accounts.InstallHelper.dll
[2007/04/26 08:20:22 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdigrd.dll
[2007/03/30 16:13:24 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdicoin.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/01 07:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdivs.dll
[2005/03/26 16:01:34 | 000,049,152 | ---- | C] () -- C:\Windows\System32\rtjpg.dll
[2005/03/26 16:01:32 | 000,106,496 | ---- | C] () -- C:\Windows\System32\DSMyth.dll
[2005/03/26 16:01:28 | 000,180,224 | ---- | C] () -- C:\Windows\System32\MythSource.dll
[2005/02/14 15:27:30 | 001,069,056 | ---- | C] () -- C:\Windows\System32\libmySQL.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\paul\Desktop\Bunny Forum.mp3:TOC.WMV
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FA5F15C4
< End of report >

Attached Files

Post-OTL Logv1.txt 28.78KB 94 downloads
OTL-FINAL LOG.Txt 128.04KB 114 downloads
mbam-log-2010-09-26 (17-03-46).txt 892bytes 98 downloads

#12
Essexboy

Posted 26 September 2010 - 10:29 AM

GeekU Moderator

Retired Staff
69,964 posts

Seems to be running faster, but I still had 4 re-directs on internet - pointing mainly to monster.co.uk and a couple of blog sites - even the MWB download pointed me from the MWB offical site to Download.com

The MBAM link is from download.com as it saves bandwidth for the main MBAM servers

Do the redirects occur in FF or IE ?

So far what have you seen in terms of infection, what baddies have you found?

Well as you already know there was a password stealer this was a TDSS variant (two of those) plus some sundry trojan downloaders and redirect malware

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
FF - HKLM\software\mozilla\Firefox\Extensions\\{DBD8D0E4-E9C8-4ED5-BA6A-B4B3BFD6B130}: C:\Users\paul\AppData\Local\{DBD8D0E4-E9C8-4ED5-BA6A-B4B3BFD6B130} [2010/09/02 21:38:29 | 000,000,000 | ---D | M]
[2010/09/03 20:17:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\v03y8lsw.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/09/03 20:17:14 | 000,000,000 | ---D | M] (KeywordSpyâ„¢ SEO/PPC) -- C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\v03y8lsw.default\extensions\{fae5bcbc-dd73-439a-a15e-5b9ff39c0e9b}
[2010/09/03 20:17:14 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\v03y8lsw.default\extensions\[email protected]
[2010/09/03 20:17:14 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\v03y8lsw.default\extensions\[email protected]
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O9 - Extra 'Tools' menuitem : PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#13
Delboy24

Posted 26 September 2010 - 10:36 AM

New Member

Topic Starter
Member
9 posts

redirects happened in Chrome and FF -havent used IE since chrome came out really due to its "faster" UI.

Will post back in a bit when the scans have run.

Thanks