Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System Tool malware - removed?

Started by chrisg6152 , Feb 11 2011 04:21 PM

  • This topic is locked This topic is locked

#1
chrisg6152
Posted 11 February 2011 - 04:21 PM

chrisg6152

    Member

  • Member
  • PipPipPip
  • 102 posts
Hi and thank you in advance for looking at my problem.

I have recently been infected with the System Tool malware program, and thanks to your Malware Removal Guide I have managed to remove it from my PC, using rkill and MBAM (or at least I hope I have!).

Even though System Tool has apparently been removed, could I ask you to cast your expert eye over the OTL Log and OTL Extra Log that I ran on completion, just to ensure that my system is 'clean'.

OTL logfile created on: 11/02/2011 21:55:33 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = F:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

502.00 Mb Total Physical Memory | 115.00 Mb Available Physical Memory | 23.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.70 Gb Total Space | 19.07 Gb Free Space | 36.19% Space Free | Partition Type: NTFS
Drive D: | 18.61 Gb Total Space | 18.53 Gb Free Space | 99.61% Space Free | Partition Type: NTFS
Drive F: | 959.97 Mb Total Space | 528.50 Mb Free Space | 55.05% Space Free | Partition Type: FAT
Drive G: | 465.76 Gb Total Space | 406.15 Gb Free Space | 87.20% Space Free | Partition Type: NTFS

Computer Name: MAINCOMPUTER | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/11 20:56:00 | 000,602,624 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/12/20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\iexplore.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/08/19 12:06:42 | 000,068,608 | ---- | M] () -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
PRC - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/03/31 08:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2009/02/15 23:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/15 23:10:22 | 000,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/27 15:31:55 | 001,097,216 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2007/11/26 14:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2007/11/26 14:47:30 | 001,206,600 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\wwDisp.exe
PRC - [2006/02/16 10:56:04 | 000,040,960 | ---- | M] () -- C:\Program Files\JAM Software\SpamAware\SpamAwareOELauncher.exe
PRC - [2005/09/03 15:18:30 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005/06/10 09:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/12/01 09:07:20 | 000,139,264 | ---- | M] (OTi) -- C:\WINDOWS\system32\UStorSrv.exe
PRC - [2000/11/17 01:02:00 | 000,114,688 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe


========== Modules (SafeList) ==========

MOD - [2011/02/11 20:56:00 | 000,602,624 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/05/03 21:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/19 12:06:42 | 000,068,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe -- (Autodata Limited License Service)
SRV - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 20:52:02 | 001,263,728 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/08/24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010\Dfsdks.exe -- (DfSdkS)
SRV - [2009/03/31 08:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/02/15 23:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/04/07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/03/27 15:31:55 | 001,097,216 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2007/11/26 14:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/07/17 18:06:25 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2005/01/26 14:30:04 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/01/26 14:25:34 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/01/26 14:20:14 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2004/12/01 09:07:20 | 000,139,264 | ---- | M] (OTi) [Auto | Running] -- C:\WINDOWS\System32\UStorSrv.exe -- (UStorage Server Service)
SRV - [2000/11/17 01:02:00 | 000,114,688 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)


========== Driver Services (SafeList) ==========

DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/05/23 17:40:03 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/02/04 15:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/03/31 08:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 09:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 09:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 09:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009/02/15 23:10:26 | 000,353,672 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/11/17 01:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008/04/13 18:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 18:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 18:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/27 15:31:54 | 000,138,752 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2007/11/06 16:24:31 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2007/09/17 14:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/07/03 15:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 15:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 15:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/06/05 10:56:40 | 000,044,928 | ---- | M] (Panda Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SDTHOOK.SYS -- (SDTHOOK)
DRV - [2006/09/28 17:33:08 | 000,040,960 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P2k.sys -- (P2k)
DRV - [2006/09/12 19:07:36 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/06/08 18:55:50 | 000,005,632 | ---- | M] (Motorola INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2006/02/10 17:19:12 | 001,107,224 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/12 21:29:38 | 000,013,568 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wsp_pkt.sys -- (wsppkt)
DRV - [2006/01/12 21:27:16 | 000,013,696 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hnm_wrls_pkt.sys -- (hnmwrlspkt)
DRV - [2006/01/12 21:26:10 | 000,013,312 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/12 02:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 04:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/08/06 03:06:32 | 000,028,704 | R--- | M] (USB World) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb2vcom.sys -- (usb2vcom)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/09 08:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
DRV - [2003/12/08 10:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 10:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5060912
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5060912

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.talktalk.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2


[2008/11/22 15:58:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2008/11/22 15:58:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

O1 HOSTS File: ([2008/03/07 15:16:49 | 000,000,698 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [SpamAwareOELauncher] C:\Program Files\JAM Software\SpamAware\SpamAwareOELauncher.exe ()
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe (Webroot Software, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Chris\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Chris\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: learndirect.co.uk ([courses] http in Trusted sites)
O15 - HKCU\..Trusted Domains: learndirect.co.uk ([www.laser] http in Trusted sites)
O15 - HKCU\..Trusted Domains: learndirect-skills.co.uk ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tiscali.co.uk ([www] http in Trusted sites)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zon...kr.cab31267.cab (Checkers Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.euro....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macr...re/awswax70.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} http://www.digitalwe...er/dbplugin.cab (dnlplayer Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zon...er.cab31267.cab (Minesweeper Flags Class)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by118fd.bay11...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1163005175703 (MUWebControl Class)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab53083.cab (ZoneIntro Class)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} http://www.asda-phot...opcuploader.cab (Image Uploader 3.0 Control)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game11.zylom....gamesplayer.cab (Zylom Games Player)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://gamenextus.ob...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://register3.va...OCX/FlashAX.cab (FlashXControl Object)
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} http://www.asda-phot...pv2.0.0.12.cab? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk F:\
O33 - MountPoints2\{6ef4f2a1-80cc-11dc-8e2c-001676a44b53}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{c79e6c44-d33b-11dd-beb1-001676a44b53}\Shell\AutoRun\command - "" = F:\wd_windows_tools\WDSetup.exe
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/10 20:37:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\dLlLaJi06511
[2011/02/05 14:06:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\Recent
[2011/01/27 18:47:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Malwarebytes
[2011/01/27 18:46:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/27 18:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/27 18:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/27 18:46:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/27 18:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/11 21:40:23 | 105,939,812 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/11 21:33:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/11 21:33:14 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/02/11 21:32:18 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/11 21:31:16 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/11 21:30:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/11 21:30:57 | 526,536,704 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/11 21:19:19 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/11 21:06:31 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/02/10 20:52:08 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/02/10 11:25:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/02/10 09:52:04 | 000,301,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/09 22:11:35 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/05 17:52:11 | 128,971,082 | ---- | M] () -- C:\SYM_REGISTRY_BACKUP.reg
[2011/02/05 14:35:22 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/04 17:46:52 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/27 21:46:49 | 000,013,744 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\cc_20110127_214633.reg
[2011/01/27 18:30:36 | 000,001,702 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\scan270111.csv
[2011/01/27 10:31:22 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/01/24 10:59:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Chris\Ÿ;Ÿ;
[2011/01/20 18:41:25 | 000,137,321 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/01/19 20:37:26 | 000,040,189 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\invite4.jpg
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/11 21:06:31 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/02/11 20:02:06 | 526,536,704 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/09 22:05:21 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/02/05 17:51:38 | 128,971,082 | ---- | C] () -- C:\SYM_REGISTRY_BACKUP.reg
[2011/01/27 21:46:41 | 000,013,744 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\cc_20110127_214633.reg
[2011/01/27 18:46:59 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/27 18:30:36 | 000,001,702 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\scan270111.csv
[2011/01/24 10:59:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Chris\Ÿ;Ÿ;
[2011/01/19 20:37:26 | 000,040,189 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\invite4.jpg
[2010/08/31 15:45:22 | 000,000,120 | ---- | C] () -- C:\WINDOWS\WINRESAZ.INI
[2010/08/19 14:22:13 | 000,002,215 | ---- | C] () -- C:\WINDOWS\CDPR.INI
[2010/06/21 21:00:48 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/05/23 17:18:26 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/05/23 17:18:26 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/05/23 17:18:10 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\$_hpcst$.hpc
[2009/07/09 17:09:28 | 000,000,207 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
[2009/06/07 16:05:02 | 000,000,121 | ---- | C] () -- C:\WINDOWS\AndreaMosaic.INI
[2009/01/28 18:54:38 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\dvd.bmk
[2009/01/06 18:59:06 | 000,003,120 | ---- | C] () -- C:\WINDOWS\System32\ade3a3b7-efaa-4bb6-a44e-1be50229e465.dll
[2009/01/06 07:37:55 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\FASTWiz.html
[2009/01/06 07:32:17 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\FASTApp.html
[2009/01/06 07:28:48 | 000,061,378 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\FASTWiz.log
[2009/01/05 21:01:58 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/22 14:26:15 | 000,000,197 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2008/10/18 19:50:33 | 000,000,036 | ---- | C] () -- C:\WINDOWS\rasqervy.dll
[2008/10/18 19:50:22 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sdfinacs.dll
[2008/10/18 19:50:04 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sdfixwcs.dll
[2008/08/15 11:58:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/08/15 11:35:44 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/01/10 08:02:44 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\OPDSL.DLL
[2007/09/25 13:39:28 | 000,172,112 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll
[2007/09/05 15:34:07 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2007/08/02 14:43:24 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/06/24 15:17:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\webica.ini
[2007/05/13 19:58:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2007/04/12 16:58:57 | 000,001,663 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/04/01 18:23:13 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat
[2007/04/01 15:36:33 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/02/14 20:10:05 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Auto-Run.INI
[2007/01/16 19:34:34 | 001,601,536 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\SecureTraveler.exe
[2007/01/12 12:11:58 | 000,000,072 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2007/01/03 12:40:21 | 000,005,949 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/01/02 13:19:58 | 000,027,764 | ---- | C] () -- C:\WINDOWS\MiniCarRacing.ini
[2006/11/28 19:08:12 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/11/06 18:31:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/31 20:37:47 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/04 20:34:30 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/30 20:13:33 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.ini
[2006/09/20 18:25:45 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\D7AED2FEC7.sys
[2006/09/19 20:38:48 | 000,003,450 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\wklnhst.dat
[2006/09/17 19:41:38 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/17 19:41:38 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\C7FED2AED7.sys
[2006/09/17 12:41:04 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2006/09/12 19:16:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/12 19:13:08 | 000,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2006/09/12 19:10:52 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/12 19:05:26 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/09/12 18:38:04 | 000,000,475 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/04/27 18:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/10/24 15:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll

========== LOP Check ==========

[2010/12/31 10:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2008/09/02 18:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/05/25 16:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylona
[2007/01/28 19:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/10/10 13:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chat Republic Games
[2010/12/20 14:24:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/11 21:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dLlLaJi06511
[2007/02/23 16:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\exiteachcoolsoftware
[2008/06/12 21:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/09/20 12:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2007/03/09 20:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/12/31 10:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/02/03 18:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/05/23 17:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2006/10/02 18:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QubeSoft
[2009/07/04 11:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2009/01/11 13:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/09/12 19:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/22 19:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/24 18:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/06/15 18:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/18 20:48:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/03/21 19:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/22 08:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/01/27 17:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Aktaim
[2007/08/31 15:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Alien Skin
[2010/12/20 14:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\AVG10
[2008/11/08 20:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Azureus
[2010/05/25 16:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Babylona
[2011/01/03 16:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\DVDVideoSoft
[2010/07/28 18:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\DVDVideoSoftIEHelpers
[2008/06/15 17:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\flightgear.org
[2008/09/14 18:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\ICAClient
[2011/01/03 16:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\ImgBurn
[2010/08/09 14:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Kupi
[2006/09/15 12:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Leadertech
[2007/10/20 14:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Microgaming
[2008/04/05 15:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\MSNInstaller
[2009/02/03 19:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\NCH Swift Sound
[2008/06/18 17:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PacificPoker
[2010/05/23 17:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PC Suite
[2010/12/15 17:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PriceGong
[2010/02/07 21:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PrimoPDF
[2010/05/23 17:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Samsung
[2008/01/10 17:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\SEGA
[2009/10/24 16:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Spyware Terminator
[2007/08/29 13:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Teleca
[2006/09/19 20:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Template
[2008/11/22 15:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\TomTom
[2010/09/06 17:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Uqocb
[2010/12/18 10:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\uTorrent
[2011/01/27 18:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Ymmiqi
[2011/02/10 20:52:08 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9482CFB4

< End of report >

OTL logfile created on: 11/02/2011 21:55:33 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = F:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

502.00 Mb Total Physical Memory | 115.00 Mb Available Physical Memory | 23.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.70 Gb Total Space | 19.07 Gb Free Space | 36.19% Space Free | Partition Type: NTFS
Drive D: | 18.61 Gb Total Space | 18.53 Gb Free Space | 99.61% Space Free | Partition Type: NTFS
Drive F: | 959.97 Mb Total Space | 528.50 Mb Free Space | 55.05% Space Free | Partition Type: FAT
Drive G: | 465.76 Gb Total Space | 406.15 Gb Free Space | 87.20% Space Free | Partition Type: NTFS

Computer Name: MAINCOMPUTER | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/11 20:56:00 | 000,602,624 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/12/20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\iexplore.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/08/19 12:06:42 | 000,068,608 | ---- | M] () -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
PRC - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/03/31 08:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2009/02/15 23:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/15 23:10:22 | 000,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/27 15:31:55 | 001,097,216 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2007/11/26 14:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2007/11/26 14:47:30 | 001,206,600 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\wwDisp.exe
PRC - [2006/02/16 10:56:04 | 000,040,960 | ---- | M] () -- C:\Program Files\JAM Software\SpamAware\SpamAwareOELauncher.exe
PRC - [2005/09/03 15:18:30 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005/06/10 09:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/12/01 09:07:20 | 000,139,264 | ---- | M] (OTi) -- C:\WINDOWS\system32\UStorSrv.exe
PRC - [2000/11/17 01:02:00 | 000,114,688 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe


========== Modules (SafeList) ==========

MOD - [2011/02/11 20:56:00 | 000,602,624 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/05/03 21:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/19 12:06:42 | 000,068,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe -- (Autodata Limited License Service)
SRV - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 20:52:02 | 001,263,728 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/08/24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010\Dfsdks.exe -- (DfSdkS)
SRV - [2009/03/31 08:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/02/15 23:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/04/07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/03/27 15:31:55 | 001,097,216 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2007/11/26 14:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/07/17 18:06:25 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2005/01/26 14:30:04 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/01/26 14:25:34 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/01/26 14:20:14 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2004/12/01 09:07:20 | 000,139,264 | ---- | M] (OTi) [Auto | Running] -- C:\WINDOWS\System32\UStorSrv.exe -- (UStorage Server Service)
SRV - [2000/11/17 01:02:00 | 000,114,688 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)


========== Driver Services (SafeList) ==========

DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/05/23 17:40:03 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/02/04 15:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/03/31 08:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 09:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 09:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 09:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009/02/15 23:10:26 | 000,353,672 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/11/17 01:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008/04/13 18:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 18:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 18:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/27 15:31:54 | 000,138,752 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2007/11/06 16:24:31 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2007/09/17 14:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/07/03 15:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 15:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 15:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/06/05 10:56:40 | 000,044,928 | ---- | M] (Panda Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SDTHOOK.SYS -- (SDTHOOK)
DRV - [2006/09/28 17:33:08 | 000,040,960 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P2k.sys -- (P2k)
DRV - [2006/09/12 19:07:36 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/06/08 18:55:50 | 000,005,632 | ---- | M] (Motorola INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2006/02/10 17:19:12 | 001,107,224 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/12 21:29:38 | 000,013,568 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wsp_pkt.sys -- (wsppkt)
DRV - [2006/01/12 21:27:16 | 000,013,696 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hnm_wrls_pkt.sys -- (hnmwrlspkt)
DRV - [2006/01/12 21:26:10 | 000,013,312 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/12 02:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 04:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/08/06 03:06:32 | 000,028,704 | R--- | M] (USB World) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb2vcom.sys -- (usb2vcom)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/09 08:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
DRV - [2003/12/08 10:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 10:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5060912
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5060912

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.talktalk.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2


[2008/11/22 15:58:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2008/11/22 15:58:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

O1 HOSTS File: ([2008/03/07 15:16:49 | 000,000,698 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [SpamAwareOELauncher] C:\Program Files\JAM Software\SpamAware\SpamAwareOELauncher.exe ()
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe (Webroot Software, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Chris\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Chris\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: learndirect.co.uk ([courses] http in Trusted sites)
O15 - HKCU\..Trusted Domains: learndirect.co.uk ([www.laser] http in Trusted sites)
O15 - HKCU\..Trusted Domains: learndirect-skills.co.uk ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tiscali.co.uk ([www] http in Trusted sites)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zon...kr.cab31267.cab (Checkers Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.euro....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macr...re/awswax70.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} http://www.digitalwe...er/dbplugin.cab (dnlplayer Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zon...er.cab31267.cab (Minesweeper Flags Class)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by118fd.bay11...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1163005175703 (MUWebControl Class)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab53083.cab (ZoneIntro Class)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} http://www.asda-phot...opcuploader.cab (Image Uploader 3.0 Control)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game11.zylom....gamesplayer.cab (Zylom Games Player)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://gamenextus.ob...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://register3.va...OCX/FlashAX.cab (FlashXControl Object)
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} http://www.asda-phot...pv2.0.0.12.cab? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk F:\
O33 - MountPoints2\{6ef4f2a1-80cc-11dc-8e2c-001676a44b53}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{c79e6c44-d33b-11dd-beb1-001676a44b53}\Shell\AutoRun\command - "" = F:\wd_windows_tools\WDSetup.exe
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/10 20:37:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\dLlLaJi06511
[2011/02/05 14:06:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\Recent
[2011/01/27 18:47:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Malwarebytes
[2011/01/27 18:46:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/27 18:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/27 18:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/27 18:46:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/27 18:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/11 21:40:23 | 105,939,812 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/11 21:33:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/11 21:33:14 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/02/11 21:32:18 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/11 21:31:16 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/11 21:30:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/11 21:30:57 | 526,536,704 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/11 21:19:19 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/11 21:06:31 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/02/10 20:52:08 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/02/10 11:25:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/02/10 09:52:04 | 000,301,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/09 22:11:35 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/05 17:52:11 | 128,971,082 | ---- | M] () -- C:\SYM_REGISTRY_BACKUP.reg
[2011/02/05 14:35:22 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/04 17:46:52 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/27 21:46:49 | 000,013,744 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\cc_20110127_214633.reg
[2011/01/27 18:30:36 | 000,001,702 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\scan270111.csv
[2011/01/27 10:31:22 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/01/24 10:59:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Chris\Ÿ;Ÿ;
[2011/01/20 18:41:25 | 000,137,321 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/01/19 20:37:26 | 000,040,189 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\invite4.jpg
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/11 21:06:31 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/02/11 20:02:06 | 526,536,704 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/09 22:05:21 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/02/05 17:51:38 | 128,971,082 | ---- | C] () -- C:\SYM_REGISTRY_BACKUP.reg
[2011/01/27 21:46:41 | 000,013,744 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\cc_20110127_214633.reg
[2011/01/27 18:46:59 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/27 18:30:36 | 000,001,702 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\scan270111.csv
[2011/01/24 10:59:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Chris\Ÿ;Ÿ;
[2011/01/19 20:37:26 | 000,040,189 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\invite4.jpg
[2010/08/31 15:45:22 | 000,000,120 | ---- | C] () -- C:\WINDOWS\WINRESAZ.INI
[2010/08/19 14:22:13 | 000,002,215 | ---- | C] () -- C:\WINDOWS\CDPR.INI
[2010/06/21 21:00:48 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/05/23 17:18:26 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/05/23 17:18:26 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/05/23 17:18:10 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\$_hpcst$.hpc
[2009/07/09 17:09:28 | 000,000,207 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
[2009/06/07 16:05:02 | 000,000,121 | ---- | C] () -- C:\WINDOWS\AndreaMosaic.INI
[2009/01/28 18:54:38 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\dvd.bmk
[2009/01/06 18:59:06 | 000,003,120 | ---- | C] () -- C:\WINDOWS\System32\ade3a3b7-efaa-4bb6-a44e-1be50229e465.dll
[2009/01/06 07:37:55 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\FASTWiz.html
[2009/01/06 07:32:17 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\FASTApp.html
[2009/01/06 07:28:48 | 000,061,378 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\FASTWiz.log
[2009/01/05 21:01:58 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/22 14:26:15 | 000,000,197 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2008/10/18 19:50:33 | 000,000,036 | ---- | C] () -- C:\WINDOWS\rasqervy.dll
[2008/10/18 19:50:22 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sdfinacs.dll
[2008/10/18 19:50:04 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sdfixwcs.dll
[2008/08/15 11:58:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/08/15 11:35:44 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/01/10 08:02:44 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\OPDSL.DLL
[2007/09/25 13:39:28 | 000,172,112 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll
[2007/09/05 15:34:07 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2007/08/02 14:43:24 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/06/24 15:17:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\webica.ini
[2007/05/13 19:58:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2007/04/12 16:58:57 | 000,001,663 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/04/01 18:23:13 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat
[2007/04/01 15:36:33 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/02/14 20:10:05 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Auto-Run.INI
[2007/01/16 19:34:34 | 001,601,536 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\SecureTraveler.exe
[2007/01/12 12:11:58 | 000,000,072 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2007/01/03 12:40:21 | 000,005,949 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/01/02 13:19:58 | 000,027,764 | ---- | C] () -- C:\WINDOWS\MiniCarRacing.ini
[2006/11/28 19:08:12 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/11/06 18:31:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/31 20:37:47 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/04 20:34:30 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/30 20:13:33 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.ini
[2006/09/20 18:25:45 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\D7AED2FEC7.sys
[2006/09/19 20:38:48 | 000,003,450 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\wklnhst.dat
[2006/09/17 19:41:38 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/17 19:41:38 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\C7FED2AED7.sys
[2006/09/17 12:41:04 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2006/09/12 19:16:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/12 19:13:08 | 000,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2006/09/12 19:10:52 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/12 19:05:26 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/09/12 18:38:04 | 000,000,475 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/04/27 18:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/10/24 15:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll

========== LOP Check ==========

[2010/12/31 10:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2008/09/02 18:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/05/25 16:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylona
[2007/01/28 19:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/10/10 13:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chat Republic Games
[2010/12/20 14:24:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/11 21:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dLlLaJi06511
[2007/02/23 16:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\exiteachcoolsoftware
[2008/06/12 21:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/09/20 12:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2007/03/09 20:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/12/31 10:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/02/03 18:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/05/23 17:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2006/10/02 18:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QubeSoft
[2009/07/04 11:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2009/01/11 13:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/09/12 19:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/22 19:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/24 18:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/06/15 18:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/18 20:48:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/03/21 19:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/22 08:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/01/27 17:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Aktaim
[2007/08/31 15:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Alien Skin
[2010/12/20 14:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\AVG10
[2008/11/08 20:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Azureus
[2010/05/25 16:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Babylona
[2011/01/03 16:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\DVDVideoSoft
[2010/07/28 18:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\DVDVideoSoftIEHelpers
[2008/06/15 17:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\flightgear.org
[2008/09/14 18:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\ICAClient
[2011/01/03 16:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\ImgBurn
[2010/08/09 14:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Kupi
[2006/09/15 12:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Leadertech
[2007/10/20 14:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Microgaming
[2008/04/05 15:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\MSNInstaller
[2009/02/03 19:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\NCH Swift Sound
[2008/06/18 17:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PacificPoker
[2010/05/23 17:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PC Suite
[2010/12/15 17:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PriceGong
[2010/02/07 21:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PrimoPDF
[2010/05/23 17:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Samsung
[2008/01/10 17:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\SEGA
[2009/10/24 16:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Spyware Terminator
[2007/08/29 13:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Teleca
[2006/09/19 20:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Template
[2008/11/22 15:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\TomTom
[2010/09/06 17:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Uqocb
[2010/12/18 10:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\uTorrent
[2011/01/27 18:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Ymmiqi
[2011/02/10 20:52:08 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9482CFB4

< End of report >
  • 0

Advertisements

#2
Salagubang
Posted 18 February 2011 - 02:10 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi crisg6152,

Sorry for the delay.

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

+++++++++++++++++++++++++++++++++++++++++++

Posted Image ERUNT - Download here
Removing modern malware infections often requires making changes to the registry, and a corrupt registry can prevent a system from booting. Compatible with Windows NT, 2000, 2003, XP, Vista, 32 & 64-bit versions. To ensure that we have a valid registry backup. Install and run ERUNT (Emergency Recovery Utility NT) which will allows you to store a complete backup of your registry and restore if needed.
  • Download ERUNT
  • Double-click erunt_setup.exe to run.
  • Follow the prompts and install using the default configuration (setup language, install location, shortcuts...).
  • Say No to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later.
    Posted Image
  • Start ERUNT
  • Choose a location for the backup
    The default location C:\WINDOWS\ERDNT\[today's date] is preferred
    Posted Image
  • The first two check boxes are ticked by default (System registry and Current user registry).
  • Press OK
  • When prompted, click YES to create a new folder.
  • Progress bars will show backup status.
  • A confirmation window will popup when complete. Click OK to close.

+++++++++++++++++++++++++++++++++++++++++++

Logs are a bit stale. We need a fresh scan.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Select All Users
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the
    Quick Scan
    button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Next

GMER Rootkit Scanner
  • Posted Image GMER Rootkit Scanner - Download - Homepage
  • Download GMER
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)

    NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.

    Posted Image
    Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.

**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.


  • 0

#3
chrisg6152
Posted 18 February 2011 - 10:36 AM

chrisg6152

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Hi Salagubang and thanks for taking the time to help me out.

Varying degrees of success I'm afraid.

I ran the OTL scan as directed, but on completion there was only one txt file produced. I shall copy it to the end of this post. No Extras text file could be found.

The GMER scan was a disaster!! Everytime I tried to run it, it would attempt to start, screen would go black momentarily and then I get a Blue Screen Of Death. (One of the top lines of text mentioned BAD_POOL-HEADER. Not sure if this is relevant)

I tried (several times) to run it in safe mode, but it would start to scan and then freeze, consequently I have been unable to complete the GMER part.

OTL log is as follows (and thanks again for looking)

OTL logfile created on: 18/02/2011 15:20:33 - Run 4
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

502.00 Mb Total Physical Memory | 331.00 Mb Available Physical Memory | 66.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.70 Gb Total Space | 19.30 Gb Free Space | 36.62% Space Free | Partition Type: NTFS
Drive D: | 18.61 Gb Total Space | 18.53 Gb Free Space | 99.61% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 405.15 Gb Free Space | 86.99% Space Free | Partition Type: NTFS

Computer Name: MAINCOMPUTER | User Name: Chris | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Chris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Chris\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Autodata Limited License Service) -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (DfSdkS) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010\Dfsdks.exe (mst software GmbH, Germany)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (UStorage Server Service) -- C:\WINDOWS\System32\UStorSrv.exe (OTi)
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (sp_rsdrv2) -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ()
DRV - (usbsermpt) -- C:\WINDOWS\system32\drivers\usbsermpt.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (SDTHOOK) -- C:\WINDOWS\system32\drivers\SDTHOOK.SYS (Panda Software)
DRV - (P2k) -- C:\WINDOWS\system32\drivers\P2k.sys (Motorola Inc)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (MotoSwitchService) -- C:\WINDOWS\system32\drivers\motswch.sys (Motorola INC.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (wsppkt) -- C:\WINDOWS\system32\drivers\wsp_pkt.sys (SingleClick Systems)
DRV - (hnmwrlspkt) -- C:\WINDOWS\system32\drivers\hnm_wrls_pkt.sys (SingleClick Systems)
DRV - (Packet) -- C:\WINDOWS\system32\drivers\packet.sys (SingleClick Systems)
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (usb2vcom) -- C:\WINDOWS\system32\drivers\usb2vcom.sys (USB World)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SDDMI2) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.)
DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)
DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5060912
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5060912


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5060912
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5060912
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1361399352-1319122780-3995940716-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1361399352-1319122780-3995940716-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1361399352-1319122780-3995940716-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.talktalk.co.uk/
IE - HKU\S-1-5-21-1361399352-1319122780-3995940716-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1361399352-1319122780-3995940716-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1361399352-1319122780-3995940716-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2


[2008/11/22 15:58:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2008/11/22 15:58:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

O1 HOSTS File: ([2008/03/07 15:16:49 | 000,000,698 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-1361399352-1319122780-3995940716-1006\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [SpamAwareOELauncher] C:\Program Files\JAM Software\SpamAware\SpamAwareOELauncher.exe ()
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1361399352-1319122780-3995940716-1006..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1361399352-1319122780-3995940716-1006..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1361399352-1319122780-3995940716-1006..\RunOnce: [Shockwave Updater] File not found
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1361399352-1319122780-3995940716-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1361399352-1319122780-3995940716-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Chris\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Chris\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1361399352-1319122780-3995940716-1006\..Trusted Domains: learndirect.co.uk ([courses] http in Trusted sites)
O15 - HKU\S-1-5-21-1361399352-1319122780-3995940716-1006\..Trusted Domains: learndirect.co.uk ([www.laser] http in Trusted sites)
O15 - HKU\S-1-5-21-1361399352-1319122780-3995940716-1006\..Trusted Domains: learndirect-skills.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1361399352-1319122780-3995940716-1006\..Trusted Domains: tiscali.co.uk ([www] http in Trusted sites)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zon...kr.cab31267.cab (Checkers Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.euro....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macr...re/awswax70.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} http://www.digitalwe...er/dbplugin.cab (dnlplayer Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zon...er.cab31267.cab (Minesweeper Flags Class)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by118fd.bay11...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1163005175703 (MUWebControl Class)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab53083.cab (ZoneIntro Class)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} http://www.asda-phot...opcuploader.cab (Image Uploader 3.0 Control)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game11.zylom....gamesplayer.cab (Zylom Games Player)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://gamenextus.ob...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://register3.va...OCX/FlashAX.cab (FlashXControl Object)
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} http://www.asda-phot...pv2.0.0.12.cab? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6ef4f2a1-80cc-11dc-8e2c-001676a44b53}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{c79e6c44-d33b-11dd-beb1-001676a44b53}\Shell\AutoRun\command - "" = F:\wd_windows_tools\WDSetup.exe
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux1 - C:\WINDOWS\System32\c_206453.nls ()
Drivers32: aux2 - C:\WINDOWS\System32\c_206453.nls ()
Drivers32: midi1 - C:\WINDOWS\System32\c_206453.nls ()
Drivers32: midi2 - C:\WINDOWS\System32\c_206453.nls ()
Drivers32: mixer1 - C:\WINDOWS\System32\c_206453.nls ()
Drivers32: mixer2 - C:\WINDOWS\System32\c_206453.nls ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - xvidvfw.dll File not found
Drivers32: wave1 - C:\WINDOWS\System32\c_206453.nls ()
Drivers32: wave2 - C:\WINDOWS\System32\c_206453.nls ()

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpReg: AOL Spyware Protection - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: AOLDialer - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig - StartUpReg: Corel Photo Downloader - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: DMXLauncher - hkey= - key= - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA5ED9D8-E49F-74FF-5203-59B913335DBF} - Security Update for Microsoft .NET Framework 2.0 (KB922770)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

========== Files/Folders - Created Within 30 Days ==========

[2011/02/18 13:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/02/18 13:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/02/13 17:19:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\Recent
[2011/02/13 16:53:32 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2011/02/12 13:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Sugoyp
[2011/02/12 13:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Efalf
[2011/02/10 20:37:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\dLlLaJi06511
[2011/01/27 18:47:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Malwarebytes
[2011/01/27 18:46:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/27 18:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/27 18:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/27 18:46:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/27 18:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/18 15:09:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/18 15:06:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/18 15:06:40 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/02/18 15:05:33 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/18 13:35:41 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\gmer.exe
[2011/02/18 13:32:07 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/18 13:08:55 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\NTREGOPT.lnk
[2011/02/18 13:08:55 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\ERUNT.lnk
[2011/02/18 13:02:53 | 106,441,091 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/17 20:52:11 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/02/17 11:25:03 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/02/13 17:19:40 | 000,003,298 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\cc_20110213_171937.reg
[2011/02/13 16:53:34 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2011/02/11 21:19:19 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/11 21:06:31 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/02/10 09:52:04 | 000,301,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/05 17:52:11 | 128,971,082 | ---- | M] () -- C:\SYM_REGISTRY_BACKUP.reg
[2011/02/05 14:35:22 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/04 17:46:52 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/27 21:46:49 | 000,013,744 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\cc_20110127_214633.reg
[2011/01/27 18:30:36 | 000,001,702 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\scan270111.csv
[2011/01/27 10:31:22 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/01/24 10:59:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Chris\Ÿ;Ÿ;
[2011/01/20 18:41:25 | 000,137,321 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/01/19 20:37:26 | 000,040,189 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\invite4.jpg
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/18 13:08:55 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\NTREGOPT.lnk
[2011/02/18 13:08:55 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\ERUNT.lnk
[2011/02/13 17:19:38 | 000,003,298 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\cc_20110213_171937.reg
[2011/02/11 21:06:31 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/02/05 17:51:38 | 128,971,082 | ---- | C] () -- C:\SYM_REGISTRY_BACKUP.reg
[2011/01/27 21:46:41 | 000,013,744 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\cc_20110127_214633.reg
[2011/01/27 18:46:59 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/27 18:30:36 | 000,001,702 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\scan270111.csv
[2011/01/24 10:59:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Chris\Ÿ;Ÿ;
[2011/01/19 20:37:26 | 000,040,189 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\invite4.jpg
[2010/08/31 15:45:22 | 000,000,120 | ---- | C] () -- C:\WINDOWS\WINRESAZ.INI
[2010/08/19 14:22:13 | 000,002,215 | ---- | C] () -- C:\WINDOWS\CDPR.INI
[2010/06/21 21:00:48 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/05/23 17:18:26 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/05/23 17:18:26 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/05/23 17:18:10 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\$_hpcst$.hpc
[2009/07/09 17:09:28 | 000,000,207 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
[2009/06/07 16:05:02 | 000,000,121 | ---- | C] () -- C:\WINDOWS\AndreaMosaic.INI
[2009/01/28 18:54:38 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\dvd.bmk
[2009/01/06 18:59:06 | 000,003,120 | ---- | C] () -- C:\WINDOWS\System32\ade3a3b7-efaa-4bb6-a44e-1be50229e465.dll
[2009/01/06 07:37:55 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\FASTWiz.html
[2009/01/06 07:32:17 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\FASTApp.html
[2009/01/06 07:28:48 | 000,061,378 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\FASTWiz.log
[2009/01/05 21:01:58 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/22 14:26:15 | 000,000,197 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2008/10/18 19:50:33 | 000,000,036 | ---- | C] () -- C:\WINDOWS\rasqervy.dll
[2008/10/18 19:50:22 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sdfinacs.dll
[2008/10/18 19:50:04 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sdfixwcs.dll
[2008/08/15 11:58:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/08/15 11:35:44 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/01/10 08:02:44 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\OPDSL.DLL
[2007/09/25 13:39:28 | 000,172,112 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll
[2007/09/05 15:34:07 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2007/08/02 14:43:24 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/06/24 15:17:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\webica.ini
[2007/05/13 19:58:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2007/04/12 16:58:57 | 000,001,663 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/04/01 18:23:13 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat
[2007/04/01 15:36:33 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/02/14 20:10:05 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Auto-Run.INI
[2007/01/16 19:34:34 | 001,601,536 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\SecureTraveler.exe
[2007/01/12 12:11:58 | 000,000,072 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2007/01/03 12:40:21 | 000,005,949 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/01/02 13:19:58 | 000,027,764 | ---- | C] () -- C:\WINDOWS\MiniCarRacing.ini
[2006/11/28 19:08:12 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/11/06 18:31:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/31 20:37:47 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/04 20:34:30 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/30 20:13:33 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.ini
[2006/09/20 18:25:45 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\D7AED2FEC7.sys
[2006/09/19 20:38:48 | 000,003,450 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\wklnhst.dat
[2006/09/17 19:41:38 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/17 19:41:38 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\C7FED2AED7.sys
[2006/09/17 12:41:04 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2006/09/12 19:16:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/12 19:13:08 | 000,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2006/09/12 19:10:52 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/12 19:05:26 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/09/12 18:38:04 | 000,000,475 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/04/27 18:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/10/24 15:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll

========== LOP Check ==========

[2008/02/25 18:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Grisoft
[2010/12/31 10:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2008/09/02 18:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/05/25 16:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylona
[2007/01/28 19:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/10/10 13:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chat Republic Games
[2010/12/20 14:24:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/11 21:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dLlLaJi06511
[2007/02/23 16:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\exiteachcoolsoftware
[2008/06/12 21:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/09/20 12:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2007/03/09 20:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/12/31 10:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/02/03 18:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/05/23 17:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2006/10/02 18:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QubeSoft
[2009/07/04 11:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2009/01/11 13:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/09/12 19:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/22 19:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/24 18:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/06/15 18:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/18 20:48:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/03/21 19:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/22 08:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/08/22 14:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chloe\Application Data\Alien Skin
[2008/02/25 07:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chloe\Application Data\Grisoft
[2007/12/15 12:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chloe\Application Data\IMVU
[2007/08/31 17:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chloe\Application Data\Leadertech
[2006/11/19 16:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chloe\Application Data\MSNInstaller
[2007/09/28 15:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chloe\Application Data\Opera
[2007/08/18 20:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chloe\Application Data\Screenshot Sender
[2009/12/23 15:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chloe\Application Data\Spyware Terminator
[2006/09/18 15:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chloe\Application Data\Template
[2011/01/27 17:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Aktaim
[2007/08/31 15:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Alien Skin
[2010/12/20 14:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\AVG10
[2008/11/08 20:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Azureus
[2010/05/25 16:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Babylona
[2011/01/03 16:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\DVDVideoSoft
[2010/07/28 18:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\DVDVideoSoftIEHelpers
[2011/02/13 15:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Efalf
[2008/06/15 17:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\flightgear.org
[2008/09/14 18:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\ICAClient
[2011/01/03 16:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\ImgBurn
[2010/08/09 14:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Kupi
[2006/09/15 12:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Leadertech
[2007/10/20 14:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Microgaming
[2008/04/05 15:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\MSNInstaller
[2009/02/03 19:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\NCH Swift Sound
[2008/06/18 17:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PacificPoker
[2010/05/23 17:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PC Suite
[2010/12/15 17:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PriceGong
[2010/02/07 21:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PrimoPDF
[2010/05/23 17:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Samsung
[2008/01/10 17:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\SEGA
[2009/10/24 16:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Spyware Terminator
[2011/02/13 10:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Sugoyp
[2007/08/29 13:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Teleca
[2006/09/19 20:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Template
[2008/11/22 15:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\TomTom
[2010/09/06 17:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Uqocb
[2010/12/18 10:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\uTorrent
[2011/01/27 18:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Ymmiqi
[2010/08/26 09:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clair\Application Data\Spyware Terminator
[2006/09/17 12:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clair\Application Data\Template
[2007/03/13 20:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Spyware Terminator
[2008/03/04 18:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Grisoft
[2009/03/02 18:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\SEGA
[2010/08/27 14:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Spyware Terminator
[2011/02/17 20:52:11 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9482CFB4

< End of report >
  • 0

#4
Salagubang
Posted 18 February 2011 - 04:29 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi,

Please follow my instructions below.

Step One

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
[2011/02/12 13:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Sugoyp
[2011/02/12 13:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Efalf
[2011/02/10 20:37:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\dLlLaJi06511
[2011/01/24 10:59:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Chris\Ÿ;Ÿ;
[2011/02/11 21:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dLlLaJi06511

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step Two

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If a Malicious file is detected, the default action will be Cure, click on Continue
  • If a Suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Step Three

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image
  • 0

#5
chrisg6152
Posted 19 February 2011 - 07:01 AM

chrisg6152

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Hi Salagubang, thanks for the prompt respose to my last post.

More successful this time! All the steps ran ok - here are the logs/folders as requested

OTL Log after fix

All processes killed
========== OTL ==========
C:\Documents and Settings\Chris\Application Data\Sugoyp folder moved successfully.
C:\Documents and Settings\Chris\Application Data\Efalf folder moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\dLlLaJi06511\ not found.
C:\Documents and Settings\Chris\Ÿ;Ÿ; moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\dLlLaJi06511\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 405 bytes

User: All Users

User: Chloe
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1296 bytes

User: Chris
->Temp folder emptied: 27302344 bytes
->Temporary Internet Files folder emptied: 4196205 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 110795 bytes

User: Clair
->Temp folder emptied: 1881740 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 405 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 348 bytes

User: Max
->Temp folder emptied: 34675126 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 16075 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 579642 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 398411 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 74813144 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2404910 bytes

Total Files Cleaned = 140.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Chloe
->Flash cache emptied: 0 bytes

User: Chris
->Flash cache emptied: 0 bytes

User: Clair
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: Max
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.20.6 log created on 02192011_091010

Files\Folders moved on Reboot...
C:\Documents and Settings\Chris\Local Settings\Temp\~DF1249.tmp moved successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\XFF8TWLI\ads[1].htm moved successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\7426LGXE\ads[1].htm moved successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\1VUN6LKY\page__pid__1967567[1].htm moved successfully.
File\Folder C:\WINDOWS\temp\ZLT07f30.TMP not found!

Registry entries deleted on Reboot...


OTL Quick Scan Log

OTL logfile created on: 19/02/2011 09:25:54 - Run 6
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

502.00 Mb Total Physical Memory | 53.00 Mb Available Physical Memory | 11.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.70 Gb Total Space | 18.81 Gb Free Space | 35.69% Space Free | Partition Type: NTFS
Drive D: | 18.61 Gb Total Space | 18.53 Gb Free Space | 99.61% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 405.15 Gb Free Space | 86.99% Space Free | Partition Type: NTFS

Computer Name: MAINCOMPUTER | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Chris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
PRC - C:\Program Files\JAM Software\SpamAware\SpamAwareOELauncher.exe ()
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\WINDOWS\system32\UStorSrv.exe (OTi)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Chris\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Autodata Limited License Service) -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (DfSdkS) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010\Dfsdks.exe (mst software GmbH, Germany)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (UStorage Server Service) -- C:\WINDOWS\System32\UStorSrv.exe (OTi)
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (sp_rsdrv2) -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ()
DRV - (usbsermpt) -- C:\WINDOWS\system32\drivers\usbsermpt.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (SDTHOOK) -- C:\WINDOWS\system32\drivers\SDTHOOK.SYS (Panda Software)
DRV - (P2k) -- C:\WINDOWS\system32\drivers\P2k.sys (Motorola Inc)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (MotoSwitchService) -- C:\WINDOWS\system32\drivers\motswch.sys (Motorola INC.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (wsppkt) -- C:\WINDOWS\system32\drivers\wsp_pkt.sys (SingleClick Systems)
DRV - (hnmwrlspkt) -- C:\WINDOWS\system32\drivers\hnm_wrls_pkt.sys (SingleClick Systems)
DRV - (Packet) -- C:\WINDOWS\system32\drivers\packet.sys (SingleClick Systems)
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (usb2vcom) -- C:\WINDOWS\system32\drivers\usb2vcom.sys (USB World)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SDDMI2) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.)
DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)
DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5060912
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5060912

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.talktalk.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2


[2008/11/22 15:58:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2008/11/22 15:58:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/02/19 09:10:25 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [SpamAwareOELauncher] C:\Program Files\JAM Software\SpamAware\SpamAwareOELauncher.exe ()
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Chris\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Chris\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: learndirect.co.uk ([courses] http in Trusted sites)
O15 - HKCU\..Trusted Domains: learndirect.co.uk ([www.laser] http in Trusted sites)
O15 - HKCU\..Trusted Domains: learndirect-skills.co.uk ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tiscali.co.uk ([www] http in Trusted sites)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zon...kr.cab31267.cab (Checkers Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.euro....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macr...re/awswax70.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} http://www.digitalwe...er/dbplugin.cab (dnlplayer Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zon...er.cab31267.cab (Minesweeper Flags Class)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by118fd.bay11...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1163005175703 (MUWebControl Class)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab53083.cab (ZoneIntro Class)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} http://www.asda-phot...opcuploader.cab (Image Uploader 3.0 Control)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game11.zylom....gamesplayer.cab (Zylom Games Player)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://gamenextus.ob...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://register3.va...OCX/FlashAX.cab (FlashXControl Object)
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} http://www.asda-phot...pv2.0.0.12.cab? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6ef4f2a1-80cc-11dc-8e2c-001676a44b53}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{c79e6c44-d33b-11dd-beb1-001676a44b53}\Shell\AutoRun\command - "" = F:\wd_windows_tools\WDSetup.exe
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/19 09:10:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/18 13:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/02/18 13:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/02/13 17:19:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\Recent
[2011/02/13 16:53:32 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2011/02/10 20:37:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\dLlLaJi06511
[2011/01/27 18:47:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Malwarebytes
[2011/01/27 18:46:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/27 18:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/27 18:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/27 18:46:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/27 18:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2011/02/19 09:20:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/19 09:20:54 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/19 09:17:27 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/02/19 09:15:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/19 09:15:15 | 526,536,704 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/19 09:10:25 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/02/19 08:40:00 | 106,461,833 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/19 08:32:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/18 13:35:41 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\gmer.exe
[2011/02/18 13:08:55 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\NTREGOPT.lnk
[2011/02/18 13:08:55 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\ERUNT.lnk
[2011/02/17 20:52:11 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/02/17 11:25:03 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/02/13 17:19:40 | 000,003,298 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\cc_20110213_171937.reg
[2011/02/13 16:53:34 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2011/02/11 21:19:19 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/11 21:06:31 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/02/10 09:52:04 | 000,301,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/05 17:52:11 | 128,971,082 | ---- | M] () -- C:\SYM_REGISTRY_BACKUP.reg
[2011/02/05 14:35:22 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/04 17:46:52 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/27 21:46:49 | 000,013,744 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\cc_20110127_214633.reg
[2011/01/27 18:30:36 | 000,001,702 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\scan270111.csv
[2011/01/27 10:31:22 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/01/20 18:41:25 | 000,137,321 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm

========== Files Created - No Company Name ==========

[2011/02/18 15:38:44 | 526,536,704 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/18 13:08:55 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\NTREGOPT.lnk
[2011/02/18 13:08:55 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\ERUNT.lnk
[2011/02/13 17:19:38 | 000,003,298 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\cc_20110213_171937.reg
[2011/02/11 21:06:31 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/02/05 17:51:38 | 128,971,082 | ---- | C] () -- C:\SYM_REGISTRY_BACKUP.reg
[2011/01/27 21:46:41 | 000,013,744 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\cc_20110127_214633.reg
[2011/01/27 18:46:59 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/27 18:30:36 | 000,001,702 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\scan270111.csv
[2010/08/31 15:45:22 | 000,000,120 | ---- | C] () -- C:\WINDOWS\WINRESAZ.INI
[2010/08/19 14:22:13 | 000,002,215 | ---- | C] () -- C:\WINDOWS\CDPR.INI
[2010/06/21 21:00:48 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/05/23 17:18:26 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/05/23 17:18:26 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/05/23 17:18:10 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\$_hpcst$.hpc
[2009/07/09 17:09:28 | 000,000,207 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
[2009/06/07 16:05:02 | 000,000,121 | ---- | C] () -- C:\WINDOWS\AndreaMosaic.INI
[2009/01/28 18:54:38 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\dvd.bmk
[2009/01/06 18:59:06 | 000,003,120 | ---- | C] () -- C:\WINDOWS\System32\ade3a3b7-efaa-4bb6-a44e-1be50229e465.dll
[2009/01/06 07:37:55 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\FASTWiz.html
[2009/01/06 07:32:17 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\FASTApp.html
[2009/01/06 07:28:48 | 000,061,378 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\FASTWiz.log
[2009/01/05 21:01:58 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/22 14:26:15 | 000,000,197 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2008/10/18 19:50:33 | 000,000,036 | ---- | C] () -- C:\WINDOWS\rasqervy.dll
[2008/10/18 19:50:22 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sdfinacs.dll
[2008/10/18 19:50:04 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sdfixwcs.dll
[2008/08/15 11:58:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/08/15 11:35:44 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/01/10 08:02:44 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\OPDSL.DLL
[2007/09/25 13:39:28 | 000,172,112 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll
[2007/09/05 15:34:07 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2007/08/02 14:43:24 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/06/24 15:17:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\webica.ini
[2007/05/13 19:58:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2007/04/12 16:58:57 | 000,001,663 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/04/01 18:23:13 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat
[2007/04/01 15:36:33 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/02/14 20:10:05 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Auto-Run.INI
[2007/01/16 19:34:34 | 001,601,536 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\SecureTraveler.exe
[2007/01/12 12:11:58 | 000,000,072 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2007/01/03 12:40:21 | 000,005,949 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/01/02 13:19:58 | 000,027,764 | ---- | C] () -- C:\WINDOWS\MiniCarRacing.ini
[2006/11/28 19:08:12 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/11/06 18:31:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/31 20:37:47 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/04 20:34:30 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/30 20:13:33 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.ini
[2006/09/20 18:25:45 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\D7AED2FEC7.sys
[2006/09/19 20:38:48 | 000,003,450 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\wklnhst.dat
[2006/09/17 19:41:38 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/17 19:41:38 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\C7FED2AED7.sys
[2006/09/17 12:41:04 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2006/09/12 19:16:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/12 19:13:08 | 000,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2006/09/12 19:10:52 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/12 19:05:26 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/09/12 18:38:04 | 000,000,475 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/04/27 18:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/10/24 15:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll

========== LOP Check ==========

[2010/12/31 10:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2008/09/02 18:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/05/25 16:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylona
[2007/01/28 19:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/10/10 13:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chat Republic Games
[2010/12/20 14:24:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/11 21:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dLlLaJi06511
[2007/02/23 16:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\exiteachcoolsoftware
[2008/06/12 21:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/09/20 12:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2007/03/09 20:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/12/31 10:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/02/03 18:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/05/23 17:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2006/10/02 18:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QubeSoft
[2009/07/04 11:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2009/01/11 13:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/09/12 19:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/22 19:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/24 18:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/06/15 18:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/18 20:48:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/03/21 19:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/22 08:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/01/27 17:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Aktaim
[2007/08/31 15:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Alien Skin
[2010/12/20 14:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\AVG10
[2008/11/08 20:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Azureus
[2010/05/25 16:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Babylona
[2011/01/03 16:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\DVDVideoSoft
[2010/07/28 18:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\DVDVideoSoftIEHelpers
[2008/06/15 17:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\flightgear.org
[2008/09/14 18:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\ICAClient
[2011/01/03 16:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\ImgBurn
[2010/08/09 14:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Kupi
[2006/09/15 12:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Leadertech
[2007/10/20 14:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Microgaming
[2008/04/05 15:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\MSNInstaller
[2009/02/03 19:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\NCH Swift Sound
[2008/06/18 17:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PacificPoker
[2010/05/23 17:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PC Suite
[2010/12/15 17:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PriceGong
[2010/02/07 21:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PrimoPDF
[2010/05/23 17:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Samsung
[2008/01/10 17:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\SEGA
[2009/10/24 16:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Spyware Terminator
[2007/08/29 13:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Teleca
[2006/09/19 20:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Template
[2008/11/22 15:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\TomTom
[2010/09/06 17:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Uqocb
[2010/12/18 10:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\uTorrent
[2011/01/27 18:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Ymmiqi
[2011/02/17 20:52:11 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9482CFB4

< End of report >


TDSS Killer Log

2011/02/19 09:36:43.0453 4020 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/19 09:36:45.0453 4020 ================================================================================
2011/02/19 09:36:45.0453 4020 SystemInfo:
2011/02/19 09:36:45.0453 4020
2011/02/19 09:36:45.0453 4020 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/19 09:36:45.0453 4020 Product type: Workstation
2011/02/19 09:36:45.0453 4020 ComputerName: MAINCOMPUTER
2011/02/19 09:36:45.0453 4020 UserName: Chris
2011/02/19 09:36:45.0453 4020 Windows directory: C:\WINDOWS
2011/02/19 09:36:45.0453 4020 System windows directory: C:\WINDOWS
2011/02/19 09:36:45.0453 4020 Processor architecture: Intel x86
2011/02/19 09:36:45.0453 4020 Number of processors: 2
2011/02/19 09:36:45.0453 4020 Page size: 0x1000
2011/02/19 09:36:45.0453 4020 Boot type: Normal boot
2011/02/19 09:36:45.0453 4020 ================================================================================
2011/02/19 09:36:47.0000 4020 Initialize success
2011/02/19 09:36:55.0687 4052 ================================================================================
2011/02/19 09:36:55.0687 4052 Scan started
2011/02/19 09:36:55.0687 4052 Mode: Manual;
2011/02/19 09:36:55.0687 4052 ================================================================================
2011/02/19 09:36:58.0375 4052 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/02/19 09:36:58.0437 4052 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/19 09:36:58.0500 4052 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/19 09:36:58.0593 4052 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/02/19 09:36:58.0625 4052 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/19 09:36:58.0671 4052 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/19 09:36:58.0703 4052 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/02/19 09:36:58.0843 4052 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/02/19 09:36:58.0875 4052 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/02/19 09:36:58.0906 4052 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/02/19 09:36:58.0937 4052 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/02/19 09:36:58.0984 4052 alcan5wn (0940030d5a5869067ccc03e3b0b8dec7) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
2011/02/19 09:36:59.0140 4052 alcaudsl (4c9577888c53243e2991456f510488a1) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
2011/02/19 09:36:59.0234 4052 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/02/19 09:36:59.0281 4052 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/02/19 09:36:59.0312 4052 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/02/19 09:36:59.0343 4052 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/02/19 09:36:59.0406 4052 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/02/19 09:36:59.0453 4052 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/02/19 09:36:59.0515 4052 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/02/19 09:36:59.0546 4052 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/02/19 09:36:59.0734 4052 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/19 09:36:59.0750 4052 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/19 09:36:59.0812 4052 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/19 09:36:59.0859 4052 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/19 09:36:59.0906 4052 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/02/19 09:37:00.0078 4052 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/02/19 09:37:00.0140 4052 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/02/19 09:37:00.0187 4052 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/02/19 09:37:00.0312 4052 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/19 09:37:00.0375 4052 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/02/19 09:37:00.0390 4052 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/19 09:37:00.0437 4052 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/02/19 09:37:00.0468 4052 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/19 09:37:00.0484 4052 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/19 09:37:00.0515 4052 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/19 09:37:00.0593 4052 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/02/19 09:37:00.0734 4052 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/02/19 09:37:00.0781 4052 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/02/19 09:37:00.0796 4052 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/02/19 09:37:00.0859 4052 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/19 09:37:00.0953 4052 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/02/19 09:37:01.0171 4052 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/02/19 09:37:01.0250 4052 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/02/19 09:37:01.0421 4052 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/02/19 09:37:01.0484 4052 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/02/19 09:37:01.0671 4052 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/02/19 09:37:01.0750 4052 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/02/19 09:37:01.0890 4052 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/02/19 09:37:02.0046 4052 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/19 09:37:02.0140 4052 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/19 09:37:02.0187 4052 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/19 09:37:02.0234 4052 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/19 09:37:02.0265 4052 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/02/19 09:37:02.0343 4052 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/19 09:37:02.0390 4052 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/02/19 09:37:02.0531 4052 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/02/19 09:37:02.0703 4052 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
2011/02/19 09:37:02.0859 4052 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/02/19 09:37:02.0937 4052 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/19 09:37:03.0000 4052 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/19 09:37:03.0046 4052 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/19 09:37:03.0109 4052 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/19 09:37:03.0156 4052 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/19 09:37:03.0250 4052 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
2011/02/19 09:37:03.0500 4052 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/19 09:37:03.0562 4052 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/19 09:37:03.0609 4052 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/02/19 09:37:03.0687 4052 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/19 09:37:03.0812 4052 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/19 09:37:03.0875 4052 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/19 09:37:03.0921 4052 hnmwrlspkt (cabba915f11ff2013c550bb1a9b977df) C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys
2011/02/19 09:37:04.0140 4052 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/02/19 09:37:04.0218 4052 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/02/19 09:37:04.0281 4052 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/02/19 09:37:04.0328 4052 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/02/19 09:37:04.0437 4052 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/19 09:37:04.0515 4052 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/02/19 09:37:04.0546 4052 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/02/19 09:37:04.0593 4052 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/19 09:37:04.0687 4052 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/02/19 09:37:04.0796 4052 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/19 09:37:04.0890 4052 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/02/19 09:37:04.0953 4052 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/19 09:37:04.0984 4052 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/19 09:37:05.0046 4052 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/19 09:37:05.0109 4052 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/19 09:37:05.0171 4052 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/19 09:37:05.0250 4052 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/19 09:37:05.0343 4052 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/19 09:37:05.0390 4052 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/19 09:37:05.0421 4052 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/19 09:37:05.0531 4052 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/19 09:37:05.0609 4052 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/19 09:37:05.0671 4052 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/19 09:37:05.0718 4052 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/19 09:37:05.0828 4052 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/02/19 09:37:05.0921 4052 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/19 09:37:05.0984 4052 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/19 09:37:06.0062 4052 MotoSwitchService (30a769086bb94c7c6af71c0d3fcad20d) C:\WINDOWS\system32\DRIVERS\motswch.sys
2011/02/19 09:37:06.0265 4052 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/19 09:37:06.0328 4052 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/19 09:37:06.0390 4052 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/19 09:37:06.0437 4052 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/02/19 09:37:06.0468 4052 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/19 09:37:06.0515 4052 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/19 09:37:06.0609 4052 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/19 09:37:06.0671 4052 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/19 09:37:06.0687 4052 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/19 09:37:06.0718 4052 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/19 09:37:06.0765 4052 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/19 09:37:06.0875 4052 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/19 09:37:06.0921 4052 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/19 09:37:06.0953 4052 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/19 09:37:07.0000 4052 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/19 09:37:07.0046 4052 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/19 09:37:07.0109 4052 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/19 09:37:07.0281 4052 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/19 09:37:07.0312 4052 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/19 09:37:07.0390 4052 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/19 09:37:07.0437 4052 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/19 09:37:07.0562 4052 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/19 09:37:07.0656 4052 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/19 09:37:07.0718 4052 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/19 09:37:07.0750 4052 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/19 09:37:07.0906 4052 P2k (7f171cf250e10b0af2643b6c125520a9) C:\WINDOWS\system32\DRIVERS\P2k.sys
2011/02/19 09:37:07.0984 4052 Packet (ec0d523b492764b15b3b6b1e17172201) C:\WINDOWS\system32\DRIVERS\packet.sys
2011/02/19 09:37:08.0156 4052 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/19 09:37:08.0234 4052 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/19 09:37:08.0265 4052 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/19 09:37:08.0359 4052 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/02/19 09:37:08.0421 4052 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/19 09:37:08.0531 4052 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/19 09:37:08.0578 4052 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/19 09:37:08.0687 4052 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/02/19 09:37:08.0750 4052 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/02/19 09:37:08.0828 4052 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/19 09:37:08.0859 4052 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/19 09:37:08.0890 4052 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/19 09:37:08.0953 4052 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/19 09:37:09.0156 4052 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/02/19 09:37:09.0187 4052 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/02/19 09:37:09.0218 4052 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/02/19 09:37:09.0281 4052 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/02/19 09:37:09.0312 4052 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/02/19 09:37:09.0437 4052 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/19 09:37:09.0484 4052 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/19 09:37:09.0531 4052 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/19 09:37:09.0546 4052 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/19 09:37:09.0609 4052 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/19 09:37:09.0640 4052 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/19 09:37:09.0718 4052 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/19 09:37:09.0765 4052 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/19 09:37:09.0812 4052 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/19 09:37:09.0953 4052 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/02/19 09:37:10.0078 4052 SDDMI2 (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys
2011/02/19 09:37:10.0140 4052 SDTHOOK (f88d17b93621eeb8bef33b81e3af9207) C:\WINDOWS\system32\DRIVERS\SDTHOOK.sys
2011/02/19 09:37:10.0343 4052 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/19 09:37:10.0421 4052 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/19 09:37:10.0453 4052 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/19 09:37:10.0531 4052 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/19 09:37:10.0593 4052 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/02/19 09:37:10.0703 4052 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/02/19 09:37:10.0734 4052 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/19 09:37:10.0796 4052 sp_rsdrv2 (ae59a60e67d3b3f864d2ee4e1fd4eb0c) C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2011/02/19 09:37:11.0015 4052 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/19 09:37:11.0093 4052 srescan (bb1cc49b817d2551eb321f4a9afb7d8c) C:\WINDOWS\system32\ZoneLabs\srescan.sys
2011/02/19 09:37:11.0156 4052 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/19 09:37:11.0296 4052 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
2011/02/19 09:37:11.0375 4052 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2011/02/19 09:37:11.0421 4052 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2011/02/19 09:37:11.0484 4052 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
2011/02/19 09:37:11.0578 4052 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
2011/02/19 09:37:11.0609 4052 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
2011/02/19 09:37:11.0656 4052 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/02/19 09:37:11.0750 4052 STHDA (0aa91bbe468b3f46072091f18003ecaa) C:\WINDOWS\system32\drivers\sthda.sys
2011/02/19 09:37:11.0921 4052 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/19 09:37:11.0968 4052 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/19 09:37:12.0046 4052 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/02/19 09:37:12.0078 4052 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/02/19 09:37:12.0109 4052 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/02/19 09:37:12.0203 4052 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/02/19 09:37:12.0218 4052 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/19 09:37:12.0265 4052 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/19 09:37:12.0328 4052 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/19 09:37:12.0359 4052 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/19 09:37:12.0390 4052 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/19 09:37:12.0515 4052 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/02/19 09:37:12.0562 4052 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/19 09:37:12.0609 4052 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/02/19 09:37:12.0656 4052 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/19 09:37:12.0718 4052 usb2vcom (4af8fb8ee49239fc53de832f006052ce) C:\WINDOWS\system32\DRIVERS\usb2vcom.sys
2011/02/19 09:37:12.0937 4052 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/02/19 09:37:13.0000 4052 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/19 09:37:13.0062 4052 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/19 09:37:13.0109 4052 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/19 09:37:13.0218 4052 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/19 09:37:13.0265 4052 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/19 09:37:13.0328 4052 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
2011/02/19 09:37:13.0359 4052 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
2011/02/19 09:37:13.0437 4052 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/19 09:37:13.0453 4052 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/19 09:37:13.0500 4052 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/02/19 09:37:13.0546 4052 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/19 09:37:13.0593 4052 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/02/19 09:37:13.0640 4052 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/02/19 09:37:13.0671 4052 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/19 09:37:13.0750 4052 vsdatant (13a225a31f8d64a395373e9434d2d1ab) C:\WINDOWS\system32\vsdatant.sys
2011/02/19 09:37:13.0812 4052 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/19 09:37:13.0921 4052 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/19 09:37:14.0093 4052 wsppkt (22068dca607f93bf5fd5926390fb478f) C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys
2011/02/19 09:37:14.0218 4052 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/19 09:37:14.0281 4052 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/19 09:37:14.0828 4052 ================================================================================
2011/02/19 09:37:14.0828 4052 Scan finished
2011/02/19 09:37:14.0828 4052 ================================================================================

Report run after Virus Scan

Autoscan: completed 3 minutes ago (events: 4, objects: 334342, time: 02:40:39)
19/02/2011 09:51:58 Task started
19/02/2011 11:33:07 Detected: Packed.Win32.Krap.hc C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP386\A0042264.exe
19/02/2011 12:00:59 Deleted: Packed.Win32.Krap.hc C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP386\A0042264.exe
19/02/2011 12:33:07 Task completed

and the System Information zip file is attached.

And again - very many thanks for your time.

Chris G
  • 0

#6
Salagubang
Posted 19 February 2011 - 09:12 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi,

We need to temporarily remove your Anti-Virus, as it will interere with the fix I want to run. You can reinstall it again later. If you are not happy about doing this, please let me know before proceding

Download AppRemover and run it.

Click Next >>
Posted Image


Ensure "Remove Security Application" is collected and click Next >>
Posted Image


AppRemover will scan all the security applications on your PC
Posted Image

Select Any AVG entries from the applications offered and click Next >> twice.
Posted Image

Follow any further on-screen instructions. If asked to reboot,please do so.

Note: Please do not browse the internet or open any email attachments until your Anti-Virus is re-installed

Step One

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
[2011/01/27 18:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Ymmiqi
[2010/09/06 17:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Uqocb
[2011/02/11 21:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dLlLaJi06511
[2011/01/27 17:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Aktaim

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step Two

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#7
chrisg6152
Posted 20 February 2011 - 11:54 AM

chrisg6152

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Hi,

Varying degrees of success again! The OTL Fix ran OK - Quick Scan log is attached.

The ComboFix part didn't run smoothly. It would run but I kept getting a blue screen of death (again). I eventually got it to run in Safe Mode, but when it came to the 'generating report' window, the PC would crash. I have had a look on my C drive and there is a ComboFix.txt document - hopefully it is the right one!.

Many thanks.

OTL logfile created on: 20/02/2011 14:01:39 - Run 7
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

502.00 Mb Total Physical Memory | 146.00 Mb Available Physical Memory | 29.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.70 Gb Total Space | 19.30 Gb Free Space | 36.62% Space Free | Partition Type: NTFS
Drive D: | 18.61 Gb Total Space | 18.53 Gb Free Space | 99.61% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 405.15 Gb Free Space | 86.99% Space Free | Partition Type: NTFS

Computer Name: MAINCOMPUTER | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Chris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
PRC - C:\Program Files\JAM Software\SpamAware\SpamAwareOELauncher.exe ()
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\WINDOWS\system32\UStorSrv.exe (OTi)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Chris\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Autodata Limited License Service) -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (DfSdkS) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010\Dfsdks.exe (mst software GmbH, Germany)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (UStorage Server Service) -- C:\WINDOWS\System32\UStorSrv.exe (OTi)
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (utc1oty2) -- C:\WINDOWS\system32\drivers\utc1oty2.sys ()
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (sp_rsdrv2) -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ()
DRV - (usbsermpt) -- C:\WINDOWS\system32\drivers\usbsermpt.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (SDTHOOK) -- C:\WINDOWS\system32\drivers\SDTHOOK.SYS (Panda Software)
DRV - (P2k) -- C:\WINDOWS\system32\drivers\P2k.sys (Motorola Inc)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (MotoSwitchService) -- C:\WINDOWS\system32\drivers\motswch.sys (Motorola INC.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (wsppkt) -- C:\WINDOWS\system32\drivers\wsp_pkt.sys (SingleClick Systems)
DRV - (hnmwrlspkt) -- C:\WINDOWS\system32\drivers\hnm_wrls_pkt.sys (SingleClick Systems)
DRV - (Packet) -- C:\WINDOWS\system32\drivers\packet.sys (SingleClick Systems)
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (usb2vcom) -- C:\WINDOWS\system32\drivers\usb2vcom.sys (USB World)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SDDMI2) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.)
DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)
DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5060912
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5060912

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.talktalk.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2


[2008/11/22 15:58:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2008/11/22 15:58:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/02/20 13:58:00 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [SpamAwareOELauncher] C:\Program Files\JAM Software\SpamAware\SpamAwareOELauncher.exe ()
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Chris\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Chris\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: learndirect.co.uk ([courses] http in Trusted sites)
O15 - HKCU\..Trusted Domains: learndirect.co.uk ([www.laser] http in Trusted sites)
O15 - HKCU\..Trusted Domains: learndirect-skills.co.uk ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tiscali.co.uk ([www] http in Trusted sites)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zon...kr.cab31267.cab (Checkers Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.euro....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macr...re/awswax70.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} http://www.digitalwe...er/dbplugin.cab (dnlplayer Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zon...er.cab31267.cab (Minesweeper Flags Class)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by118fd.bay11...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1163005175703 (MUWebControl Class)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab53083.cab (ZoneIntro Class)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} http://www.asda-phot...opcuploader.cab (Image Uploader 3.0 Control)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game11.zylom....gamesplayer.cab (Zylom Games Player)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://gamenextus.ob...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://register3.va...OCX/FlashAX.cab (FlashXControl Object)
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} http://www.asda-phot...pv2.0.0.12.cab? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6ef4f2a1-80cc-11dc-8e2c-001676a44b53}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{c79e6c44-d33b-11dd-beb1-001676a44b53}\Shell\AutoRun\command - "" = F:\wd_windows_tools\WDSetup.exe
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/19 09:41:07 | 093,046,312 | ---- | C] ( ) -- C:\Documents and Settings\Chris\Desktop\setup_9.0.0.722_19.02.2011_12-12.exe
[2011/02/19 09:10:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/18 13:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/02/18 13:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/02/13 17:19:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\Recent
[2011/02/13 16:53:32 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2011/02/10 20:37:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\dLlLaJi06511
[2011/02/10 11:08:26 | 001,366,104 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Chris\Desktop\TDSSKiller.exe
[2011/01/27 18:47:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Malwarebytes
[2011/01/27 18:46:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/27 18:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/27 18:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/27 18:46:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/27 18:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2011/02/20 14:01:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/20 14:01:20 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/02/20 13:59:45 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/20 13:59:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/20 13:59:05 | 526,536,704 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/20 13:58:00 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/02/20 13:32:03 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/19 17:59:29 | 000,385,223 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Geeks 190211.docx
[2011/02/19 17:50:29 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/02/19 14:41:20 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\DVDVideoSoft Free Studio.lnk
[2011/02/19 14:39:56 | 000,001,051 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Free YouTube to MP3 Converter.lnk
[2011/02/19 14:35:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/19 12:39:52 | 000,016,401 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\avptool_sysinfo.zip
[2011/02/19 12:37:11 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\utc1oty2.sys
[2011/02/19 12:00:16 | 000,000,206 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_19.02.2011_12-12drv.spi
[2011/02/19 11:25:03 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/02/19 09:41:36 | 093,046,312 | ---- | M] ( ) -- C:\Documents and Settings\Chris\Desktop\setup_9.0.0.722_19.02.2011_12-12.exe
[2011/02/19 09:36:02 | 001,366,104 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Chris\Desktop\TDSSKiller.exe
[2011/02/19 09:35:15 | 001,246,857 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\tdsskiller.zip
[2011/02/18 13:35:41 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\gmer.exe
[2011/02/18 13:08:55 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\NTREGOPT.lnk
[2011/02/18 13:08:55 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\ERUNT.lnk
[2011/02/17 20:52:11 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/02/13 17:19:40 | 000,003,298 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\cc_20110213_171937.reg
[2011/02/13 16:53:34 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2011/02/11 21:19:19 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/11 21:06:31 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/02/10 09:52:04 | 000,301,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/05 17:52:11 | 128,971,082 | ---- | M] () -- C:\SYM_REGISTRY_BACKUP.reg
[2011/01/27 21:46:49 | 000,013,744 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\cc_20110127_214633.reg
[2011/01/27 18:30:36 | 000,001,702 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\scan270111.csv

========== Files Created - No Company Name ==========

[2011/02/19 17:59:28 | 000,385,223 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Geeks 190211.docx
[2011/02/19 14:39:56 | 000,001,051 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Free YouTube to MP3 Converter.lnk
[2011/02/19 12:43:28 | 000,016,401 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\avptool_sysinfo.zip
[2011/02/19 12:37:03 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utc1oty2.sys
[2011/02/19 12:00:16 | 000,000,206 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_19.02.2011_12-12drv.spi
[2011/02/19 09:35:15 | 001,246,857 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\tdsskiller.zip
[2011/02/18 15:38:44 | 526,536,704 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/18 13:08:55 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\NTREGOPT.lnk
[2011/02/18 13:08:55 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\ERUNT.lnk
[2011/02/13 17:19:38 | 000,003,298 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\cc_20110213_171937.reg
[2011/02/11 21:06:31 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/02/05 17:51:38 | 128,971,082 | ---- | C] () -- C:\SYM_REGISTRY_BACKUP.reg
[2011/01/27 21:46:41 | 000,013,744 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\cc_20110127_214633.reg
[2011/01/27 18:46:59 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/27 18:30:36 | 000,001,702 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\scan270111.csv
[2010/08/31 15:45:22 | 000,000,120 | ---- | C] () -- C:\WINDOWS\WINRESAZ.INI
[2010/08/19 14:22:13 | 000,002,215 | ---- | C] () -- C:\WINDOWS\CDPR.INI
[2010/06/21 21:00:48 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/05/23 17:18:26 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/05/23 17:18:26 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/05/23 17:18:10 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\$_hpcst$.hpc
[2009/07/09 17:09:28 | 000,000,207 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
[2009/06/07 16:05:02 | 000,000,121 | ---- | C] () -- C:\WINDOWS\AndreaMosaic.INI
[2009/01/28 18:54:38 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\dvd.bmk
[2009/01/06 18:59:06 | 000,003,120 | ---- | C] () -- C:\WINDOWS\System32\ade3a3b7-efaa-4bb6-a44e-1be50229e465.dll
[2009/01/06 07:37:55 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\FASTWiz.html
[2009/01/06 07:32:17 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\FASTApp.html
[2009/01/06 07:28:48 | 000,061,378 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\FASTWiz.log
[2009/01/05 21:01:58 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/22 14:26:15 | 000,000,197 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2008/10/18 19:50:33 | 000,000,036 | ---- | C] () -- C:\WINDOWS\rasqervy.dll
[2008/10/18 19:50:22 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sdfinacs.dll
[2008/10/18 19:50:04 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sdfixwcs.dll
[2008/08/15 11:58:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/08/15 11:35:44 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/01/10 08:02:44 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\OPDSL.DLL
[2007/09/25 13:39:28 | 000,172,112 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll
[2007/09/05 15:34:07 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2007/08/02 14:43:24 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/06/24 15:17:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\webica.ini
[2007/05/13 19:58:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2007/04/12 16:58:57 | 000,001,663 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/04/01 18:23:13 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat
[2007/04/01 15:36:33 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/02/14 20:10:05 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Auto-Run.INI
[2007/01/16 19:34:34 | 001,601,536 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\SecureTraveler.exe
[2007/01/12 12:11:58 | 000,000,072 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2007/01/03 12:40:21 | 000,005,949 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/01/02 13:19:58 | 000,027,764 | ---- | C] () -- C:\WINDOWS\MiniCarRacing.ini
[2006/11/28 19:08:12 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/11/06 18:31:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/31 20:37:47 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/04 20:34:30 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/30 20:13:33 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.ini
[2006/09/20 18:25:45 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\D7AED2FEC7.sys
[2006/09/19 20:38:48 | 000,003,450 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\wklnhst.dat
[2006/09/17 19:41:38 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/17 19:41:38 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\C7FED2AED7.sys
[2006/09/17 12:41:04 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2006/09/12 19:16:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/12 19:13:08 | 000,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2006/09/12 19:10:52 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/12 19:05:26 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/09/12 18:38:04 | 000,000,475 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/04/27 18:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/10/24 15:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll

========== LOP Check ==========

[2008/09/02 18:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/05/25 16:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylona
[2007/01/28 19:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/10/10 13:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chat Republic Games
[2010/12/20 14:24:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/11 21:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dLlLaJi06511
[2007/02/23 16:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\exiteachcoolsoftware
[2008/06/12 21:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/09/20 12:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2007/03/09 20:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/02/03 18:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/05/23 17:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2006/10/02 18:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QubeSoft
[2009/07/04 11:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2009/01/11 13:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/09/12 19:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/22 19:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/24 18:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/06/15 18:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/18 20:48:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/03/21 19:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/22 08:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/08/31 15:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Alien Skin
[2008/11/08 20:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Azureus
[2010/05/25 16:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Babylona
[2011/01/03 16:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\DVDVideoSoft
[2011/02/19 14:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\DVDVideoSoftIEHelpers
[2008/06/15 17:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\flightgear.org
[2008/09/14 18:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\ICAClient
[2011/01/03 16:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\ImgBurn
[2010/08/09 14:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Kupi
[2006/09/15 12:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Leadertech
[2007/10/20 14:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Microgaming
[2008/04/05 15:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\MSNInstaller
[2009/02/03 19:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\NCH Swift Sound
[2008/06/18 17:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PacificPoker
[2010/05/23 17:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PC Suite
[2010/12/15 17:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PriceGong
[2010/02/07 21:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PrimoPDF
[2010/05/23 17:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Samsung
[2008/01/10 17:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\SEGA
[2009/10/24 16:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Spyware Terminator
[2007/08/29 13:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Teleca
[2006/09/19 20:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Template
[2008/11/22 15:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\TomTom
[2010/12/18 10:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\uTorrent
[2011/02/17 20:52:11 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9482CFB4

< End of report >


ComboFix 11-02-19.02 - Chris 20/02/2011 15:11:54.5.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.326 [GMT 0:00]
Running from: C:\Documents and Settings\Chris\My Documents\Downloads\Geeks stuff Feb 2011\ComboFix.exe
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Chris\Application Data\PriceGong
C:\Documents and Settings\Chris\Application Data\PriceGong\Data\1.xml
C:\Documents and Settings\Chris\Application Data\PriceGong\Data\a.xml
C:\Documents and Settings\Chris\Application Data\PriceGong\Data\b.xml
C:\Documents and Settings\Chris\Application Data\PriceGong\Data\c.xml
C:\Documents and Settings\Chris\Application Data\PriceGong\Data\d.xml
C:\Documents and Settings\Chris\Application Data\PriceGong\Data\e.xml
C:\Documents and Settings\Chris\Application Data\PriceGong\Data\f.xml
C:\Documents and Settings\Chris\Application Data\PriceGong\Data\g.xml
C:\Documents and Settings\Chris\Application Data\PriceGong\Data\h.xml
C:\Documents and Settings\Chris\Application Data\PriceGong\Data\i.xml
C:\Documents and Settings\Chris\Application Data\PriceGong\Data\J.xml
C:\Documents and Settings\Chris\Application Data\PriceGong\Data\k.xml
C:\Documents and Settings\Chris\Application Data\PriceGong\Data\l.xml
C:\Documents and Settings\Chris\Application Data\PriceGong\Data\m.xml
C:\Documents and Settings\Chris\Application Data\PriceGong\Data\mru.xml
C:\Documents and Settings\Chris\Application Data\PriceGong\Data\n.xml
C:\Documents and Settings\Chris\Application Data\PriceGong\Data\o.xml
C:\Documents and Settings\Chris\Application Data\PriceGong\Data\p.xml
C:\Documents and Settings\Chris\Application Data\PriceGong\Data\q.xml
C:\Documents and Settings\Chris\Application Data\PriceGong\Data\r.xml
C:\Documents and Settings\Chris\Application Data\PriceGong\Data\s.xml
C:\Documents and Settings\Chris\Application Data\PriceGong\Data\t.xml
C:\Documents and Settings\Chris\Application Data\PriceGong\Data\u.xml
C:\Documents and Settings\Chris\Application Data\PriceGong\Data\v.xml
C:\Documents and Settings\Chris\Application Data\PriceGong\Data\w.xml
C:\Documents and Settings\Chris\Application Data\PriceGong\Data\x.xml
C:\Documents and Settings\Chris\Application Data\PriceGong\Data\y.xml
C:\Documents and Settings\Chris\Application Data\PriceGong\Data\z.xml
C:\WINDOWS\7aed8f9b-7a59-4abd-bdbe-973bf97bf59a.ocx
C:\WINDOWS\system32\ade3a3b7-efaa-4bb6-a44e-1be50229e465.dll

-- Previous Run --

Infected copy of C:\WINDOWS\system32\imm32.dll was found and disinfected
Restored copy from - C:\WINDOWS\ServicePackFiles\i386\imm32.dll

--------

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2011-01-20 to 2011-02-20 )))))))))))))))))))))))))))))))
.

2011-02-19 12:37:03 . 2011-02-19 12:37:11 7168 ----a-w- C:\WINDOWS\system32\drivers\utc1oty2.sys
2011-02-19 09:10:10 . 2011-02-19 09:10:10 -------- d-----w- C:\_OTL
2011-02-18 13:08:51 . 2011-02-18 13:08:59 -------- d-----w- C:\Program Files\ERUNT
2011-02-11 15:22:55 . 2011-02-11 15:22:55 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2011-02-10 20:37:22 . 2011-02-11 21:30:28 -------- d-----w- C:\Documents and Settings\All Users\Application Data\dLlLaJi06511
2011-02-05 17:51:38 . 2011-02-05 17:52:11 128971082 ----a-w- C:\SYM_REGISTRY_BACKUP.reg
2011-01-27 18:47:09 . 2011-01-27 18:47:09 -------- d-----w- C:\Documents and Settings\Chris\Application Data\Malwarebytes
2011-01-27 18:46:59 . 2011-01-27 18:46:59 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-01-27 18:46:59 . 2010-12-20 18:09:00 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-01-27 18:46:54 . 2011-02-11 20:38:11 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-01-27 18:46:54 . 2010-12-20 18:08:40 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44:37 . 2004-08-10 11:51:22 439296 ----a-w- C:\WINDOWS\system32\shimgvw.dll
2011-01-07 14:09:02 . 2004-08-10 11:50:54 290048 ----a-w- C:\WINDOWS\system32\atmfd.dll
2010-12-31 13:10:33 . 2004-08-10 11:51:28 1854976 ----a-w- C:\WINDOWS\system32\win32k.sys
2010-12-22 12:34:28 . 2004-08-10 11:51:10 301568 ----a-w- C:\WINDOWS\system32\kerberos.dll
2010-12-20 23:59:20 . 2004-08-10 11:51:29 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2010-12-20 23:59:19 . 2004-08-10 11:51:10 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2010-12-20 23:59:19 . 2004-08-10 11:51:09 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2010-12-20 17:26:00 . 2004-08-10 11:51:11 730112 ----a-w- C:\WINDOWS\system32\lsasrv.dll
2010-12-20 12:55:26 . 2004-08-10 11:51:09 385024 ----a-w- C:\WINDOWS\system32\html.iec
2010-12-09 15:15:09 . 2004-08-10 11:51:16 718336 ----a-w- C:\WINDOWS\system32\ntdll.dll
2010-12-09 14:30:22 . 2004-08-10 11:50:56 33280 ----a-w- C:\WINDOWS\system32\csrsrv.dll
2010-12-09 13:42:26 . 2004-08-10 11:51:17 2148864 ----a-w- C:\WINDOWS\system32\ntoskrnl.exe
2010-12-09 13:07:07 . 2004-08-03 21:59:00 2027008 ----a-w- C:\WINDOWS\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18:30 94208]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2007-11-26 14:47:30 1206600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 19:49:46 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 19:46:34 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 19:50:30 114688]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44:02 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44:02 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 04:20:00 122940]
"SpamAwareOELauncher"="C:\Program Files\JAM Software\SpamAware\SpamAwareOELauncher.exe" [2006-02-16 10:56:04 40960]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-27 15:31:54 2957824]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 16:31:16 80896]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 23:10:22 981384]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-04-28 14:06:30 142120]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2010-03-17 20:53:36 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 00:12:16 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=c_206453.nls
"aux1"=c_206453.nls
"mixer1"=c_206453.nls
"midi1"=c_206453.nls
"wave2"=c_206453.nls
"mixer2"=c_206453.nls
"midi2"=c_206453.nls
"aux2"=c_206453.nls

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync\0C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
backup=C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54:26 91520 ----a-w- C:\Program Files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 02:12:00 94208 ----a-w- C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53:36 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [18/03/2010 20:52:39 64288]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [05/09/2007 15:34:07 138752]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [23/05/2010 17:18:26 233472]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\drivers\hnm_wrls_pkt.sys [12/01/2006 21:27:16 13696]
R2 wsppkt;Wireless Security Protocol;C:\WINDOWS\system32\drivers\wsp_pkt.sys [12/01/2006 21:29:38 13568]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [25/02/2009 07:45:35 598856]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [23/05/2010 17:18:26 36608]
S2 gupdate1c98a2eeb3d5044;Google Update Service (gupdate1c98a2eeb3d5044);C:\Program Files\Google\Update\GoogleUpdate.exe [08/02/2009 20:50:45 133104]
S3 DfSdkS;Defragmentation-Service;C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010\DfSdkS.exe [21/11/2009 18:09:15 406016]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 15:52:57 1263728]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\system32\2B.tmp --> C:\WINDOWS\system32\2B.tmp [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [25/03/2010 09:25:22 30969208]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 20:37:50 4640000]
S3 SDTHOOK;SDTHOOK;C:\WINDOWS\system32\drivers\SDTHOOK.SYS [20/02/2008 20:18:48 44928]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\WINDOWS\system32\drivers\ss_bbus.sys [23/05/2010 17:18:46 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\WINDOWS\system32\drivers\ss_bmdfl.sys [23/05/2010 17:18:46 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\WINDOWS\system32\drivers\ss_bmdm.sys [23/05/2010 17:18:46 121856]
S3 usb2vcom;USB Data Cable;C:\WINDOWS\system32\drivers\usb2vcom.sys [29/08/2007 14:53:35 28704]
S3 utc1oty2;AVZ Kernel Driver;C:\WINDOWS\system32\drivers\utc1oty2.sys [19/02/2011 12:37:03 7168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-02-17 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:52:58 . 2010-03-18 20:52:05]

2011-02-19 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-21 21:23:27 . 2008-07-30 11:34:12]

2011-02-19 C:\WINDOWS\Tasks\Google Software Updater.job
- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-24 17:32:31 . 2009-03-28 12:44:51]

2011-02-20 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-08 20:50:45 . 2009-02-08 20:50:41]

2011-02-20 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-08 20:50:45 . 2009-02-08 20:50:41]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.talktalk.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Documents and Settings\Chris\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - C:\Documents and Settings\Chris\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: learndirect-skills.co.uk\www
Trusted Zone: learndirect.co.uk\courses
Trusted Zone: learndirect.co.uk\www.laser
Trusted Zone: tiscali.co.uk\www
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game11.zylom.com/activex/zylomgamesplayer.cab
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NPSStartup - (no file)
AddRemove-LegoChessDeInstKey - C:\Program Files\LEGO Media\Games\LEGO Chess\DeIsL1.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-20 15:27:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...
  • 0

#8
Salagubang
Posted 20 February 2011 - 08:37 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi,

Run combofix again and see if it finishes.

Step One

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step Two

Download Dr.Web CureIt to the desktop.
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow Posted Image at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log.
NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.
  • 0

#9
chrisg6152
Posted 21 February 2011 - 03:14 PM

chrisg6152

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Hi Salagubang

Combofix ran successfully this time. Here is the log it produced.

ComboFix 11-02-19.02 - Chris 21/02/2011 9:02.6.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.322 [GMT 0:00]
Running from: c:\documents and settings\Chris\My Documents\Downloads\Geeks stuff Feb 2011\ComboFix.exe
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Chris\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Chris\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Chris\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Chris\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Chris\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Chris\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Chris\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Chris\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Chris\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Chris\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Chris\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Chris\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Chris\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Chris\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Chris\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Chris\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Chris\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Chris\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Chris\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Chris\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Chris\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Chris\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Chris\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Chris\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Chris\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Chris\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Chris\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Chris\Application Data\PriceGong\Data\z.xml
c:\windows\7aed8f9b-7a59-4abd-bdbe-973bf97bf59a.ocx
c:\windows\system32\ade3a3b7-efaa-4bb6-a44e-1be50229e465.dll

-- Previous Run --

Infected copy of c:\windows\system32\imm32.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\imm32.dll

--------

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2011-01-21 to 2011-02-21 )))))))))))))))))))))))))))))))
.

2011-02-19 12:37 . 2011-02-19 12:37 7168 ----a-w- c:\windows\system32\drivers\utc1oty2.sys
2011-02-19 09:10 . 2011-02-19 09:10 -------- d-----w- C:\_OTL
2011-02-18 13:08 . 2011-02-18 13:08 -------- d-----w- c:\program files\ERUNT
2011-02-11 15:22 . 2011-02-11 15:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-02-10 20:37 . 2011-02-11 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\dLlLaJi06511
2011-02-05 17:51 . 2011-02-05 17:52 128971082 ----a-w- C:\SYM_REGISTRY_BACKUP.reg
2011-01-27 18:47 . 2011-01-27 18:47 -------- d-----w- c:\documents and settings\Chris\Application Data\Malwarebytes
2011-01-27 18:46 . 2011-01-27 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-27 18:46 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-27 18:46 . 2011-02-11 20:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-27 18:46 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-10 11:51 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-10 11:50 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-10 11:51 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-10 11:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-10 11:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-10 11:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-10 11:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-10 11:51 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-10 11:51 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-10 11:51 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-10 11:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2004-08-10 11:51 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-03 21:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"SpamAwareOELauncher"="c:\program files\JAM Software\SpamAware\SpamAwareOELauncher.exe" [2006-02-16 40960]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-27 2957824]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"NPSStartup"="" [BU]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
openURL.vbs [2011-2-21 131]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=c_206453.nls
"aux1"=c_206453.nls
"mixer1"=c_206453.nls
"midi1"=c_206453.nls
"wave2"=c_206453.nls
"mixer2"=c_206453.nls
"midi2"=c_206453.nls
"aux2"=c_206453.nls

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 02:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18/03/2010 20:52 64288]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [05/09/2007 15:34 138752]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [23/05/2010 17:18 233472]
S2 gupdate1c98a2eeb3d5044;Google Update Service (gupdate1c98a2eeb3d5044);c:\program files\Google\Update\GoogleUpdate.exe [08/02/2009 20:50 133104]
S2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [12/01/2006 21:27 13696]
S2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [12/01/2006 21:29 13568]
S2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [25/02/2009 07:45 598856]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 2010\DfSdkS.exe [21/11/2009 18:09 406016]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [23/05/2010 17:18 36608]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 15:52 1263728]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2B.tmp --> c:\windows\system32\2B.tmp [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25/03/2010 09:25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 20:37 4640000]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [20/02/2008 20:18 44928]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [23/05/2010 17:18 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [23/05/2010 17:18 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [23/05/2010 17:18 121856]
S3 usb2vcom;USB Data Cable;c:\windows\system32\drivers\usb2vcom.sys [29/08/2007 14:53 28704]
S3 utc1oty2;AVZ Kernel Driver;c:\windows\system32\drivers\utc1oty2.sys [19/02/2011 12:37 7168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-02-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 20:52]

2011-02-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-21 11:34]

2011-02-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-24 12:44]

2011-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 20:50]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 20:50]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.talktalk.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Chris\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Chris\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: learndirect-skills.co.uk\www
Trusted Zone: learndirect.co.uk\courses
Trusted Zone: learndirect.co.uk\www.laser
Trusted Zone: tiscali.co.uk\www
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game11.zylom.com/activex/zylomgamesplayer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-21 09:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2B.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2044)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
.
Completion time: 2011-02-21 09:16:58
ComboFix-quarantined-files.txt 2011-02-21 09:16

Pre-Run: 20,697,288,704 bytes free
Post-Run: 20,719,124,480 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 0571ABD4B3D87B188809BFFB1824562B


MBAM ran OK - nothing was picked up, here is the log that was produced.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5828

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21/02/2011 11:53:54
mbam-log-2011-02-21 (11-53-54).txt

Scan type: Quick scan
Objects scanned: 203682
Time elapsed: 12 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Now to the Dr.WebCureIt - WOW! It took what seemed like an eternity to complete it's scan - nearly 9 hours!! The results log is below

acssetup.exe;C:\Program Files\Common Files\AOL\Backup\ACS\Current\UK;Trojan.MulDrop2.3621;Incurable.Moved.;
DSBrws.exe;C:\Program Files\Dell Support;Trojan.Click1.24896;Incurable.Moved.;
main.js;C:\Program Files\Messenger Plus! Live\Scripts\Now Playing;Probably SCRIPT.Virus;Incurable.Moved.;
pv.exe;C:\Program Files\PacificPoker;Program.PrcView.3725;Incurable.Moved.;
pv.exe;C:\Program Files\PacificPoker4;Program.PrcView.3725;Incurable.Moved.;
DialerOEM.exe;C:\Program Files\Tiscali\Tiscali Internet;Trojan.Swizzor.based;Deleted.;
A0053530.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP396;Trojan.MulDrop2.3621;Incurable.Moved.;
A0053532.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP396;Trojan.Click1.24896;Incurable.Moved.;
A0053533.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP396;Trojan.Swizzor.based;Deleted.;
10e58.msi\stream008;C:\WINDOWS\Installer\10e58.msi;Trojan.Click1.24896;;
10e58.msi;C:\WINDOWS\Installer;Container contains infected objects;Moved.;
NewShortcut6_DDE06AA5293C46328BB55545784A27BC.exe;C:\WINDOWS\Installer\{3846E811-639D-4DE1-844B-30491C0A6C0C};Trojan.Click1.24896;;
MONALISA.EXE;G:\Old Computers\Transfer2\Old My Documents\My Documents\Chris's\Ian Gizzits;Joke.Mona;Incurable.Moved.;


And lastly - the latest OTL Log.

OTL logfile created on: 21/02/2011 20:57:35 - Run 8
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

502.00 Mb Total Physical Memory | 22.00 Mb Available Physical Memory | 4.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.70 Gb Total Space | 18.14 Gb Free Space | 34.42% Space Free | Partition Type: NTFS
Drive D: | 18.61 Gb Total Space | 18.53 Gb Free Space | 99.60% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 405.13 Gb Free Space | 86.98% Space Free | Partition Type: NTFS

Computer Name: MAINCOMPUTER | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Chris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
PRC - C:\Program Files\JAM Software\SpamAware\SpamAwareOELauncher.exe ()
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\WINDOWS\system32\UStorSrv.exe (OTi)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Chris\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Autodata Limited License Service) -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (DfSdkS) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010\Dfsdks.exe (mst software GmbH, Germany)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (UStorage Server Service) -- C:\WINDOWS\System32\UStorSrv.exe (OTi)
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (utc1oty2) -- C:\WINDOWS\system32\drivers\utc1oty2.sys ()
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (sp_rsdrv2) -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ()
DRV - (usbsermpt) -- C:\WINDOWS\system32\drivers\usbsermpt.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (SDTHOOK) -- C:\WINDOWS\system32\drivers\SDTHOOK.SYS (Panda Software)
DRV - (P2k) -- C:\WINDOWS\system32\drivers\P2k.sys (Motorola Inc)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (MotoSwitchService) -- C:\WINDOWS\system32\drivers\motswch.sys (Motorola INC.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (wsppkt) -- C:\WINDOWS\system32\drivers\wsp_pkt.sys (SingleClick Systems)
DRV - (hnmwrlspkt) -- C:\WINDOWS\system32\drivers\hnm_wrls_pkt.sys (SingleClick Systems)
DRV - (Packet) -- C:\WINDOWS\system32\drivers\packet.sys (SingleClick Systems)
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (usb2vcom) -- C:\WINDOWS\system32\drivers\usb2vcom.sys (USB World)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SDDMI2) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.)
DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)
DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5060912
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5060912

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.talktalk.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2


[2008/11/22 15:58:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2008/11/22 15:58:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/02/20 15:27:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [SpamAwareOELauncher] C:\Program Files\JAM Software\SpamAware\SpamAwareOELauncher.exe ()
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Chris\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Chris\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: learndirect.co.uk ([courses] http in Trusted sites)
O15 - HKCU\..Trusted Domains: learndirect.co.uk ([www.laser] http in Trusted sites)
O15 - HKCU\..Trusted Domains: learndirect-skills.co.uk ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tiscali.co.uk ([www] http in Trusted sites)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zon...kr.cab31267.cab (Checkers Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.euro....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macr...re/awswax70.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} http://www.digitalwe...er/dbplugin.cab (dnlplayer Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zon...er.cab31267.cab (Minesweeper Flags Class)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by118fd.bay11...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1163005175703 (MUWebControl Class)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab53083.cab (ZoneIntro Class)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} http://www.asda-phot...opcuploader.cab (Image Uploader 3.0 Control)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game11.zylom....gamesplayer.cab (Zylom Games Player)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://gamenextus.ob...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://register3.va...OCX/FlashAX.cab (FlashXControl Object)
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} http://www.asda-phot...pv2.0.0.12.cab? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/21 12:05:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\DoctorWeb
[2011/02/21 09:36:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\AVG10
[2011/02/21 09:31:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/02/21 09:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/02/21 09:29:27 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/02/21 09:24:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/02/21 09:17:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/02/20 14:13:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/20 14:09:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/20 14:09:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/20 14:09:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/20 14:09:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/20 14:09:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/19 09:41:07 | 093,046,312 | ---- | C] ( ) -- C:\Documents and Settings\Chris\Desktop\setup_9.0.0.722_19.02.2011_12-12.exe
[2011/02/19 09:10:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/18 13:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/02/18 13:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/02/13 17:19:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\Recent
[2011/02/13 16:53:32 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2011/02/10 20:37:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\dLlLaJi06511
[2011/02/10 11:08:26 | 001,366,104 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Chris\Desktop\TDSSKiller.exe
[2011/01/27 18:47:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Malwarebytes
[2011/01/27 18:46:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/27 18:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/27 18:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/27 18:46:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/27 18:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2011/02/21 20:55:33 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/02/21 20:53:08 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/21 20:52:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/21 20:52:44 | 526,536,704 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/21 20:47:54 | 000,001,337 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\DrWeb.csv
[2011/02/21 20:32:11 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/21 18:15:43 | 106,720,276 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/21 12:03:35 | 057,200,936 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\drweb-cureit.exe
[2011/02/21 11:25:03 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/02/21 09:32:05 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/02/21 09:23:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/20 20:52:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/02/20 19:34:08 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/02/20 15:27:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/20 14:13:23 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/02/19 17:59:29 | 000,385,223 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Geeks 190211.docx
[2011/02/19 14:41:20 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\DVDVideoSoft Free Studio.lnk
[2011/02/19 14:39:56 | 000,001,051 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Free YouTube to MP3 Converter.lnk
[2011/02/19 14:35:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/19 12:39:52 | 000,016,401 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\avptool_sysinfo.zip
[2011/02/19 12:37:11 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\utc1oty2.sys
[2011/02/19 12:00:16 | 000,000,206 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_19.02.2011_12-12drv.spi
[2011/02/19 09:41:36 | 093,046,312 | ---- | M] ( ) -- C:\Documents and Settings\Chris\Desktop\setup_9.0.0.722_19.02.2011_12-12.exe
[2011/02/19 09:36:02 | 001,366,104 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Chris\Desktop\TDSSKiller.exe
[2011/02/19 09:35:15 | 001,246,857 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\tdsskiller.zip
[2011/02/18 13:35:41 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\gmer.exe
[2011/02/18 13:08:55 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\NTREGOPT.lnk
[2011/02/18 13:08:55 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\ERUNT.lnk
[2011/02/13 17:19:40 | 000,003,298 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\cc_20110213_171937.reg
[2011/02/13 16:53:34 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2011/02/11 21:19:19 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/11 21:06:31 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/02/10 09:52:04 | 000,301,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/05 17:52:11 | 128,971,082 | ---- | M] () -- C:\SYM_REGISTRY_BACKUP.reg
[2011/01/27 21:46:49 | 000,013,744 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\cc_20110127_214633.reg
[2011/01/27 18:30:36 | 000,001,702 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\scan270111.csv

========== Files Created - No Company Name ==========

[2011/02/21 20:47:54 | 000,001,337 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\DrWeb.csv
[2011/02/21 12:03:32 | 057,200,936 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\drweb-cureit.exe
[2011/02/21 09:32:05 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/02/21 09:19:33 | 526,536,704 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/20 16:13:08 | 000,000,076 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\xobni_installer_updater.log
[2011/02/20 14:13:23 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/02/20 14:13:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/02/20 14:09:41 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/20 14:09:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/20 14:09:41 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/20 14:09:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/20 14:09:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/19 17:59:28 | 000,385,223 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Geeks 190211.docx
[2011/02/19 14:39:56 | 000,001,051 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Free YouTube to MP3 Converter.lnk
[2011/02/19 12:43:28 | 000,016,401 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\avptool_sysinfo.zip
[2011/02/19 12:37:03 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utc1oty2.sys
[2011/02/19 12:00:16 | 000,000,206 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_19.02.2011_12-12drv.spi
[2011/02/19 09:35:15 | 001,246,857 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\tdsskiller.zip
[2011/02/18 13:08:55 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\NTREGOPT.lnk
[2011/02/18 13:08:55 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\ERUNT.lnk
[2011/02/13 17:19:38 | 000,003,298 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\cc_20110213_171937.reg
[2011/02/11 21:06:31 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/02/05 17:51:38 | 128,971,082 | ---- | C] () -- C:\SYM_REGISTRY_BACKUP.reg
[2011/01/27 21:46:41 | 000,013,744 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\cc_20110127_214633.reg
[2011/01/27 18:46:59 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/27 18:30:36 | 000,001,702 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\scan270111.csv
[2010/08/31 15:45:22 | 000,000,120 | ---- | C] () -- C:\WINDOWS\WINRESAZ.INI
[2010/08/19 14:22:13 | 000,002,215 | ---- | C] () -- C:\WINDOWS\CDPR.INI
[2010/06/21 21:00:48 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/05/23 17:18:26 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/05/23 17:18:26 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/05/23 17:18:10 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\$_hpcst$.hpc
[2009/07/09 17:09:28 | 000,000,207 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
[2009/06/07 16:05:02 | 000,000,121 | ---- | C] () -- C:\WINDOWS\AndreaMosaic.INI
[2009/01/28 18:54:38 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\dvd.bmk
[2009/01/06 07:37:55 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\FASTWiz.html
[2009/01/06 07:32:17 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\FASTApp.html
[2009/01/06 07:28:48 | 000,061,378 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\FASTWiz.log
[2009/01/05 21:01:58 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/22 14:26:15 | 000,000,197 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2008/10/18 19:50:33 | 000,000,036 | ---- | C] () -- C:\WINDOWS\rasqervy.dll
[2008/10/18 19:50:22 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sdfinacs.dll
[2008/10/18 19:50:04 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sdfixwcs.dll
[2008/08/15 11:58:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/08/15 11:35:44 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/01/10 08:02:44 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\OPDSL.DLL
[2007/09/25 13:39:28 | 000,172,112 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll
[2007/09/05 15:34:07 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2007/08/02 14:43:24 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/06/24 15:17:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\webica.ini
[2007/05/13 19:58:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2007/04/12 16:58:57 | 000,001,663 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/04/01 18:23:13 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat
[2007/04/01 15:36:33 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/02/14 20:10:05 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Auto-Run.INI
[2007/01/16 19:34:34 | 001,601,536 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\SecureTraveler.exe
[2007/01/12 12:11:58 | 000,000,072 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2007/01/03 12:40:21 | 000,005,949 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/01/02 13:19:58 | 000,027,764 | ---- | C] () -- C:\WINDOWS\MiniCarRacing.ini
[2006/11/28 19:08:12 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/11/06 18:31:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/31 20:37:47 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/04 20:34:30 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/30 20:13:33 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.ini
[2006/09/20 18:25:45 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\D7AED2FEC7.sys
[2006/09/19 20:38:48 | 000,003,450 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\wklnhst.dat
[2006/09/17 19:41:38 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/17 19:41:38 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\C7FED2AED7.sys
[2006/09/17 12:41:04 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2006/09/12 19:16:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/12 19:13:08 | 000,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2006/09/12 19:10:52 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/12 19:05:26 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/09/12 18:38:04 | 000,000,475 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/04/27 18:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/10/24 15:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll

========== LOP Check ==========

[2011/02/21 09:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2008/09/02 18:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/05/25 16:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylona
[2007/01/28 19:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/10/10 13:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chat Republic Games
[2010/12/20 14:24:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/11 21:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dLlLaJi06511
[2007/02/23 16:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\exiteachcoolsoftware
[2008/06/12 21:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/09/20 12:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2007/03/09 20:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2011/02/21 09:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/02/03 18:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/05/23 17:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2006/10/02 18:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QubeSoft
[2009/07/04 11:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2009/01/11 13:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/09/12 19:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/22 19:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/24 18:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/06/15 18:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/18 20:48:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/03/21 19:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/22 08:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/08/31 15:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Alien Skin
[2011/02/21 09:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\AVG10
[2008/11/08 20:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Azureus
[2010/05/25 16:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Babylona
[2011/01/03 16:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\DVDVideoSoft
[2011/02/19 14:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\DVDVideoSoftIEHelpers
[2008/06/15 17:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\flightgear.org
[2008/09/14 18:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\ICAClient
[2011/01/03 16:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\ImgBurn
[2010/08/09 14:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Kupi
[2006/09/15 12:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Leadertech
[2007/10/20 14:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Microgaming
[2008/04/05 15:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\MSNInstaller
[2009/02/03 19:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\NCH Swift Sound
[2008/06/18 17:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PacificPoker
[2010/05/23 17:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PC Suite
[2010/02/07 21:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PrimoPDF
[2010/05/23 17:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Samsung
[2008/01/10 17:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\SEGA
[2009/10/24 16:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Spyware Terminator
[2007/08/29 13:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Teleca
[2006/09/19 20:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Template
[2008/11/22 15:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\TomTom
[2010/12/18 10:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\uTorrent
[2011/02/20 20:52:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9482CFB4

< End of report >

Very many thanks yet again - your assistance is very much appreciated.
  • 0

#10
Salagubang
Posted 21 February 2011 - 09:02 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
How is the computer running now?
  • 0

Advertisements

#11
chrisg6152
Posted 22 February 2011 - 02:28 AM

chrisg6152

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Good Morning,

It all seems to be running OK - was there anything suspicious in the logs?

Thanks

Chrisg
  • 0

#12
Salagubang
Posted 22 February 2011 - 02:40 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi,

These two seems to be random files.

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Jotti

Please visit Jotti
Copy/paste the the following file path into the window

C:\WINDOWS\System32\D7AED2FEC7.sys
C:\WINDOWS\System32\C7FED2AED7.sys

Click Submit/Send File
Please post back, to let me know the results.
  • 0

#13
chrisg6152
Posted 22 February 2011 - 11:12 AM

chrisg6152

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Hi and thanks for the prompt reply.

I tried to have the files scanned but unfortunately I could only 'browse' for the files and they weren't there!!

I attempted to cut and paste but unfortunately the Jotti window wouldn't allow it.

Any thoughts??

Thanks
  • 0

#14
Salagubang
Posted 22 February 2011 - 07:31 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi,

The files are hidden. To unhide it.
  • Open My Computer from your desktop.
  • Click on the tools menu.
  • Click on the Folder Options
  • Click on the View tab
  • Scroll down to "Show Hidden Files and Folders" and choose "Show Hidden Files and Folders"
  • Untick "Hide Protected operating system files"
  • Click OK to confirm.

You'll now be able to see the files when uploading them to Jotti for scan.
  • 0

#15
chrisg6152
Posted 23 February 2011 - 02:30 AM

chrisg6152

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Good Morning,

Both files have now been scanned by Jotti - nothing found!

Thanks

Chrisg
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP