Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please Help Infected with Unknown Virus! [Solved]


  • This topic is locked This topic is locked

#31
daveki69

daveki69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi CompCav...

I ran the scan and left it overnight while i went to work before i left it had found a number of items and i cured them dont know what else it found because when i returned was just back to a blank screen still in docter web so i presumed it comleted the scan but could not find a report so just exited the program and rebooted.

Ive done an otl scan as requested here is the log:

OTL logfile created on: 07/08/2012 06:03:04 - Run 3
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\dave\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1006.23 Mb Total Physical Memory | 176.59 Mb Available Physical Memory | 17.55% Memory free
2.36 Gb Paging File | 1.64 Gb Available in Paging File | 69.32% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.38 Gb Total Space | 6.83 Gb Free Space | 9.70% Space Free | Partition Type: NTFS
Drive D: | 70.84 Gb Total Space | 20.26 Gb Free Space | 28.60% Space Free | Partition Type: FAT32

Computer Name: DAVESLAPTOP | User Name: dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/05 20:15:40 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\dave\Local Settings\temp\RtkBtMnt.exe
PRC - [2012/08/04 00:24:57 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dave\Desktop\OTL.exe
PRC - [2012/05/30 02:18:06 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/05/30 02:17:54 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/12/09 17:14:08 | 000,154,632 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Virgin Media Security\10.0.38.58308\RpsSecurityAwareR.exe
PRC - [2011/12/09 17:14:04 | 000,269,480 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Virgin Media Security\10.0.38.58308\Rps.exe
PRC - [2011/11/29 00:58:15 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/11/16 13:32:48 | 010,310,968 | ---- | M] (Radialpoint SafeCare Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
PRC - [2011/11/16 13:32:48 | 010,200,376 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
PRC - [2011/03/23 14:12:38 | 001,406,264 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
PRC - [2011/03/23 14:12:34 | 002,032,952 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
PRC - [2010/09/17 22:14:14 | 000,196,320 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
PRC - [2010/09/17 22:14:14 | 000,138,640 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
PRC - [2010/09/17 21:32:42 | 001,006,672 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
PRC - [2010/09/17 21:32:42 | 000,112,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files\Panda USB Vaccine\USBVaccine.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/04 19:44:00 | 000,475,136 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007/04/20 10:24:04 | 001,489,688 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\UNS.exe
PRC - [2007/04/20 10:24:00 | 000,183,064 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2007/04/20 10:23:56 | 000,121,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2007/03/02 02:21:52 | 000,024,576 | ---- | M] ( ) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007/02/22 08:32:30 | 000,140,832 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\IfxPsdSv.exe
PRC - [2007/02/12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
PRC - [2006/10/04 22:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/05 20:16:28 | 000,115,137 | ---- | M] () -- C:\Documents and Settings\dave\Local Settings\temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
MOD - [2012/06/14 09:00:23 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/14 08:58:04 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 08:57:49 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/14 08:54:00 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/06/14 08:50:31 | 013,197,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\abb5bbc7e336f73dc877b0747f827f9c\System.Windows.Forms.ni.dll
MOD - [2012/06/14 08:39:09 | 018,017,792 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1a6d151ef8db9727cea5d0aaf448d606\PresentationFramework.ni.dll
MOD - [2012/06/14 08:38:46 | 011,522,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3708a02c536ebfe2f2d23e5dc7d476a7\PresentationCore.ni.dll
MOD - [2012/06/14 08:38:28 | 003,879,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\0377351c3352c786d673bddc7052288d\WindowsBase.ni.dll
MOD - [2012/06/14 08:38:20 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\479448381d9608397ec835f785f47b5e\System.Drawing.ni.dll
MOD - [2012/06/14 08:23:50 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_c9ca4631\system.drawing.dll
MOD - [2012/06/14 08:23:38 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_539b0b6f\system.windows.forms.dll
MOD - [2012/06/14 08:23:05 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2012/06/05 13:29:56 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\4e6cce5a219fff0b6422e0428f917673\System.Management.ni.dll
MOD - [2012/06/05 13:27:49 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\bf45c9b6fb396a7624de0906f1d0e04b\System.Runtime.Remoting.ni.dll
MOD - [2012/06/05 13:27:36 | 001,781,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\2ab014b9de9dae71adf19bb63e0bc07f\System.Xaml.ni.dll
MOD - [2012/06/03 18:31:06 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c6ed1c98256bde4ae1f4a8e950105d75\PresentationFramework.Luna.ni.dll
MOD - [2012/06/03 18:30:43 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\cff5b1bfa1ba21f59e9365f9db26ebe9\System.Xml.ni.dll
MOD - [2012/06/03 18:30:35 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\6830d540135702e57c832d1bc3c162d5\System.Configuration.ni.dll
MOD - [2012/06/03 18:29:46 | 007,053,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\3eba193a23ec8f0ea9c4b57e23114e68\System.Core.ni.dll
MOD - [2012/06/03 18:29:28 | 009,091,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\789acb152c1b859e57c96a191c347a1a\System.ni.dll
MOD - [2012/06/03 18:29:04 | 014,415,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\97d737762adec957a2d7c80fafb4703a\mscorlib.ni.dll
MOD - [2012/05/30 02:18:06 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/05/13 10:31:37 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/13 10:18:42 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/13 10:07:57 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/13 10:04:04 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/13 10:03:49 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/12/31 11:45:34 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_98fbee71\mscorlib.dll
MOD - [2011/12/31 11:45:01 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_bf8efe92\system.dll
MOD - [2011/12/31 11:44:40 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011/12/31 11:44:35 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011/03/18 01:20:32 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HydraVision.Wizard\2.0.3257.27115__90ba9c70f846762e\CLI.Aspect.HydraVision.Wizard.dll
MOD - [2011/03/18 01:20:32 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3257.27008__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011/03/18 01:20:32 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2011/03/18 01:20:32 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2011/03/18 01:20:32 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3257.27112__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2011/03/18 01:20:32 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2011/03/18 01:20:31 | 001,691,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3257.27012__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2011/03/18 01:20:31 | 000,466,944 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3257.27092__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2011/03/18 01:20:31 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3257.27076__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2011/03/18 01:20:31 | 000,278,528 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3257.26996__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011/03/18 01:20:31 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3257.27013__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011/03/18 01:20:31 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3257.27071__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2011/03/18 01:20:31 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3257.27050__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2011/03/18 01:20:31 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3257.27037__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2011/03/18 01:20:31 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3257.27003__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011/03/18 01:20:30 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3257.27093__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011/03/18 01:20:30 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3257.27003__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011/03/18 01:20:29 | 000,344,064 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3257.27056__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2011/03/18 01:20:29 | 000,147,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Dashboard\2.0.3257.27098__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Dashboard.dll
MOD - [2011/03/18 01:20:29 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3257.27056__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011/03/18 01:20:29 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3257.27055__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2011/03/18 01:20:29 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Runtime\2.0.3257.27097__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Runtime.dll
MOD - [2011/03/18 01:20:27 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3257.27039__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2011/03/18 01:20:27 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3257.27065__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2011/03/18 01:20:27 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2011/03/18 01:20:26 | 000,798,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3257.27072__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2011/03/18 01:20:26 | 000,716,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3257.27004__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2011/03/18 01:20:26 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3257.27014__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2011/03/18 01:20:26 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3257.27013__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011/03/18 01:20:26 | 000,122,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3257.27048__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2011/03/18 01:20:26 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3257.27017__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2011/03/18 01:20:26 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3257.27047__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2011/03/18 01:20:25 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3257.27033__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2011/03/18 01:20:25 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2011/03/18 01:20:25 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3257.27049__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2011/03/18 01:20:25 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3257.27018__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2011/03/18 01:20:25 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3257.27037__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2011/03/18 01:20:25 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2011/03/18 01:20:25 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3257.27049__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2011/03/18 01:20:24 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3218.28677__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011/03/18 01:20:24 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3218.28672__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011/03/18 01:20:24 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3218.28683__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011/03/18 01:20:24 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011/03/18 01:20:24 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3218.28685__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2011/03/18 01:20:23 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011/03/18 01:20:23 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2011/03/18 01:20:21 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3218.28666__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011/03/18 01:20:21 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011/03/18 01:20:21 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3218.28664__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011/03/18 01:20:21 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3218.28665__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011/03/18 01:20:21 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3218.28727__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011/03/18 01:20:21 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3218.28687__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2011/03/18 01:20:21 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011/03/18 01:20:21 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011/03/18 01:20:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3218.28686__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011/03/18 01:20:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3218.28687__90ba9c70f846762e\DEM.OS.dll
MOD - [2011/03/18 01:20:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2011/03/18 01:20:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3218.28688__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011/03/18 01:20:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011/03/18 01:20:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3218.28676__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011/03/18 01:20:20 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011/03/18 01:20:20 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011/03/18 01:20:20 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3218.28702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011/03/18 01:20:20 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Shared\2.0.3218.28702__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Shared.dll
MOD - [2011/03/18 01:20:20 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3218.28672__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011/03/18 01:20:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2011/03/18 01:20:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2011/03/18 01:20:19 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2011/03/18 01:20:19 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2011/03/18 01:20:19 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2011/03/18 01:20:19 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3218.28689__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2011/03/18 01:20:18 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2011/03/18 01:20:18 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2011/03/18 01:20:18 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2011/03/18 01:20:18 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2011/03/18 01:20:18 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3218.28685__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2011/03/18 01:20:18 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2011/03/18 01:20:18 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3218.28686__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2011/03/18 01:20:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3218.28685__90ba9c70f846762e\APM.Foundation.dll
MOD - [2011/03/18 01:20:18 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3218.28678__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011/03/18 01:20:17 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3257.27101__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011/03/18 01:20:17 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2011/03/18 01:20:17 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2011/03/18 01:20:17 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2011/03/18 01:20:17 | 000,011,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3257.27109__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2011/03/18 01:20:17 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3257.26994__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2011/03/18 01:20:16 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3257.27085__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011/03/18 01:20:16 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3257.27084__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011/03/18 01:20:16 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011/03/18 01:20:16 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3218.28672__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011/03/18 01:20:16 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011/03/18 01:20:16 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3218.28686__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011/03/18 01:20:16 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2011/03/18 01:20:15 | 000,532,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3257.27080__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2011/03/18 01:20:15 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3257.27008__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011/03/18 01:20:15 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3257.26994__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011/03/18 01:20:15 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3257.26995__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011/03/18 01:20:15 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011/03/18 01:20:14 | 001,073,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3257.27000__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011/03/18 01:20:14 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3257.26994__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2011/03/18 01:20:14 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3257.26992__90ba9c70f846762e\APM.Server.dll
MOD - [2011/03/18 01:20:14 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3218.28675__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011/03/18 01:20:14 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011/03/18 01:20:14 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3257.27085__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011/03/18 01:20:14 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011/03/18 01:20:14 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3218.28695__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2011/03/18 01:20:13 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3257.26993__90ba9c70f846762e\AEM.Server.dll
MOD - [2010/10/21 15:23:26 | 000,841,728 | ---- | M] () -- C:\Program Files\Virgin Media\Virgin Media Security\10.0.38.58308\xulrunner\js3250.dll
MOD - [2010/09/17 22:14:14 | 001,081,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
MOD - [2010/09/17 22:14:14 | 000,442,368 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\sqlite3.dll
MOD - [2010/09/17 22:14:12 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
MOD - [2010/09/17 22:14:12 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
MOD - [2010/09/17 21:32:56 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc80-mt-1_36.dll
MOD - [2010/09/17 21:32:56 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc80-mt-1_36.dll
MOD - [2010/09/17 21:32:40 | 000,174,432 | ---- | M] () -- C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
MOD - [2010/04/16 12:47:34 | 000,053,248 | ---- | M] () -- C:\Program Files\Virgin Media\Virgin Media Security\10.0.38.58308\boost_thread-vc80-mt-1_41.dll
MOD - [2008/10/30 15:39:12 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2007/08/24 04:25:14 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2007/08/24 04:25:14 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
MOD - [2007/07/04 19:44:00 | 000,475,136 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
MOD - [2007/02/21 19:13:02 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/10/21 01:20:24 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\DialogDLL.dll
MOD - [2005/10/11 21:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Unknown] -- %ProgramFiles%\WinPcap\rpcapd.exe -- (rpcapd)
SRV - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV - [2012/08/03 21:12:43 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/14 01:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/12/09 17:14:08 | 000,154,632 | ---- | M] (Virgin Media) [Auto | Running] -- C:\Program Files\Virgin Media\Virgin Media Security\10.0.38.58308\RpsSecurityAwareR.exe -- (Radialpoint Security Services)
SRV - [2011/11/29 00:58:15 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/11/16 13:32:48 | 010,310,968 | ---- | M] (Radialpoint SafeCare Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2011/05/15 19:50:00 | 004,135,800 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2011/03/23 14:12:38 | 001,406,264 | ---- | M] (Virgin Media) [Auto | Running] -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe -- (HsdService)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/04/20 10:24:04 | 001,489,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS)
SRV - [2007/04/20 10:24:00 | 000,183,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv)
SRV - [2007/04/20 10:23:56 | 000,121,624 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2007/03/02 02:21:52 | 000,024,576 | ---- | M] ( ) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/02/22 08:32:30 | 000,140,832 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\WINDOWS\system32\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2007/02/12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe -- (o2flash)
SRV - [2006/10/04 22:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | System | Stopped] -- -- (Beep)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys -- (BDVEDISK)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - File not found [File_System | On_Demand | Stopped] -- system32\drivers\bdfm.sys -- (bdfm)
DRV - [2012/02/24 10:14:42 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/02/24 10:14:42 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/08/03 15:20:38 | 000,016,128 | ---- | M] (RSJ Software GmbH) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vproiah.sys -- (vproiah)
DRV - [2011/06/02 06:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/06/02 06:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/06/02 06:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011/06/02 06:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010/12/21 06:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/09/17 22:14:16 | 000,341,072 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2010/09/17 22:14:16 | 000,189,520 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/09/17 22:14:16 | 000,092,112 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/09/17 22:14:16 | 000,080,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/09/17 22:14:16 | 000,064,080 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2008/12/01 23:13:40 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/08/14 18:54:44 | 000,102,208 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfndisf.sys -- (Bdfndisf)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/07/31 18:43:44 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007/07/31 18:43:44 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport)
DRV - [2007/06/12 11:08:44 | 000,052,944 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\evserial.sys -- (evserial)
DRV - [2007/06/12 11:08:38 | 000,026,448 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\evsbc.sys -- (VSBC)
DRV - [2007/05/30 21:04:56 | 004,424,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/04/29 02:08:52 | 000,023,552 | ---- | M] (ITE Tech. Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ITEirda.sys -- (ITEIRDA)
DRV - [2007/04/20 00:02:58 | 000,767,664 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007/04/05 19:27:36 | 000,044,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2007/04/03 11:04:28 | 000,039,680 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2007/04/02 17:11:08 | 000,035,712 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2007/03/30 23:02:42 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/03/30 23:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007/03/22 20:50:42 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/03/22 20:50:24 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/03/22 20:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/03/22 20:49:54 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/03/09 00:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/02/24 16:05:24 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/02/21 19:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/01/26 07:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
DRV - [2007/01/23 06:07:30 | 000,039,080 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2007/01/23 05:13:26 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2006/12/21 21:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/21 21:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/21 21:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/11/02 07:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/03/16 13:34:30 | 000,013,824 | ---- | M] (Silicon Laboratories) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiUSBXp.sys -- (SIUSBXP)
DRV - [2006/03/16 13:34:30 | 000,013,824 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SiUSBXp.sys -- (INFUNLTD)
DRV - [2005/04/04 15:47:18 | 000,048,096 | ---- | M] (WB Electronics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vserial.sys -- (vserial)
DRV - [2005/04/04 15:47:14 | 000,015,360 | ---- | M] (WB Electronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vsb.sys -- (vsbus)
DRV - [2004/07/26 23:19:36 | 000,091,919 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ozscr.sys -- (O2SCBUS)
DRV - [2001/12/19 11:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\VCdRom.sys -- (vcdrom)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-692559058-447278870-831025329-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-692559058-447278870-831025329-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-692559058-447278870-831025329-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com/
IE - HKU\S-1-5-21-692559058-447278870-831025329-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-692559058-447278870-831025329-1005\..\SearchScopes,DefaultScope = {8C018EF7-9C9D-4B30-95DE-E5FE80BFAA1E}
IE - HKU\S-1-5-21-692559058-447278870-831025329-1005\..\SearchScopes\{8C018EF7-9C9D-4B30-95DE-E5FE80BFAA1E}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-692559058-447278870-831025329-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-692559058-447278870-831025329-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co...ient=firefox-a"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@iahgames.com/prodown: C:\Program Files\IAHgames\Playfast\npiahpd.dll (RSJ Software GmbH)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@rsj.de/prodown: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\dave\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\dave\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\dave\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2012/07/14 12:56:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/03 10:34:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/04 09:54:36 | 000,000,000 | ---D | M]

[2010/03/29 00:37:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dave\Application Data\Mozilla\Extensions
[2012/08/04 09:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dave\Application Data\Mozilla\Firefox\Profiles\wlu9o4mo.default\extensions
[2012/08/03 10:34:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/14 01:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/08/13 19:02:10 | 000,035,840 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2012/07/14 01:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/14 01:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\dave\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\dave\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\dave\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\dave\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Client Gateway 4.1.16 (Enabled) = C:\Documents and Settings\dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj\1.0_0\nprpspa.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\dave\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\dave\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: IAHGames (Enabled) = C:\Program Files\IAHgames\Playfast\npiahpd.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Radialpoint SPD Extension = C:\Documents and Settings\dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj\1.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/05 20:15:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {00B8E20C-5C71-4C2F-85A5-6AD541500DF0} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {507B6C0E-EB65-440A-BA6F-5E7E3988A921} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {00B8E20C-5C71-4C2F-85A5-6AD541500DF0} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {507B6C0E-EB65-440A-BA6F-5E7E3988A921} - No CLSID value found.
O3 - HKU\S-1-5-21-692559058-447278870-831025329-1005\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-692559058-447278870-831025329-1005\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-692559058-447278870-831025329-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DHSClient.exe] C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Virgin Media Security] C:\Program Files\Virgin Media\Virgin Media Security\10.0.38.58308\RPS.exe (Virgin Media)
O4 - HKU\S-1-5-21-692559058-447278870-831025329-1005..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-692559058-447278870-831025329-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-692559058-447278870-831025329-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-692559058-447278870-831025329-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-692559058-447278870-831025329-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1194722008640 (WUWebControl Class)
O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} http://fifa-online.e...3AXLauncher.cab (EAFO3AXLauncher Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1194727158562 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valu...ashax/iefax.cab (Flash Casino Helper Control)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09ED3698-4767-48BB-B90B-F328CAAF4A3D}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/24 04:18:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 5

========== Files/Folders - Created Within 30 Days ==========

[2012/08/06 13:52:51 | 006,118,990 | ---- | C] (LIGHTNING UK!) -- C:\Documents and Settings\dave\Desktop\SetupImgBurn_2.5.7.0.exe
[2012/08/06 12:07:54 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\dave\Desktop\tdsskiller.exe
[2012/08/06 08:36:04 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\dave\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/06 04:48:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/08/05 12:51:49 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/04 17:39:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/08/04 17:37:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/08/04 17:37:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/08/04 17:37:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/08/04 17:37:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/08/04 17:36:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/04 17:35:47 | 004,725,168 | R--- | C] (Swearware) -- C:\Documents and Settings\dave\Desktop\ComboFix.exe
[2012/08/04 16:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2012/08/04 16:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Security
[2012/08/04 16:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2012/08/04 10:06:01 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\dave\Desktop\aswMBR.exe
[2012/08/04 09:53:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/04 09:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Desktop\RK_Quarantine
[2012/08/04 00:24:57 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\dave\Desktop\OTL.exe
[2012/08/03 22:21:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\dave\Start Menu\Programs\Administrative Tools
[2012/08/03 13:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/03 13:20:27 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/03 13:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/03 13:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2012/08/03 12:23:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\dave\Recent
[2012/08/03 10:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/07/16 12:51:42 | 000,341,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys
[2007/11/29 23:54:17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\dave\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/08/07 06:12:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/07 06:00:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/07 05:54:35 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\PandaUSBVaccine.job
[2012/08/07 05:54:04 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/07 05:54:04 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/07 05:53:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/07 05:53:48 | 1055,178,752 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/06 13:54:04 | 000,001,532 | ---- | M] () -- C:\Documents and Settings\dave\Desktop\ImgBurn.lnk
[2012/08/06 13:52:55 | 006,118,990 | ---- | M] (LIGHTNING UK!) -- C:\Documents and Settings\dave\Desktop\SetupImgBurn_2.5.7.0.exe
[2012/08/06 13:50:44 | 197,416,960 | ---- | M] () -- C:\Documents and Settings\dave\Desktop\drweb-livecd-600.iso
[2012/08/06 13:25:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-692559058-447278870-831025329-1005UA.job
[2012/08/06 12:25:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-692559058-447278870-831025329-1005Core.job
[2012/08/06 12:07:56 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\dave\Desktop\tdsskiller.exe
[2012/08/06 08:41:33 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/06 08:36:10 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\dave\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/06 07:18:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/05 20:15:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/08/05 19:54:06 | 004,725,168 | R--- | M] (Swearware) -- C:\Documents and Settings\dave\Desktop\ComboFix.exe
[2012/08/04 17:39:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/08/04 10:12:31 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\dave\Desktop\MBR.dat
[2012/08/04 10:05:12 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\dave\Desktop\aswMBR.exe
[2012/08/04 09:28:40 | 001,552,896 | ---- | M] () -- C:\Documents and Settings\dave\Desktop\RogueKiller.exe
[2012/08/04 00:24:57 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dave\Desktop\OTL.exe
[2012/08/03 10:34:31 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/03 10:34:31 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/08/03 10:01:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/02 12:29:13 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\dave\Desktop\Google Chrome.lnk
[2012/08/02 12:29:13 | 000,002,259 | ---- | M] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/01 20:53:28 | 000,178,688 | ---- | M] () -- C:\Documents and Settings\dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/24 17:27:21 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SO5.lnk
[2012/07/14 13:00:24 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Virgin Media Security.lnk
[2012/07/14 12:58:59 | 000,566,622 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/14 12:58:59 | 000,106,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/13 10:25:59 | 000,226,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/13 10:19:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2012/08/07 05:53:48 | 1055,178,752 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/06 13:54:04 | 000,001,532 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\ImgBurn.lnk
[2012/08/06 13:50:44 | 197,416,960 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\drweb-livecd-600.iso
[2012/08/04 17:37:06 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/08/04 17:37:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/08/04 17:37:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/08/04 17:37:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/08/04 17:37:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/08/04 16:47:26 | 000,000,492 | ---- | C] () -- C:\WINDOWS\tasks\PandaUSBVaccine.job
[2012/08/04 10:12:31 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\MBR.dat
[2012/08/04 09:28:39 | 001,552,896 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\RogueKiller.exe
[2012/08/03 23:38:12 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\gmer.exe
[2012/08/03 13:20:29 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/03 10:34:31 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/03 10:34:31 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/03 10:34:31 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/07/14 13:00:24 | 000,001,973 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Virgin Media Security.lnk
[2012/05/13 21:51:06 | 000,129,992 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/26 20:09:10 | 000,207,058 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-692559058-447278870-831025329-1005-0.dat
[2012/04/26 20:09:03 | 000,207,058 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/03/28 22:11:08 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012/03/28 22:11:06 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012/03/28 22:11:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012/03/28 22:11:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012/03/28 22:11:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2012/02/15 14:31:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/19 00:56:28 | 000,047,608 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/09/26 19:38:43 | 000,481,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\dump_wmimmc.sys
[2011/08/29 21:12:21 | 000,001,014 | ---- | C] () -- C:\WINDOWS\FOE2.ini
[2011/04/12 14:43:09 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\d3d9caps.dat
[2011/03/18 01:15:42 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/12/31 17:28:16 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/03/10 10:24:52 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\dave\Application Data\PnkBstrK.sys
[2009/07/11 02:24:59 | 000,000,406 | R-S- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2007/11/29 23:54:17 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\dave\Application Data\pcouffin.cat
[2007/11/29 23:54:17 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\dave\Application Data\pcouffin.inf
[2007/11/12 00:07:49 | 000,178,688 | ---- | C] () -- C:\Documents and Settings\dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/11 13:29:50 | 000,003,020 | ---- | C] () -- C:\Documents and Settings\dave\Application Data\wklnhst.dat
[2007/11/08 14:50:05 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\dave\Local Settings\Application Data\fusioncache.dat

========== LOP Check ==========

[2007/09/21 13:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Infineon
[2011/09/04 10:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/03/26 22:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/05/22 16:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Boss Media
[2010/01/16 23:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/08/31 22:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/12/27 16:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2007/09/21 13:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2008/05/22 17:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/05/09 23:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2009/05/09 23:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming
[2012/08/04 16:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2008/05/22 17:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012/08/07 05:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2007/11/24 01:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Recisio
[2012/04/24 12:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/04/16 10:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\starters orders 4
[2012/08/03 13:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2007/11/08 15:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2012/07/14 12:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Media
[2007/12/04 20:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011/02/26 18:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/01 21:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/11/22 23:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\Bandoo
[2012/05/09 19:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\DAEMON Tools Lite
[2011/11/28 02:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\DAEMON Tools Pro
[2010/12/27 14:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\GARMIN
[2009/11/02 19:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\GrabIt
[2009/02/26 18:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\GrabPro
[2011/04/16 10:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\HandBrake
[2009/07/23 23:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\Hrsim
[2009/02/22 03:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\ImgBurn
[2007/09/21 13:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\Infineon
[2009/11/03 21:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\Megaupload
[2008/05/22 17:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\Nokia
[2011/11/22 23:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\nswb
[2012/08/04 00:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\Orbit
[2008/05/22 17:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\PC Suite
[2012/01/29 15:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\PFStaticIP
[2010/07/19 12:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\ProgSense
[2012/08/06 12:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\Radialpoint
[2012/04/24 12:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\Samsung
[2012/04/20 22:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\Sports Interactive
[2008/01/15 00:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\Uniblue
[2010/02/22 23:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\Unity
[2012/07/13 21:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\Virgin Media
[2012/01/30 19:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\Vso
[2011/12/24 11:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\{{userdatapath.company}}
[2007/09/21 13:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Infineon
[2007/09/21 13:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lee\Application Data\Infineon
[2009/12/04 00:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lee\Application Data\Orbit
[2008/07/25 08:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lee\Application Data\PC Suite
[2010/10/29 08:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lee\Application Data\Radialpoint
[2011/08/31 17:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lee\Application Data\Virgin Media
[2012/08/07 05:54:35 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\PandaUSBVaccine.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/14 10:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINXP\explorer.exe
[2008/04/14 10:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINXP\system32\dllcache\explorer.exe
[2007/06/13 12:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2008/04/14 10:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINXP\system32\dllcache\svchost.exe
[2008/04/14 10:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINXP\system32\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
[2008/04/14 10:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINXP\system32\dllcache\userinit.exe
[2008/04/14 10:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINXP\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
[2008/04/14 10:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINXP\system32\dllcache\winlogon.exe
[2008/04/14 10:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINXP\system32\winlogon.exe

< C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\*.* /s >

< C:\Windows\assembly\tmp\U\*.* /s >

< >

< End of report >

PC is still able to download and access antispyware
Thanks once again much appreciated and i await further instructions :thumbsup:
  • 0

Advertisements


#32
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
OK let's redo and complete the eset scan:

Step 1.

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#33
daveki69

daveki69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi mate

Ran esat as instructed thanks for all your help once again and i will await you instructions after analysis...here is the log file :

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=79d632a9ed288741ac580cb3049b9385
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-06 11:03:16
# local_time=2012-08-06 12:03:16 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1973173 1973173 0 0
# compatibility_mode=2049 16777194 0 5 61310113 61310113 0 0
# compatibility_mode=8192 67108863 100 0 84131479 84131479 0 0
# scanned=149571
# found=3
# cleaned=3
# scan_time=10883
C:\Documents and Settings\dave\Desktop\RK_Quarantine\pmfxfgxt.exe.vir Win32/Ramnit.AE virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\dave\Local Settings\Application Data\hjnlugod\pmfxfgxt.exe.vir Win32/Ramnit.AE virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\dave\Local Settings\Application Data\hjnlugod\_pmfxfgxt_.exe.zip Win32/Ramnit.AE virus (deleted - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=79d632a9ed288741ac580cb3049b9385
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-07 08:57:53
# local_time=2012-08-07 09:57:53 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 2081871 2081871 0 0
# compatibility_mode=2049 16777194 0 5 61418811 61418811 0 0
# compatibility_mode=8192 67108863 100 0 84240177 84240177 0 0
# scanned=301941
# found=13
# cleaned=13
# scan_time=24262
C:\System Volume Information\_restore{33750580-946D-45FC-8DB4-3873A3E6C412}\RP185\A0250348.exe Win32/Ramnit.AE virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{33750580-946D-45FC-8DB4-3873A3E6C412}\RP185\A0250868.exe a variant of Win32/PrimeCasino application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{33750580-946D-45FC-8DB4-3873A3E6C412}\RP185\A0251071.exe Win32/Ramnit.AE virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{33750580-946D-45FC-8DB4-3873A3E6C412}\RP185\A0251108.exe Win32/Ramnit.AE virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{33750580-946D-45FC-8DB4-3873A3E6C412}\RP185\A0251308.exe Win32/Ramnit.AE virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{33750580-946D-45FC-8DB4-3873A3E6C412}\RP185\A0251337.exe Win32/Ramnit.AE virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{33750580-946D-45FC-8DB4-3873A3E6C412}\RP185\A0251366.exe Win32/Ramnit.AE virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{33750580-946D-45FC-8DB4-3873A3E6C412}\RP185\A0251549.exe Win32/Ramnit.AE virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{33750580-946D-45FC-8DB4-3873A3E6C412}\RP185\A0251789.exe Win32/Ramnit.AE virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08052012_121442\C_documents and settings\dave\Local Settings\Application Data\hjnlugod\pmfxfgxt.exe Win32/Ramnit.AE virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08052012_121442\C_documents and settings\dave\Start Menu\Programs\Startup\pmfxfgxt.exe Win32/Ramnit.AE virus (deleted - quarantined) 00000000000000000000000000000000 C
D:\ds games\wbfs_inteligent_gui_v6.rar Win32/Packed.Autoit.E.Gen application (deleted - quarantined) 00000000000000000000000000000000 C
D:\wii backup\wbfs_inteligent_gui_v6.rar Win32/Packed.Autoit.E.Gen application (deleted - quarantined) 00000000000000000000000000000000 C
  • 0

#34
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

On a clean machine, Click here to download Avira Rescue CD Follow the intructions here to burn a bootable CD.


Step 2.

On The infected machine

Insert Avira, and boot From the avira cd like you did for Dr. Web again follow the instructions from here . I suggest you print out the instructions from the Avira forum. Ignore step 9. we will be doing somthing different.

Once that's done, reboot your system normally and post the Avira log please.
  • 0

#35
daveki69

daveki69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Compcav....

I burned the copy on my sis computer as requested and followed the instructions...completed the scan but im sorry i messed up saving the logfile...i thought i had saved it to my computer but it looks like i tried saving it to the disk directory instead and it obviously didnt save....all i know is it found 15 threats and renamed or removed them...What shall i do now... very sorry :blush: thanks for all your help
  • 0

#36
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
OK we will re run eset scan:

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#37
daveki69

daveki69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
hi CompCav

Thanks verymuch Run enet scanner here is the log:

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=79d632a9ed288741ac580cb3049b9385
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-09 09:22:59
# local_time=2012-08-09 10:22:59 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 2255364 2255364 0 0
# compatibility_mode=2049 16777194 0 5 61592304 61592304 0 0
# compatibility_mode=8192 67108863 100 0 84413670 84413670 0 0
# scanned=302399
# found=4
# cleaned=4
# scan_time=25075
C:\Documents and Settings\dave\Local Settings\temp\e3s.exe.vir a variant of Win32/Kryptik.AJQS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\dave\Local Settings\temp\jar_cache6433526588212520678.tmp.vir a variant of Win32/Kryptik.AJQS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{33750580-946D-45FC-8DB4-3873A3E6C412}\RP185\A0255499.exe.vir Win32/Ramnit.AE virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{33750580-946D-45FC-8DB4-3873A3E6C412}\RP185\A0255500.exe.vir Win32/Ramnit.AE virus (deleted - quarantined) 00000000000000000000000000000000 C
  • 0

#38
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
What issues remain with your computer?


CompCav
  • 0

#39
daveki69

daveki69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
hi compcav

sorry have been away for a couple of days.My PC seems to be running ok, ive accesses antispyware sites and even logged on to my bank online with no susupicious questions or boxes appearing, does this mean i am clean yet or is there still some things to do. Also the external hardrive and usb stick i used when infected can you please tell me how to clean them please, they are bothe vacinated with panda vacine at the mo....thanks once again all your help is very much appreciated i will await your reply.
  • 0

#40
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts

Also the external hardrive and usb stick i used when infected can you please tell me how to clean them please,

Plug them in one at a time while holding down the Shift key.

Then select a full scan with your antivirus and make sure you select the drive letter for each one. Then do the same thing with a full scan with MalwareBytes'

Repeat the process for the other drives one at a time as well.
  • 0

Advertisements


#41
daveki69

daveki69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
hi compcav

i completed this process for my usb stick and my external harddrive think it found 1 threat and deleted it...Do i need to rescan my main pc too and is there anything else i need to do? thanks once again for all your help
  • 0

#42
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Your logs now appears clean :thumbsup:

The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programs we have used plus itself.


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programs on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#43
daveki69

daveki69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi compcav... i ran otl as you requested but i think there is a problem with system restore, ive tried going into system restore manually and it says System restore is not able to protect ur computer please restart system and try again ive done this a number of times and just get the same message...here is the log from otl, have you any idea how to fix this?.... thanks for your help much appreciated

All processes killed
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINXP

User: dave
->Temp folder emptied: 23032351 bytes
->Temporary Internet Files folder emptied: 1837790 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 78165333 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1707 bytes

User: dave.HOME-E0FBB3DEBA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINXP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: lee
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 35375 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 827586 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33293 bytes
RecycleBin emptied: 2136664 bytes

Total Files Cleaned = 101.00 mb

Unable to stop System Restore Service. Error code 1722. Restore points not cleared.
Unable to start System Restore Service. Error code 5. Restore point not created.

OTL by OldTimer - Version 3.2.55.0 log created on 08142012_055415

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_710.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_b00.dat moved successfully.

PendingFileRenameOperations files...
File C:\WINDOWS\temp\Perflib_Perfdata_710.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_b00.dat not found!

Registry entries deleted on Reboot...
  • 0

#44
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Reset the System Restore points:

  • Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
Now remove old, infected System Restore points:

  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Please update me after completing these steps.
  • 0

#45
daveki69

daveki69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
hi compcav

i cannot do step 1 because when i select system restore it just says system restore cannot protect ur system restart machine and try again ....i do this and still get the same message...shall i try step 2 or not?

thanks
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP