Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

MBR Alureon-K [Solved]

Started by DeathbyDonut , May 02 2012 11:19 AM

  • This topic is locked This topic is locked

#1
DeathbyDonut
Posted 02 May 2012 - 11:19 AM

DeathbyDonut

    New Member

  • Member
  • Pip
  • 9 posts
Hi all as instructed I've started my own thread.

Firstly , thanks to 'Tigsy'? for the Roguekiller , it seems to have brought back my desktop icons and list of prog files. :thumbsup:

After doing this I re-ran Avast and still top of the list is the Alureon file which won't dissappear.

Is this because it is in quarantine?

I have 5 reports on desktop should anyone wish to take a look from Roguekiller.

I am by the way a complete computer dummy so go easy on me :0)

Cheers

DbD
  • 0

Advertisements

#2
Essexboy
Posted 02 May 2012 - 01:21 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see what you have first shall we

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
DeathbyDonut
Posted 02 May 2012 - 02:28 PM

DeathbyDonut

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Essexboy , thanks for the reply.

I've done the first bit , but have a couple of questions.

1. The 'Extras' file didnt seem to turn up but I'd run the prog earlier and there is a Txt file from then but I didnt use your script and pressed quick scan , will that be anygood? or shall i re-run?

2. I notice in the 'Extras' log an old email adress is appearing loads of times , is it ok to remove this ( I don't use it any more but it has my name in it )

Cheers

DbD
  • 0

#4
Essexboy
Posted 02 May 2012 - 03:15 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I do not yet need the extras so hold back on that for now , but I will need the main log with the custom scan in it
  • 0

#5
DeathbyDonut
Posted 03 May 2012 - 11:07 AM

DeathbyDonut

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Soz it's late , early night followed by hard day at work :0/

OTL logfile created on: 02/05/2012 08:59:41 PM - Run 2
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Dames\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 76.50% Memory free
5.09 Gb Paging File | 4.52 Gb Available in Paging File | 88.79% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 98.70 Gb Free Space | 42.38% Space Free | Partition Type: NTFS

Computer Name: POWERHOUSE | User Name: Dames | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/02 18:36:10 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dames\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/04/18 18:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/04/18 18:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/11/12 14:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/09 14:49:00 | 001,423,360 | ---- | M] () -- C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/02 08:19:16 | 001,771,520 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12050200\algo.dll
MOD - [2012/04/12 15:42:16 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\db1d2470de43ffcb6f562277208d56e5\System.Web.ni.dll
MOD - [2012/04/12 15:22:25 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll
MOD - [2012/04/12 09:10:27 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll
MOD - [2012/04/12 09:08:20 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/02/22 16:08:47 | 000,081,408 | ---- | M] () -- C:\Program Files\NCH Software\ExpressZip\ezcm.dll
MOD - [2012/02/17 09:24:26 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/17 09:22:33 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/17 09:18:41 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2011/11/09 22:45:32 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/10/14 10:52:36 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/13 23:11:12 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/16 13:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009/11/12 14:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/07/12 22:33:58 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2007/04/09 14:49:00 | 001,423,360 | ---- | M] () -- C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
MOD - [2006/11/10 03:25:38 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\AI Suite\AiNap\AiNap.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/18 18:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/14 16:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/11/12 14:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ss.sys -- (StreamSurge) StreamSurge Driver (miniport)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/01/12 09:26:20 | 000,101,112 | R--- | M] (GFI Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/11/10 04:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/09/07 15:06:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/09/07 15:06:16 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/04/30 13:00:18 | 000,039,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/04/30 13:00:06 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/04/30 12:59:56 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/04/18 18:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 18:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 18:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 18:16:06 | 000,102,488 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/04/18 18:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 18:13:02 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/04/18 18:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/03/30 19:46:12 | 000,101,392 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2010/09/08 09:36:58 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zghsmdm.sys -- (zghsmdm)
DRV - [2010/08/07 14:19:46 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\androidusb.sys -- (androidusb)
DRV - [2010/02/26 15:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 15:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 15:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 15:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/11/18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/11/12 15:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/08/26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/02/24 14:27:00 | 000,037,376 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001)
DRV - [2007/12/18 01:14:04 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/11/09 03:50:42 | 000,452,480 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/06/05 11:09:26 | 000,035,072 | R--- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2007/06/05 11:09:26 | 000,014,080 | R--- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2007/06/05 11:09:14 | 000,135,048 | R--- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiHF518.sys -- (SaiHF518)
DRV - [2007/03/26 19:21:06 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/06/20 16:39:28 | 000,297,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P1370Vid.sys -- (P1370VID)
DRV - [2006/03/24 17:24:32 | 000,006,272 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P1370Vfx.sys -- (P1370Vfx)
DRV - [2005/12/06 09:58:58 | 000,004,992 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P1370Aul.sys -- (P1370Aul)
DRV - [2005/12/05 09:29:34 | 000,093,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P1370Aud.sys -- (P1370Aud)
DRV - [2004/08/13 19:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2002/04/11 19:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {2381E4B7-5C04-459E-9D46-2F9AC1608B66}
IE - HKU\.DEFAULT\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {2381E4B7-5C04-459E-9D46-2F9AC1608B66}
IE - HKU\S-1-5-18\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {2381E4B7-5C04-459E-9D46-2F9AC1608B66}
IE - HKU\S-1-5-19\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {2381E4B7-5C04-459E-9D46-2F9AC1608B66}
IE - HKU\S-1-5-20\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp

IE - HKU\S-1-5-21-1715567821-308236825-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/news/
IE - HKU\S-1-5-21-1715567821-308236825-725345543-1003\..\SearchScopes,DefaultScope = {C3C6106C-23A4-4D39-8FC5-73F546A394F4}
IE - HKU\S-1-5-21-1715567821-308236825-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1715567821-308236825-725345543-1003\..\SearchScopes\{C3C6106C-23A4-4D39-8FC5-73F546A394F4}: "URL" = http://www.google.co...1I7ADFA_enGB463
IE - HKU\S-1-5-21-1715567821-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1715567821-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://uk.search.yah...ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.rightmove...2E47EC2AF47F36"
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.733
FF - prefs.js..extensions.enabledItems: {da8bd68d-8e90-41cd-8345-a71b294e72e6}:2.0.12.0
FF - prefs.js..extensions.enabledItems: {0880F779-78C9-11E1-826D-B8AC6F996F26}:2.0
FF - prefs.js..keyword.URL: "http://uk.search.yah...ch?fr=ffds1&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dames\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dames\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Dames\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/11 08:35:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/02/28 09:31:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/15 15:19:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/28 11:00:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/11 08:35:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0880F779-78C9-11E1-826D-B8AC6F996F26}: C:\Documents and Settings\Dames\Local Settings\Application Data\{0880F779-78C9-11E1-826D-B8AC6F996F26}\ [2012/03/28 12:28:32 | 000,000,000 | ---D | M]

[2009/01/10 20:14:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dames\Application Data\Mozilla\Extensions
[2012/04/28 14:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dames\Application Data\Mozilla\Firefox\Profiles\mjrs315v.default\extensions
[2011/01/23 16:48:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dames\Application Data\Mozilla\Firefox\Profiles\mjrs315v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/14 19:43:52 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Dames\Application Data\Mozilla\Firefox\Profiles\mjrs315v.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011/10/31 16:17:18 | 000,000,000 | ---D | M] (Property Bee) -- C:\Documents and Settings\Dames\Application Data\Mozilla\Firefox\Profiles\mjrs315v.default\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}
[2011/04/14 19:43:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Dames\Application Data\Mozilla\Firefox\Profiles\mjrs315v.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/04/17 15:21:24 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Dames\Application Data\Mozilla\Firefox\Profiles\mjrs315v.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2012/04/28 14:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/18 18:36:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/29 11:15:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/02/08 08:52:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/04 08:43:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/09/15 09:57:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/24 11:08:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012/03/28 12:28:32 | 000,000,000 | ---D | M] (Translate This!) -- C:\DOCUMENTS AND SETTINGS\DAMES\LOCAL SETTINGS\APPLICATION DATA\{0880F779-78C9-11E1-826D-B8AC6F996F26}
[2008/12/19 16:01:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/28 09:31:51 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/01/10 20:14:28 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/01/10 20:14:28 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/01/10 20:14:28 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/01/10 20:14:28 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKU\S-1-5-21-1715567821-308236825-725345543-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON PictureMate (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [POINTER] point32.exe File not found
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1715567821-308236825-725345543-1003..\Run: [SearchAndDestroyT] C:\Program Files\Search And Destroy\SearchAndDestroy.exe File not found
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1715567821-308236825-725345543-1003..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://racers.lego.c...uperSonic.aspx" File not found
O4 - Startup: C:\Documents and Settings\Dames\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-308236825-725345543-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1715567821-308236825-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1715567821-308236825-725345543-1003\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1715567821-308236825-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1715567821-308236825-725345543-1003\..Trusted Domains: google.co.uk ([www] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1211132969453 (WUWebControl Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.tescophot...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B357EEDA-D8CE-4213-BA37-12A977B2EC47}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/19 19:13:14 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{abf22294-a364-11dd-905c-001e8c7bac8a}\Shell\AutoRun\command - "" = E:\.\MigWiz\migsetup.exe
O33 - MountPoints2\{c47257b8-2505-11dd-8f77-00173fb62dce}\Shell\AutoRun\command - "" = F:\wd_windows_tools\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1056

========== Files/Folders - Created Within 30 Days ==========

[2012/05/02 18:37:55 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dames\Desktop\OTL.exe
[2012/05/02 13:28:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dames\Desktop\RK_Quarantine
[2012/05/02 13:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dames\Application Data\Malwarebytes
[2012/05/02 13:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/02 13:14:39 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/02 13:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/02 13:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/05/02 13:14:06 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dames\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/02 13:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dames\Desktop\Downloads
[2012/05/02 12:46:13 | 000,101,112 | R--- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/05/02 12:46:12 | 000,042,864 | R--- | C] (GFI Software) -- C:\WINDOWS\System32\SBBD.EXE
[2012/05/02 10:26:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dames\Recent
[2012/05/02 09:53:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dames\Start Menu\Programs\Data Recovery
[2012/04/22 14:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\WordBiz
[2012/04/15 16:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dames\Application Data\Mumble
[2012/04/15 16:30:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mumble
[2012/04/15 16:30:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mumble
[2012/04/14 16:41:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dames\Desktop\Driving in my kart 1_data
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/02 20:08:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-308236825-725345543-1003UA.job
[2012/05/02 20:05:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/02 18:51:07 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\StarCraft II.lnk
[2012/05/02 18:36:10 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dames\Desktop\OTL.exe
[2012/05/02 18:27:38 | 000,000,344 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012/05/02 18:25:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/02 18:24:48 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/02 18:24:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/02 18:20:07 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\Skype.lnk
[2012/05/02 15:08:02 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-308236825-725345543-1003Core.job
[2012/05/02 13:28:29 | 001,421,312 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\RogueKiller.exe
[2012/05/02 13:14:40 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/02 13:14:14 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dames\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/02 12:12:48 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/05/02 10:09:45 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AIC1XAlt18cA8j
[2012/05/02 10:04:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-AIC1XAlt18cA8j
[2012/05/02 09:53:59 | 000,000,184 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-AIC1XAlt18cA8jr
[2012/05/02 09:53:23 | 000,244,224 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\AIC1XAlt18cA8j.exe
[2012/05/02 09:45:30 | 000,328,704 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\nMQsPVYoUn.exe
[2012/05/01 22:38:27 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\Microsoft Office Word 2003.lnk
[2012/05/01 21:16:41 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{064BB82E-8269-4DD7-BB48-EB0625A774CE}.job
[2012/05/01 18:48:00 | 002,186,287 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\[email protected]_20120430_152641.pdf
[2012/05/01 17:09:32 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\Google Chrome.lnk
[2012/04/23 19:20:51 | 000,015,390 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\AA pic.bmp
[2012/04/17 17:17:59 | 000,000,636 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\Audacity.lnk
[2012/04/16 12:11:55 | 027,913,563 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\pb_export.csv
[2012/04/15 16:32:53 | 000,002,379 | ---- | M] () -- C:\Documents and Settings\Dames\My Documents\MumbleAutomaticCertificateBackup.p12
[2012/04/15 16:30:29 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk
[2012/04/15 16:29:32 | 017,904,640 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\mumble-1.2.3a.msi
[2012/04/14 16:54:03 | 046,374,673 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\Driving in my Kart the movie.wmv
[2012/04/14 16:41:47 | 000,039,936 | -H-- | M] () -- C:\Documents and Settings\Dames\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/14 16:41:17 | 000,005,731 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\Driving in my kart 1.aup
[2012/04/14 16:40:58 | 017,418,284 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\Driving in my Kart.wav
[2012/04/14 16:25:06 | 000,831,453 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\Top Gear.mp3
[2012/04/14 16:14:27 | 000,712,293 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\Formula 1 - BBC.mp3
[2012/04/14 16:07:23 | 048,374,543 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\Joel go-kart.wmv
[2012/04/12 09:08:42 | 000,484,748 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/12 09:08:42 | 000,080,762 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/12 08:58:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/04 12:10:00 | 000,134,784 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\http___www.barratthomes.co.pdf
[2012/04/03 17:39:28 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/02 18:51:07 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Dames\Desktop\StarCraft II.lnk
[2012/05/02 18:27:38 | 000,000,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012/05/02 13:32:37 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Dames\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/02 13:32:37 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Dames\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/02 13:32:37 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\WavePad Sound Editor.lnk
[2012/05/02 13:32:37 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/05/02 13:32:37 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Dames\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook Express.lnk
[2012/05/02 13:32:37 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Dames\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/05/02 13:32:36 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Switch Sound File Converter.lnk
[2012/05/02 13:32:34 | 000,001,990 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mouse Healthy Computing Guide.lnk
[2012/05/02 13:32:34 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/05/02 13:32:33 | 000,001,958 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Mouse.lnk
[2012/05/02 13:32:33 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2012/05/02 13:32:32 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Express Zip File Compression Software.lnk
[2012/05/02 13:32:30 | 000,001,556 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk
[2012/05/02 13:32:29 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/05/02 13:32:29 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\BBC iPlayer Desktop.lnk
[2012/05/02 13:32:29 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity.lnk
[2012/05/02 13:32:28 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/05/02 13:32:28 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Digital Editions.lnk
[2012/05/02 13:28:28 | 001,421,312 | ---- | C] () -- C:\Documents and Settings\Dames\Desktop\RogueKiller.exe
[2012/05/02 13:14:40 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/02 09:53:59 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-AIC1XAlt18cA8jr
[2012/05/02 09:53:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-AIC1XAlt18cA8j
[2012/05/02 09:53:39 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\AIC1XAlt18cA8j
[2012/05/02 09:53:23 | 000,244,224 | ---- | C] ( ) -- C:\Documents and Settings\All Users\Application Data\AIC1XAlt18cA8j.exe
[2012/05/02 09:47:46 | 000,328,704 | ---- | C] ( ) -- C:\Documents and Settings\All Users\Application Data\nMQsPVYoUn.exe
[2012/05/01 18:48:00 | 002,186,287 | ---- | C] () -- C:\Documents and Settings\Dames\Desktop\[email protected]_20120430_152641.pdf
[2012/04/23 19:20:51 | 000,015,390 | ---- | C] () -- C:\Documents and Settings\Dames\Desktop\AA pic.bmp
[2012/04/17 17:17:59 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\Dames\Desktop\Audacity.lnk
[2012/04/16 11:14:43 | 027,913,563 | ---- | C] () -- C:\Documents and Settings\Dames\Desktop\pb_export.csv
[2012/04/15 16:32:53 | 000,002,379 | ---- | C] () -- C:\Documents and Settings\Dames\My Documents\MumbleAutomaticCertificateBackup.p12
[2012/04/15 16:30:29 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk
[2012/04/15 16:29:32 | 017,904,640 | ---- | C] () -- C:\Documents and Settings\Dames\Desktop\mumble-1.2.3a.msi
[2012/04/14 16:52:29 | 046,374,673 | ---- | C] () -- C:\Documents and Settings\Dames\Desktop\Driving in my Kart the movie.wmv
[2012/04/14 16:41:17 | 000,005,731 | ---- | C] () -- C:\Documents and Settings\Dames\Desktop\Driving in my kart 1.aup
[2012/04/14 16:40:57 | 017,418,284 | ---- | C] () -- C:\Documents and Settings\Dames\Desktop\Driving in my Kart.wav
[2012/04/14 16:25:05 | 000,831,453 | ---- | C] () -- C:\Documents and Settings\Dames\Desktop\Top Gear.mp3
[2012/04/14 16:14:25 | 000,712,293 | ---- | C] () -- C:\Documents and Settings\Dames\Desktop\Formula 1 - BBC.mp3
[2012/04/14 16:03:01 | 048,374,543 | ---- | C] () -- C:\Documents and Settings\Dames\Desktop\Joel go-kart.wmv
[2012/04/04 12:09:58 | 000,134,784 | ---- | C] () -- C:\Documents and Settings\Dames\Desktop\http___www.barratthomes.co.pdf
[2012/04/03 17:39:28 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2012/01/06 00:34:27 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2011/12/30 13:15:41 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/12/02 15:51:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/12/02 15:51:37 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/12/02 15:51:37 | 000,243,168 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/12/02 15:51:37 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/10/29 17:13:37 | 000,000,399 | ---- | C] () -- C:\WINDOWS\AudioConverter.INI
[2011/10/29 17:10:39 | 000,000,031 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\aceg.ini
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OVDecoder.dll
[2011/05/19 21:28:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2011/03/17 12:02:26 | 000,000,041 | ---- | C] () -- C:\WINDOWS\easepdftotextextractor.ini
[2010/09/11 08:34:39 | 000,023,110 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/07/20 21:05:15 | 000,077,374 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/07/19 19:23:36 | 000,188,848 | ---- | C] () -- C:\WINDOWS\hpwins22.dat
[2010/07/19 19:23:36 | 000,002,979 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat

========== LOP Check ==========

[2009/05/03 18:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2010/02/21 17:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/09/15 09:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2010/01/23 13:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2009/08/09 16:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Compass Web Designs LLC
[2011/10/29 17:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\easetech
[2009/06/27 17:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/11/21 18:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2008/05/19 19:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2012/01/06 00:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/11/21 18:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/12/22 17:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/01/10 18:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Saitek
[2011/02/21 20:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/07/30 20:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/07/30 20:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2010/01/01 23:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tencent
[2011/03/31 09:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2008/08/03 12:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2011/06/19 10:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/03/15 15:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/10 01:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\Amazon
[2011/03/28 15:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2012/03/11 21:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\calibre
[2010/01/31 11:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\Canneverbe Limited
[2011/06/19 19:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\CD Label Designer
[2010/06/06 16:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
[2012/04/22 16:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\Dropbox
[2012/03/05 20:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\eBookConverter
[2009/11/11 16:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\Foxit
[2012/01/09 16:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\Foxit Software
[2008/08/31 13:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\FUJIFILM
[2009/05/29 21:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\GARMIN
[2012/05/02 13:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\GetRightToGo
[2010/06/06 16:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\gtk-2.0
[2008/09/05 20:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\iPodder
[2011/09/29 17:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\Leadertech
[2011/12/19 19:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\LolClient
[2011/12/05 21:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\MechCAD
[2012/04/27 21:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\Mumble
[2009/07/26 13:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\muvee Technologies
[2010/12/06 15:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\Nokia
[2011/06/15 08:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\OpenCandy
[2010/12/06 15:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\PC Suite
[2008/07/30 20:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\ScanSoft
[2012/03/06 13:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\Simple Adblock
[2009/09/15 14:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\SmartDraw
[2012/02/21 21:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\TeamViewer
[2011/05/19 10:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\Trusteer
[2012/05/01 19:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\TS3Client
[2012/02/24 04:32:15 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\expresszipShakeIcon.job
[2011/11/01 13:36:05 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\switchSevenDays.job
[2011/11/04 13:37:01 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
[2012/05/01 21:16:41 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{064BB82E-8269-4DD7-BB48-EB0625A774CE}.job
[2012/04/03 17:39:28 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 12:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >
[2009/01/06 17:21:41 | 000,000,272 | -HS- | M] () -- C:\DOCUME~1\Dames\LOCALS~1\Temp\smtmp\1\desktop.ini
[2010/07/20 21:06:01 | 000,001,018 | ---- | M] () -- C:\DOCUME~1\Dames\LOCALS~1\Temp\smtmp\1\HP Solution Center.lnk
[2008/05/18 19:49:23 | 000,001,566 | ---- | M] () -- C:\DOCUME~1\Dames\LOCALS~1\Temp\smtmp\1\Microsoft Update.lnk
[2011/06/19 10:48:56 | 000,000,995 | ---- | M] () -- C:\DOCUME~1\Dames\LOCALS~1\Temp\smtmp\1\Program Updates.lnk
[2009/01/06 17:21:41 | 000,001,563 | ---- | M] () -- C:\DOCUME~1\Dames\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
[2009/08/09 16:19:21 | 000,000,748 | ---- | M] () -- C:\DOCUME~1\Dames\LOCALS~1\Temp\smtmp\1\Shortcut to TileGem_001.exe.lnk
[2008/05/14 23:59:14 | 000,000,398 | ---- | M] () -- C:\DOCUME~1\Dames\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
[2008/05/14 23:59:14 | 000,001,507 | ---- | M] () -- C:\DOCUME~1\Dames\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
[2011/06/15 08:32:36 | 000,001,732 | ---- | M] () -- C:\DOCUME~1\Dames\LOCALS~1\Temp\smtmp\1\WinZip.lnk

< %Temp%\smtmp\2\*.* >
[2012/05/02 09:53:53 | 000,000,855 | ---- | M] () -- C:\DOCUME~1\Dames\LOCALS~1\Temp\smtmp\2\Data_Recovery.lnk
[2008/05/15 00:04:40 | 000,000,119 | -HS- | M] () -- C:\DOCUME~1\Dames\LOCALS~1\Temp\smtmp\2\desktop.ini
[2011/12/22 23:07:47 | 000,000,815 | ---- | M] () -- C:\DOCUME~1\Dames\LOCALS~1\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
[2008/05/21 08:11:01 | 000,001,620 | ---- | M] () -- C:\DOCUME~1\Dames\LOCALS~1\Temp\smtmp\2\Mozilla Firefox.lnk
[2008/05/24 10:02:47 | 000,000,738 | ---- | M] () -- C:\DOCUME~1\Dames\LOCALS~1\Temp\smtmp\2\Outlook Express.lnk
[2008/05/15 00:04:40 | 000,000,079 | ---- | M] () -- C:\DOCUME~1\Dames\LOCALS~1\Temp\smtmp\2\Show Desktop.scf

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< >

< End of report >
  • 0

#6
Essexboy
Posted 03 May 2012 - 11:34 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I will need the aswMBR log to determine which variant of the infection it is

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKU\S-1-5-21-1715567821-308236825-725345543-1003..\Run: [SearchAndDestroyT] C:\Program Files\Search And Destroy\SearchAndDestroy.exe File not found
    [2012/05/02 10:09:45 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AIC1XAlt18cA8j
    [2012/05/02 10:04:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-AIC1XAlt18cA8j
    [2012/05/02 09:53:59 | 000,000,184 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-AIC1XAlt18cA8jr
    [2012/05/02 09:53:23 | 000,244,224 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\AIC1XAlt18cA8j.exe
    [2012/05/02 09:45:30 | 000,328,704 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\nMQsPVYoUn.exe

    :Files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

    :Commands
    [purity]
    [resethosts]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#7
DeathbyDonut
Posted 03 May 2012 - 12:37 PM

DeathbyDonut

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTL logfile created on: 03/05/2012 07:32:00 PM - Run 3
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Dames\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 81.97% Memory free
5.09 Gb Paging File | 4.64 Gb Available in Paging File | 91.08% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 98.77 Gb Free Space | 42.41% Space Free | Partition Type: NTFS

Computer Name: POWERHOUSE | User Name: Dames | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/02 18:36:10 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dames\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/18 18:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/04/18 18:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/11/12 14:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/09 14:49:00 | 001,423,360 | ---- | M] () -- C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/03 07:58:53 | 001,771,520 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12050300\algo.dll
MOD - [2012/04/12 15:42:16 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\db1d2470de43ffcb6f562277208d56e5\System.Web.ni.dll
MOD - [2012/04/12 15:22:25 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll
MOD - [2012/04/12 09:10:27 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll
MOD - [2012/04/12 09:08:20 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/02/17 09:24:26 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/17 09:22:33 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/17 09:18:41 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2011/11/09 22:45:32 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/10/14 10:52:36 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/13 23:11:12 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/16 13:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009/11/12 14:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2007/07/12 22:33:58 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2007/04/09 14:49:00 | 001,423,360 | ---- | M] () -- C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
MOD - [2006/11/10 03:25:38 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\AI Suite\AiNap\AiNap.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/18 18:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/14 16:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/11/12 14:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ss.sys -- (StreamSurge) StreamSurge Driver (miniport)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/01/12 09:26:20 | 000,101,112 | R--- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/11/10 04:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/09/07 15:06:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/09/07 15:06:16 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/04/30 13:00:18 | 000,039,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/04/30 13:00:06 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/04/30 12:59:56 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/04/18 18:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 18:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 18:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 18:16:06 | 000,102,488 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/04/18 18:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 18:13:02 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/04/18 18:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/03/30 19:46:12 | 000,101,392 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2010/09/08 09:36:58 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zghsmdm.sys -- (zghsmdm)
DRV - [2010/08/07 14:19:46 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\androidusb.sys -- (androidusb)
DRV - [2010/02/26 15:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 15:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 15:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 15:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/11/18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/11/12 15:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/08/26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/02/24 14:27:00 | 000,037,376 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001)
DRV - [2007/12/18 01:14:04 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/11/09 03:50:42 | 000,452,480 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/06/05 11:09:26 | 000,035,072 | R--- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2007/06/05 11:09:26 | 000,014,080 | R--- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2007/06/05 11:09:14 | 000,135,048 | R--- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiHF518.sys -- (SaiHF518)
DRV - [2007/03/26 19:21:06 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/06/20 16:39:28 | 000,297,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P1370Vid.sys -- (P1370VID)
DRV - [2006/03/24 17:24:32 | 000,006,272 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P1370Vfx.sys -- (P1370Vfx)
DRV - [2005/12/06 09:58:58 | 000,004,992 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P1370Aul.sys -- (P1370Aul)
DRV - [2005/12/05 09:29:34 | 000,093,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P1370Aud.sys -- (P1370Aud)
DRV - [2004/08/13 19:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2002/04/11 19:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/news/
IE - HKCU\..\SearchScopes,DefaultScope = {C3C6106C-23A4-4D39-8FC5-73F546A394F4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{C3C6106C-23A4-4D39-8FC5-73F546A394F4}: "URL" = http://www.google.co...1I7ADFA_enGB463
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://uk.search.yah...ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.rightmove...2E47EC2AF47F36"
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.733
FF - prefs.js..extensions.enabledItems: {da8bd68d-8e90-41cd-8345-a71b294e72e6}:2.0.12.0
FF - prefs.js..extensions.enabledItems: {0880F779-78C9-11E1-826D-B8AC6F996F26}:2.0
FF - prefs.js..keyword.URL: "http://uk.search.yah...ch?fr=ffds1&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dames\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dames\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Dames\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/11 08:35:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/02/28 09:31:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/15 15:19:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/28 11:00:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/11 08:35:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0880F779-78C9-11E1-826D-B8AC6F996F26}: C:\Documents and Settings\Dames\Local Settings\Application Data\{0880F779-78C9-11E1-826D-B8AC6F996F26}\ [2012/03/28 12:28:32 | 000,000,000 | ---D | M]

[2009/01/10 20:14:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dames\Application Data\Mozilla\Extensions
[2012/04/28 14:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dames\Application Data\Mozilla\Firefox\Profiles\mjrs315v.default\extensions
[2011/01/23 16:48:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dames\Application Data\Mozilla\Firefox\Profiles\mjrs315v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/14 19:43:52 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Dames\Application Data\Mozilla\Firefox\Profiles\mjrs315v.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011/10/31 16:17:18 | 000,000,000 | ---D | M] (Property Bee) -- C:\Documents and Settings\Dames\Application Data\Mozilla\Firefox\Profiles\mjrs315v.default\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}
[2011/04/14 19:43:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Dames\Application Data\Mozilla\Firefox\Profiles\mjrs315v.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/04/17 15:21:24 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Dames\Application Data\Mozilla\Firefox\Profiles\mjrs315v.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2012/04/28 14:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/18 18:36:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/29 11:15:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/02/08 08:52:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/04 08:43:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/09/15 09:57:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/24 11:08:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012/03/28 12:28:32 | 000,000,000 | ---D | M] (Translate This!) -- C:\DOCUMENTS AND SETTINGS\DAMES\LOCAL SETTINGS\APPLICATION DATA\{0880F779-78C9-11E1-826D-B8AC6F996F26}
[2008/12/19 16:01:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/28 09:31:51 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/01/10 20:14:28 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/01/10 20:14:28 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/01/10 20:14:28 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/01/10 20:14:28 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/05/03 19:26:15 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON PictureMate (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [POINTER] point32.exe File not found
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://racers.lego.c...uperSonic.aspx" File not found
O4 - Startup: C:\Documents and Settings\Dames\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: google.co.uk ([www] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1211132969453 (WUWebControl Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.tescophot...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B357EEDA-D8CE-4213-BA37-12A977B2EC47}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/19 19:13:14 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{abf22294-a364-11dd-905c-001e8c7bac8a}\Shell\AutoRun\command - "" = E:\.\MigWiz\migsetup.exe
O33 - MountPoints2\{c47257b8-2505-11dd-8f77-00173fb62dce}\Shell\AutoRun\command - "" = F:\wd_windows_tools\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/03 19:25:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/02 18:37:55 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dames\Desktop\OTL.exe
[2012/05/02 13:28:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dames\Desktop\RK_Quarantine
[2012/05/02 13:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dames\Application Data\Malwarebytes
[2012/05/02 13:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/02 13:14:39 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/02 13:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/02 13:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/05/02 13:14:06 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dames\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/02 13:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dames\Desktop\Downloads
[2012/05/02 12:46:13 | 000,101,112 | R--- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/05/02 12:46:12 | 000,042,864 | R--- | C] (GFI Software) -- C:\WINDOWS\System32\SBBD.EXE
[2012/05/02 10:26:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dames\Recent
[2012/05/02 09:53:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dames\Start Menu\Programs\Data Recovery
[2012/04/22 14:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\WordBiz
[2012/04/15 16:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dames\Application Data\Mumble
[2012/04/15 16:30:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mumble
[2012/04/15 16:30:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mumble
[2012/04/14 16:41:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dames\Desktop\Driving in my kart 1_data
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/03 19:28:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/03 19:27:55 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/03 19:27:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/03 19:26:15 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/05/03 19:08:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-308236825-725345543-1003UA.job
[2012/05/03 19:05:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/03 17:05:39 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{064BB82E-8269-4DD7-BB48-EB0625A774CE}.job
[2012/05/02 18:51:07 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\StarCraft II.lnk
[2012/05/02 18:36:10 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dames\Desktop\OTL.exe
[2012/05/02 18:27:38 | 000,000,344 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012/05/02 18:20:07 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\Skype.lnk
[2012/05/02 15:08:02 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-308236825-725345543-1003Core.job
[2012/05/02 13:28:29 | 001,421,312 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\RogueKiller.exe
[2012/05/02 13:14:40 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/02 13:14:14 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dames\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/02 12:12:48 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/05/02 09:53:53 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\Dames\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/05/01 22:38:27 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\Microsoft Office Word 2003.lnk
[2012/05/01 18:48:00 | 002,186,287 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\[email protected]_20120430_152641.pdf
[2012/05/01 17:09:32 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\Google Chrome.lnk
[2012/04/23 19:20:51 | 000,015,390 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\AA pic.bmp
[2012/04/17 17:17:59 | 000,000,636 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\Audacity.lnk
[2012/04/16 12:11:55 | 027,913,563 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\pb_export.csv
[2012/04/15 16:32:53 | 000,002,379 | ---- | M] () -- C:\Documents and Settings\Dames\My Documents\MumbleAutomaticCertificateBackup.p12
[2012/04/15 16:30:29 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk
[2012/04/15 16:29:32 | 017,904,640 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\mumble-1.2.3a.msi
[2012/04/14 16:54:03 | 046,374,673 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\Driving in my Kart the movie.wmv
[2012/04/14 16:41:47 | 000,039,936 | -H-- | M] () -- C:\Documents and Settings\Dames\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/14 16:41:17 | 000,005,731 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\Driving in my kart 1.aup
[2012/04/14 16:40:58 | 017,418,284 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\Driving in my Kart.wav
[2012/04/14 16:25:06 | 000,831,453 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\Top Gear.mp3
[2012/04/14 16:14:27 | 000,712,293 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\Formula 1 - BBC.mp3
[2012/04/14 16:07:23 | 048,374,543 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\Joel go-kart.wmv
[2012/04/12 09:08:42 | 000,484,748 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/12 09:08:42 | 000,080,762 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/12 08:58:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/04 12:10:00 | 000,134,784 | ---- | M] () -- C:\Documents and Settings\Dames\Desktop\http___www.barratthomes.co.pdf
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/03 19:26:15 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\Dames\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/05/02 18:51:07 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Dames\Desktop\StarCraft II.lnk
[2012/05/02 18:27:38 | 000,000,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012/05/02 13:32:37 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Dames\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/02 13:32:37 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Dames\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/02 13:32:37 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\WavePad Sound Editor.lnk
[2012/05/02 13:32:37 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/05/02 13:32:37 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Dames\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook Express.lnk
[2012/05/02 13:32:37 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Dames\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/05/02 13:32:36 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Switch Sound File Converter.lnk
[2012/05/02 13:32:34 | 000,001,990 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mouse Healthy Computing Guide.lnk
[2012/05/02 13:32:34 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/05/02 13:32:33 | 000,001,958 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Mouse.lnk
[2012/05/02 13:32:33 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2012/05/02 13:32:32 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Express Zip File Compression Software.lnk
[2012/05/02 13:32:30 | 000,001,556 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk
[2012/05/02 13:32:29 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/05/02 13:32:29 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\BBC iPlayer Desktop.lnk
[2012/05/02 13:32:29 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity.lnk
[2012/05/02 13:32:28 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/05/02 13:32:28 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Digital Editions.lnk
[2012/05/02 13:28:28 | 001,421,312 | ---- | C] () -- C:\Documents and Settings\Dames\Desktop\RogueKiller.exe
[2012/05/02 13:14:40 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/01 18:48:00 | 002,186,287 | ---- | C] () -- C:\Documents and Settings\Dames\Desktop\[email protected]_20120430_152641.pdf
[2012/04/23 19:20:51 | 000,015,390 | ---- | C] () -- C:\Documents and Settings\Dames\Desktop\AA pic.bmp
[2012/04/17 17:17:59 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\Dames\Desktop\Audacity.lnk
[2012/04/16 11:14:43 | 027,913,563 | ---- | C] () -- C:\Documents and Settings\Dames\Desktop\pb_export.csv
[2012/04/15 16:32:53 | 000,002,379 | ---- | C] () -- C:\Documents and Settings\Dames\My Documents\MumbleAutomaticCertificateBackup.p12
[2012/04/15 16:30:29 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk
[2012/04/15 16:29:32 | 017,904,640 | ---- | C] () -- C:\Documents and Settings\Dames\Desktop\mumble-1.2.3a.msi
[2012/04/14 16:52:29 | 046,374,673 | ---- | C] () -- C:\Documents and Settings\Dames\Desktop\Driving in my Kart the movie.wmv
[2012/04/14 16:41:17 | 000,005,731 | ---- | C] () -- C:\Documents and Settings\Dames\Desktop\Driving in my kart 1.aup
[2012/04/14 16:40:57 | 017,418,284 | ---- | C] () -- C:\Documents and Settings\Dames\Desktop\Driving in my Kart.wav
[2012/04/14 16:25:05 | 000,831,453 | ---- | C] () -- C:\Documents and Settings\Dames\Desktop\Top Gear.mp3
[2012/04/14 16:14:25 | 000,712,293 | ---- | C] () -- C:\Documents and Settings\Dames\Desktop\Formula 1 - BBC.mp3
[2012/04/14 16:03:01 | 048,374,543 | ---- | C] () -- C:\Documents and Settings\Dames\Desktop\Joel go-kart.wmv
[2012/04/04 12:09:58 | 000,134,784 | ---- | C] () -- C:\Documents and Settings\Dames\Desktop\http___www.barratthomes.co.pdf
[2012/01/06 00:34:27 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2011/12/30 13:15:41 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/12/02 15:51:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/12/02 15:51:37 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/12/02 15:51:37 | 000,243,168 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/12/02 15:51:37 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/10/29 17:13:37 | 000,000,399 | ---- | C] () -- C:\WINDOWS\AudioConverter.INI
[2011/10/29 17:10:39 | 000,000,031 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\aceg.ini
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OVDecoder.dll
[2011/05/19 21:28:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2011/03/17 12:02:26 | 000,000,041 | ---- | C] () -- C:\WINDOWS\easepdftotextextractor.ini
[2010/09/11 08:34:39 | 000,023,110 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/07/20 21:05:15 | 000,077,374 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/07/19 19:23:36 | 000,188,848 | ---- | C] () -- C:\WINDOWS\hpwins22.dat
[2010/07/19 19:23:36 | 000,002,979 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat

========== LOP Check ==========

[2009/05/03 18:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2010/02/21 17:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/09/15 09:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2010/01/23 13:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2009/08/09 16:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Compass Web Designs LLC
[2011/10/29 17:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\easetech
[2009/06/27 17:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/11/21 18:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2008/05/19 19:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2012/01/06 00:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/11/21 18:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/12/22 17:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/01/10 18:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Saitek
[2011/02/21 20:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/07/30 20:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/07/30 20:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2010/01/01 23:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tencent
[2011/03/31 09:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2008/08/03 12:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2011/06/19 10:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/03/15 15:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/10 01:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\Amazon
[2011/03/28 15:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2012/03/11 21:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\calibre
[2010/01/31 11:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\Canneverbe Limited
[2011/06/19 19:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\CD Label Designer
[2010/06/06 16:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
[2012/04/22 16:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\Dropbox
[2012/03/05 20:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\eBookConverter
[2009/11/11 16:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\Foxit
[2012/01/09 16:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\Foxit Software
[2008/08/31 13:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\FUJIFILM
[2009/05/29 21:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\GARMIN
[2012/05/02 13:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\GetRightToGo
[2010/06/06 16:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\gtk-2.0
[2008/09/05 20:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\iPodder
[2011/09/29 17:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\Leadertech
[2011/12/19 19:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\LolClient
[2011/12/05 21:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\MechCAD
[2012/04/27 21:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\Mumble
[2009/07/26 13:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\muvee Technologies
[2010/12/06 15:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\Nokia
[2011/06/15 08:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\OpenCandy
[2010/12/06 15:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\PC Suite
[2008/07/30 20:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\ScanSoft
[2012/03/06 13:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\Simple Adblock
[2009/09/15 14:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\SmartDraw
[2012/02/21 21:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\TeamViewer
[2011/05/19 10:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\Trusteer
[2012/05/01 19:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dames\Application Data\TS3Client
[2012/02/24 04:32:15 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\expresszipShakeIcon.job
[2011/11/01 13:36:05 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\switchSevenDays.job
[2011/11/04 13:37:01 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
[2012/05/03 17:05:39 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{064BB82E-8269-4DD7-BB48-EB0625A774CE}.job
[2012/04/03 17:39:28 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========



< End of report >
  • 0

#8
Essexboy
Posted 03 May 2012 - 12:38 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could I have the aswMBR log please

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#9
DeathbyDonut
Posted 03 May 2012 - 01:14 PM

DeathbyDonut

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-03 19:39:53
-----------------------------
19:39:53.359 OS Version: Windows 5.1.2600 Service Pack 3
19:39:53.359 Number of processors: 2 586 0x1706
19:39:53.359 ComputerName: POWERHOUSE UserName: Dames
19:39:53.984 Initialize success
19:39:54.093 AVAST engine defs: 12050300
19:40:07.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-b
19:40:07.984 Disk 0 Vendor: ST3250410AS 3.AAC Size: 238475MB BusType: 3
19:40:07.984 Disk 0 MBR read successfully
19:40:07.984 Disk 0 MBR scan
19:40:07.984 Disk 0 Windows XP default MBR code
19:40:08.000 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
19:40:08.015 Disk 0 scanning sectors +488376000
19:40:08.062 Disk 0 scanning C:\WINDOWS\system32\drivers
19:40:14.437 Service scanning
19:40:24.500 Modules scanning
19:40:28.421 Disk 0 trace - called modules:
19:40:28.437 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:40:28.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b66eab8]
19:40:28.437 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000079[0x8b63d9e8]
19:40:28.453 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-b[0x8b674d98]
19:40:28.968 AVAST engine scan C:\WINDOWS
19:40:41.843 AVAST engine scan C:\WINDOWS\system32
19:42:14.968 AVAST engine scan C:\WINDOWS\system32\drivers
19:42:25.078 AVAST engine scan C:\Documents and Settings\Dames
19:51:15.203 AVAST engine scan C:\Documents and Settings\All Users
20:07:00.250 Scan finished successfully
20:13:13.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dames\Desktop\MBR.dat"
20:13:13.937 The log file has been saved successfully to "C:\Documents and Settings\Dames\Desktop\aswMBR.txt"
  • 0

#10
Essexboy
Posted 03 May 2012 - 01:37 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What are your current problems ?
  • 0

Advertisements

#11
DeathbyDonut
Posted 03 May 2012 - 01:55 PM

DeathbyDonut

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
None now I think , :0) thankyou.

If i run avst now should the alureon be gone?

also , do you have any advice on the best Antivirus software? After this episode I'd be quite happy to pay for a decent one.

DbD
  • 0

#12
Essexboy
Posted 03 May 2012 - 02:02 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
aswMBR would have picked up the infection if it was present, as it does use the Avast definitions on your computer..

As for AV .. Bad person to ask as I use Avast :) And I do like it for the protection it gives

Do you have all the start menus and icons back ?
  • 0

#13
DeathbyDonut
Posted 03 May 2012 - 02:09 PM

DeathbyDonut

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Yes everything came back after running the Rogue killer thingy , but the Alureon was still showing in avast , not now now though apaarently.

Thankyou for taking the time to do all the checking for me , it's something I would have no idea of doing such a thing.

Allow me to buy you a beer via the paypal , taking it that the link goes to you :0)

I'll do the same for Tigsy

Cheers

DbD
  • 0

#14
Essexboy
Posted 03 May 2012 - 02:12 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Avast was probably picking up the dropper in your temporary files which have now been emptied

Thank you for the beer - I will enjoy that :thumbsup:

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#15
DeathbyDonut
Posted 03 May 2012 - 02:42 PM

DeathbyDonut

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Beer is on the way :0)

Final question is worth upgrading to the 'pay for' Avast?

Once again many thanks.

DbD
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP