Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need Help Removing Win32/Alureon.G [Solved]

Started by K1500 , Mar 31 2010 10:49 AM

  • This topic is locked This topic is locked

#61
hammerman
Posted 29 April 2010 - 04:00 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Apart from the MBAM crash in Normal mode, are you having any other problems?

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :reg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


  • Run OTL
  • Click on the None button
  • Under Extra Registry select Use Safelist
  • Click on the Run Scan button
  • The Extras.txt file should appear on your desktop. Please post this in your reply.

  • 0

Advertisements

#62
K1500
Posted 29 April 2010 - 04:14 PM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Nope, no other problems at all that I can think of.



SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 17:09 on 29/04/2010 by Graham (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup]
"BootDir"="C:\"
"CDInstall"= 0000000000 (0)
"DriverCachePath"="%SystemRoot%\Driver Cache"
"Installation Sources"="D: C:\I386\CMPNENTS\MEDIACTR\I386 C:\DOCUMENTS AND SETTINGS\GRAHAM\MY DOCUMENTS\RAZR MODS\P2KMAN\DRV C:"
"LogLevel"= 0000000000 (0)
"PrivateHash"=ca e4 8a 15 13 2f 56 3d 96 80 c2 28 f8 44 d9 30 (REG_BINARY)
"ServicePackCachePath"="c:\windows\ServicePackFiles\ServicePackCache"
"ServicePackSourcePath"="c:\windows\ServicePackFiles"
"SourcePath"="C:\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\BaseWinOptions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Oc Manager]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\WindowsFeatures]


-=End Of File=-



OTL Extras logfile created on: 4/29/2010 5:10:44 PM - Run 8
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Graham\Desktop\Alureon.G
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.37 Gb Total Space | 10.32 Gb Free Space | 14.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 423.68 Gb Free Space | 90.97% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPS400
Current User Name: Graham
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] --

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"3689:TCP" = 3689:TCP:*:Enabled:iPhone 3G Remote
"5353:TCP" = 5353:TCP:*:Enabled:iPhone 3G Remote
"8889:TCP" = 8889:TCP:*:Enabled:iPhone

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\1130467576\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1130467576\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Common Files\AOL\1130467576\EE\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1130467576\EE\aolsoftware.exe:*:Enabled:AOL Services -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1130467576\EE\aim6.exe" = C:\Program Files\Common Files\AOL\1130467576\EE\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)
"C:\WINDOWS\kdx\khost.exe" = C:\WINDOWS\kdx\khost.exe:*:Enabled:Delivery Manager -- (Kontiki Inc.)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Terminal Reality\4x4 Evo2\4x42.exe" = C:\Program Files\Terminal Reality\4x4 Evo2\4x42.exe:*:Enabled:4x4 EVO 2™ -- (Terminal Reality Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe" = C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.)
"C:\Program Files\Motorola\RSD Lite\SDL.exe" = C:\Program Files\Motorola\RSD Lite\SDL.exe:*:Enabled:SDL -- (Motorola)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Live for Speed S2\LFS.exe" = C:\Program Files\Live for Speed S2\LFS.exe:*:Enabled:LFS -- ()
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:192.168.1.1/255.255.255.255:Disabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"F:\Program Files\NovaLogic\Delta Force Black Hawk Down\UPDATE.EXE" = F:\Program Files\NovaLogic\Delta Force Black Hawk Down\UPDATE.EXE:*:Enabled:UPDATE -- ()
"C:\Program Files\AOL 9.6\waol.exe" = C:\Program Files\AOL 9.6\waol.exe:*:Enabled:AOL -- (AOL Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0+ (r320)
"{0297C87B-CC40-446F-865A-031B4FC0CF22}" = Race Driver 3
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{053A7E07-3D44-4CDB-B79C-EE8755BFD7D6}" = Class_50_Content_Update
"{05410044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Encyclopedia Standard 2005
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{0E9804E3-1D94-4D4A-A17D-19777FEF049D}" = Weather Add-in for Windows Live Toolbar
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{10573F8D-B06E-4323-ADB1-004A99E83C01}" = Sonic Foundry Super Duper Music Looper
"{1064CABD-7390-4336-94E4-8A53DFBCB636}_is1" = GT Legends 1.1.0.0
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A7F8DF6-5A3E-4CDF-BC82-BE26B407E21B}" = The Sims Superstar
"{21289AE2-24FE-11D5-8F73-0050DA0F6297}" = The Sims Menu Editor
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36592557-65CE-4A4D-9970-764F17E0AFD3}" = MSI v2 to redistribute Rigs of Rods
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40C03514-89C3-41BA-0090-3B440256DB87}" = The Sims 2
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager
"{4847BBB9-EADD-4C92-90BF-4223B0892FF6}" = Microsoft Flight Simulator X Service Pack 2
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel® PROSet for Wired Connections
"{4FB120F8-622C-4260-AB49-0F43A59CCF2A}" = iTunes
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5164E4B0-9CD0-454A-BAC0-6771A15EEB64}" = Air Mouse Server
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{595A6662-6158-11D4-8F73-0050DA0F6297}" = The Sims Art Studio
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{6164D2E7-986B-42F5-B3A6-64D5E53FB889}" = Delta Force Black Hawk Down Team Sabre
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{637099FB-45FD-4BC7-9651-6FB540DBB749}" = Roxio Backup MyPC
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{661F66A1-D045-47EE-87FE-380C9DADEF00}" = ATI MCE Control Panel
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{676C529F-B340-4878-B7F3-67A9937F455B}" = DataPlus Professional
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{720DCEC1-BD81-4AC8-ADE5-D408EC730E38}" = RSDLite
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8226A577-657C-4961-8DDC-EAC8DF61B465}" = Microsoft Train Simulator gmax Gamepack
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FE54D21-8254-4CCF-AEE0-066496AE43F4}" = Delta Force - Black Hawk Down
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A2AF890-B0CD-43DC-85F6-AA0B51024DFF}" = ATI MCE Transcode
"{9cfd9ec7-a9c7-4980-a1c6-054fc6493eb3}" = Python 2.7b1
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3DD7BA6-37A6-4245-A167-B3AA137B2157}" = TitanTV Client components for ATI
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A99573E8-AC6A-419F-928A-E7D169F4A12A}" = Microsoft Train Simulator gmax Sample Loco
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Roxio Media Experience
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7607FC8-72AD-486D-B6B7-A402D5876309}" = PerfectDisk 11 Professional
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BF7C1B99-A250-45EF-B186-0C33B7308F95}" = SD40-2_Content_Update
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Acronis True Image WD Edition
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = NEF Codec
"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"{C894366E-51C4-4162-BA82-ECBEFC1C2C61}" = PayPal Plug-In
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{d40af016-506c-43fb-a738-bd54fa8c1e85}" = Python 3.1.2
"{D416059B-C21B-4405-ACC0-010C481E0FDA}" = MoTeC i2 Pro
"{D560A981-FEB3-42F0-A61A-13E9528E0C51}_is1" = GTR 2 1.0.0.0
"{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0
"{D6D4828F-A5B2-11D4-8F73-0050DA0F6297}" = The Sims File Cop
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E46B2F8A-6CCD-4949-871D-F9664F2113AB}" = PayPal Plug-In
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F62D99F9-FD4A-4F5B-AB33-68EFDCDC18F3}" = MSI to redistribute Rigs of Rods
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Compact Wireless-G USB Adapter
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"18 Wheels of Steel: Haulin'" = 18 Wheels of Steel: Haulin'
"4x4 Evo2" = 4x4 Evo2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"ATI Display Driver" = ATI Display Driver
"BitTorrent" = BitTorrent
"Bus Driver" = Bus Driver 1.0
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CamQuest6 Cam Selection.0408" = CamQuest6 Cam Selection.0408
"Capture NX 2" = Capture NX 2
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Device Control" = Device Control
"Dirt Track Racing" = Dirt Track Racing
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DriverAgent.exe" = DriverAgent by eSupport.com
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"EAXSet" = Creative EAX Settings
"EFILive V7.5" = EFILive V7.5
"Electronic Arts Game Updater" = Electronic Arts Game Updater
"EngMod 2.0" = EngMod 2.0
"FaceLift" = FaceLift
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"getPlus®_dll" = getPlus®_dll
"Google Video Uploader" = Google Video Uploader
"Graphviz" = Graphviz
"HD Tune Pro_is1" = HD Tune Pro 3.50
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"Internet Keyboard Pro # KB535BL" = Internet Keyboard Pro # KB535BL
"iTSfv_is1" = iTSfv 5.61.2.1
"LeaderGL FlexEditor" = LeaderGL FlexEditor 10.4 XP
"LimeWire" = LimeWire PRO 5.4.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Max Media Creator_is1" = Max Media Creator
"MaxDrive PS2" = MaxDrive PS2
"Media Jukebox 8.0" = Media Jukebox 8.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting Equifax Addin
"Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting PayPal Addin
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"Mod Aston Martin DBR9" = Mod Aston Martin DBR9 v1.1
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MP3 Splitter & Joiner_is1" = MP3 Splitter & Joiner 3.32
"mplibwiz.inf" = Media Library Management Wizard
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"New LEGO Digital Designer" = LEGO Digital Designer
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Photags Music Express" = iConcepts Music Express
"PictureItPrem_v10" = Microsoft Picture It! Premium 10
"Porsche Carrera Cup 2006 v1.1 - by GRF" = Porsche Carrera Cup 2006 v1.1 - by GRF
"PROSet" = Intel® PRO Network Connections Drivers
"R8 Gordini Graphic Update" = R8 Gordini Graphic Update
"Rigs of Rods" = Rigs of Rods 0.36.2
"Rigs of Rods Toolkit" = Rigs of Rods Toolkit 0.34-rc3
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"RiseOfNationsExpansion 1.0" = Rise of Nations
"Shockwave" = Shockwave
"SideWinder Precision 2" = SideWinder Precision 2
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"SPEAKER" = Creative Speaker Settings
"ST5UNST #1" = MoTeC Interpreter
"SystemRequirementsLab" = System Requirements Lab
"Train Simulator 1.0" = Microsoft Train Simulator
"Trials - Mountain Heights" = Trials - Mountain Heights (remove only)
"Trials Construction Yard" = Trials Construction Yard (remove only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"wa2wmp" = Windows Media Player Skin Importer
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WhoCrashed_is1" = WhoCrashed 2.10
"WIC" = Windows Imaging Component
"Windows Live Safety scanner" = Windows Live Safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMBK2" = Windows Media Bonus Pack for Windows XP
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"kdx_aolhqvprod" = AOL Hi-Q Video
"mpowerplayer" = mpowerplayer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/29/2010 7:08:45 AM | Computer Name = XPS400 | Source = Bonjour Service | ID = 100
Description = 460: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/29/2010 7:08:45 AM | Computer Name = XPS400 | Source = Bonjour Service | ID = 100
Description = 496: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/29/2010 8:29:21 AM | Computer Name = XPS400 | Source = Bonjour Service | ID = 100
Description = 496: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/29/2010 8:29:21 AM | Computer Name = XPS400 | Source = Bonjour Service | ID = 100
Description = 460: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/29/2010 8:29:21 AM | Computer Name = XPS400 | Source = Bonjour Service | ID = 100
Description = 464: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/29/2010 8:29:21 AM | Computer Name = XPS400 | Source = Bonjour Service | ID = 100
Description = 444: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/29/2010 6:09:46 PM | Computer Name = XPS400 | Source = Bonjour Service | ID = 100
Description = 444: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/29/2010 6:09:46 PM | Computer Name = XPS400 | Source = Bonjour Service | ID = 100
Description = 464: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/29/2010 6:09:46 PM | Computer Name = XPS400 | Source = Bonjour Service | ID = 100
Description = 460: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/29/2010 6:09:46 PM | Computer Name = XPS400 | Source = Bonjour Service | ID = 100
Description = 496: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ OSession Events ]
Error - 9/16/2007 5:40:38 PM | Computer Name = XPS400 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 24
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/16/2007 5:45:14 PM | Computer Name = XPS400 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 251
seconds with 60 seconds of active time. This session ended with a crash.

Error - 9/16/2007 5:47:04 PM | Computer Name = XPS400 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 79
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/16/2007 7:37:05 PM | Computer Name = XPS400 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6573
seconds with 60 seconds of active time. This session ended with a crash.

Error - 9/17/2007 1:47:08 AM | Computer Name = XPS400 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13175
seconds with 60 seconds of active time. This session ended with a crash.

Error - 9/17/2007 6:07:36 PM | Computer Name = XPS400 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 155
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/3/2008 4:51:46 PM | Computer Name = XPS400 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 56
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/20/2008 4:29:14 PM | Computer Name = XPS400 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/21/2008 1:07:56 AM | Computer Name = XPS400 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 58
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/22/2009 9:46:09 PM | Computer Name = XPS400 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 89
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/25/2010 4:10:39 AM | Computer Name = XPS400 | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.81.331.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.5703.0 Error code: 0x80248011 Error
description: An unexpected problem occurred while checking for updates. For information
on installing or troubleshooting updates, see Help and Support.

Error - 4/25/2010 1:26:04 PM | Computer Name = XPS400 | Source = Print | ID = 23
Description = Printer Fax failed to initialize because a suitable Microsoft Shared
Fax Driver driver could not be found.

Error - 4/25/2010 1:27:08 PM | Computer Name = XPS400 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PDEngine service to connect.

Error - 4/25/2010 1:27:08 PM | Computer Name = XPS400 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service PDEngine with
arguments "-Service" in order to run the server: {22DAA0A2-0E27-4CC4-9588-EEEE76358306}

Error - 4/25/2010 1:27:08 PM | Computer Name = XPS400 | Source = Service Control Manager | ID = 7000
Description = The PDEngine service failed to start due to the following error: %%1053

Error - 4/25/2010 9:56:58 PM | Computer Name = XPS400 | Source = Print | ID = 23
Description = Printer Fax failed to initialize because a suitable Microsoft Shared
Fax Driver driver could not be found.

Error - 4/27/2010 2:05:43 AM | Computer Name = XPS400 | Source = Print | ID = 23
Description = Printer Fax failed to initialize because a suitable Microsoft Shared
Fax Driver driver could not be found.

Error - 4/27/2010 7:16:43 AM | Computer Name = XPS400 | Source = Print | ID = 23
Description = Printer Fax failed to initialize because a suitable Microsoft Shared
Fax Driver driver could not be found.

Error - 4/27/2010 9:37:17 PM | Computer Name = XPS400 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 4/28/2010 3:34:17 AM | Computer Name = XPS400 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.


< End of report >
  • 0

#63
hammerman
Posted 30 April 2010 - 12:42 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Can you run the System File Checker.

From the Start menu, select Run...
In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
Select the OK button.
Follow the prompts throughout the System File Checker process.
Reboot the computer when System File Checker completes.

Meanwhile, I'll get some second opinions.
  • 0

#64
K1500
Posted 30 April 2010 - 05:33 PM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Ummm...done, but my resolution is now reset to 640x480 with 8 bit color and it won't change when I increase the settings.

Edit: Make that 4 bit color.

Edited by K1500, 30 April 2010 - 05:38 PM.

  • 0

#65
K1500
Posted 30 April 2010 - 06:16 PM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Nevermind, I reinstalled the latest drivers from ATI and that fixed it. Sorry for the panic attack. :)

Edited by K1500, 30 April 2010 - 06:17 PM.

  • 0

#66
hammerman
Posted 01 May 2010 - 11:09 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Please follow these steps.

-- Step 1 --

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

-- Step 2 --

Please go HERE and download FileLister.
  • Save it to your Desktop
  • Rt Click ->> Extract all ->> And extract it to your Desktop
  • Additional help on extracting zip files can be found HERE
  • Open the File Lister Folder.
  • Note: Leave the FileLister.vbe file in the folder and run it from there.
Posted Image
  • Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
  • When the program is fnished it will produce a log for you C:\Files.txt
  • Which will be located in the default location from which FileLister was run (the FileLister folder)
Copy and paste the contents of that log in your reply.

-- Step 3 --

You must first verify that you can logon to the Windows Recovery Console. Once you have verified you can logon to the Recovery Console, reboot to Normal mode.

How to install and use the Windows XP Recovery Console


Next, please download maxlook, saving the file to your desktop.
Double click maxlook.exe to run it. Note - you must run it only once!
As instructed when the tool runs, restart the computer and logon to the Recovery Console.
Execute the following bolded command at the x:\windows> prompt <--- the red x represents your operating system drive letter, usually C

batch look.bat


Posted Image

You will see 1 file copied many times then return to the x:\windows> prompt.
Type Exit to restart your computer then logon in normal mode.
Please run maxlook.exe again now. Note - you must run it only once!
It will produce looklog.txt on the desktop and open it.
Please post the results here.
  • 0

#67
K1500
Posted 01 May 2010 - 12:45 PM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
ComboFix 10-05-01.01 - Graham 05/01/2010 13:02:06.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2988 [GMT -5:00]
Running from: c:\documents and settings\Graham\Desktop\Alureon.G\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WindowsUpdate
c:\windows\system32\Data
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-04-01 to 2010-05-01 )))))))))))))))))))))))))))))))
.

2010-04-28 22:26 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-04-28 22:26 . 2001-08-18 03:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-04-28 22:26 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-04-28 22:26 . 2001-08-18 03:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-04-28 22:26 . 2001-08-18 03:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-04-28 22:25 . 2001-08-18 03:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2010-04-28 22:25 . 2001-08-17 17:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-04-28 22:25 . 2004-08-04 03:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-04-28 22:25 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-04-28 22:25 . 2004-08-04 03:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-04-28 22:25 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2010-04-28 22:25 . 2008-04-13 18:36 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-04-28 22:25 . 2004-08-04 03:31 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-04-28 22:25 . 2001-08-17 17:12 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-04-28 22:25 . 2001-08-17 18:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2010-04-28 22:23 . 2001-08-17 18:49 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2010-04-28 22:22 . 2001-08-18 03:36 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2010-04-28 22:21 . 2001-08-17 17:12 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
2010-04-28 22:20 . 2001-08-17 17:50 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2010-04-28 22:19 . 2001-08-18 03:36 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-04-28 22:18 . 2001-08-17 17:12 24576 ----a-w- c:\windows\system32\dllcache\smc8000n.sys
2010-04-28 22:17 . 2001-08-17 17:50 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2010-04-28 22:16 . 2008-04-13 18:40 43904 ----a-w- c:\windows\system32\dllcache\sbp2port.sys
2010-04-28 22:15 . 2001-08-17 17:12 19017 ----a-w- c:\windows\system32\dllcache\rtl8029.sys
2010-04-28 22:14 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\dllcache\ptpusb.dll
2010-04-28 22:13 . 2001-08-17 17:11 30282 ----a-w- c:\windows\system32\dllcache\pcntn5hl.sys
2010-04-28 22:12 . 2001-08-17 17:12 27209 ----a-w- c:\windows\system32\dllcache\otc06x5.sys
2010-04-28 22:11 . 2001-08-17 17:50 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys
2010-04-28 22:10 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2010-04-28 22:10 . 2008-04-13 18:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2010-04-28 22:10 . 2001-08-17 18:48 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-04-28 22:10 . 2001-08-17 19:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-04-28 22:10 . 2008-04-13 18:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2010-04-28 22:10 . 2004-08-10 10:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2010-04-28 22:10 . 2001-08-17 19:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2010-04-28 22:10 . 2001-08-17 18:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2010-04-28 22:10 . 2008-04-13 18:46 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2010-04-28 22:10 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2010-04-28 22:08 . 2004-08-04 03:41 420992 ----a-w- c:\windows\system32\dllcache\ltmdmntt.sys
2010-04-28 22:07 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2010-04-28 22:06 . 2001-08-18 03:36 372824 ----a-w- c:\windows\system32\dllcache\iconf32.dll
2010-04-28 22:05 . 2001-08-17 18:28 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys
2010-04-28 22:04 . 2001-08-18 03:36 93696 ----a-w- c:\windows\system32\dllcache\hpgt42.dll
2010-04-28 22:03 . 2001-08-17 17:15 455296 ----a-w- c:\windows\system32\dllcache\fusbbase.sys
2010-04-28 22:02 . 2001-08-17 18:28 594238 ----a-w- c:\windows\system32\dllcache\es56hpi.sys
2010-04-28 22:01 . 2001-08-17 17:10 55999 ----a-w- c:\windows\system32\dllcache\el556nd5.sys
2010-04-28 22:00 . 2001-08-18 03:36 419357 ----a-w- c:\windows\system32\dllcache\dgconfig.dll
2010-04-28 21:59 . 2004-08-10 10:00 18944 ----a-w- c:\windows\system32\dllcache\cprofile.exe
2010-04-28 21:58 . 2004-08-10 10:00 6656 ----a-w- c:\windows\system32\dllcache\c_is2022.dll
2010-04-28 21:57 . 2001-08-17 17:11 54271 ----a-w- c:\windows\system32\dllcache\bcm42xx5.sys
2010-04-28 21:56 . 2001-08-17 17:19 553984 ----a-w- c:\windows\system32\dllcache\adm8820.sys
2010-04-28 21:55 . 2001-08-17 19:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-04-28 21:03 . 2010-04-28 21:03 -------- d-----w- c:\documents and settings\Graham\AdobeLicensingFilesBackup
2010-04-28 06:04 . 2010-04-28 06:04 -------- d-----w- c:\program files\BitTorrent
2010-04-28 05:33 . 2010-03-26 15:33 1496064 ----a-w- c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-04-28 05:33 . 2010-03-26 15:33 43008 ----a-w- c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-04-28 05:33 . 2010-03-26 15:33 339456 ----a-w- c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-04-28 05:33 . 2010-03-26 15:32 346112 ----a-w- c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-04-28 02:04 . 2010-04-28 02:05 -------- d-----w- c:\program files\iTunes
2010-04-28 01:58 . 2010-04-28 01:58 -------- d-----w- c:\program files\Bonjour
2010-04-28 01:56 . 2010-04-28 01:56 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.11\SetupAdmin.exe
2010-04-24 07:40 . 2010-04-24 07:40 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-04-20 23:40 . 2010-04-20 23:40 3584 ----a-r- c:\documents and settings\Graham\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-04-20 23:40 . 2010-04-20 23:40 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-04-19 21:24 . 2010-04-19 21:24 84480 ----a-w- c:\documents and settings\Graham\Application Data\SystemRequirementsLab\srlproxy_intel_4.1.66.0A.dll
2010-04-18 17:54 . 2010-04-27 12:31 -------- d-----w- c:\documents and settings\Graham\Application Data\GHISLER
2010-04-18 17:54 . 2009-09-24 12:50 545 ----a-w- c:\windows\UC.PIF
2010-04-18 17:54 . 2009-09-24 12:50 545 ----a-w- c:\windows\RAR.PIF
2010-04-18 17:54 . 2009-09-24 12:50 545 ----a-w- c:\windows\PKZIP.PIF
2010-04-18 17:54 . 2009-09-24 12:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-04-18 17:54 . 2009-09-24 12:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-04-18 17:54 . 2009-09-24 12:50 545 ----a-w- c:\windows\LHA.PIF
2010-04-18 17:54 . 2009-09-24 12:50 545 ----a-w- c:\windows\ARJ.PIF
2010-04-18 17:46 . 2010-02-04 15:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-04-18 17:46 . 2010-02-04 15:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-04-18 17:46 . 2010-02-04 15:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-04-18 17:46 . 2010-02-04 15:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-04-16 01:02 . 2010-04-16 01:14 -------- d-----w- c:\program files\NirSoft
2010-04-13 22:52 . 2010-04-13 22:52 -------- d-----w- C:\Python31
2010-04-13 22:49 . 2010-04-13 22:49 -------- d-----w- C:\Python27
2010-04-13 20:44 . 2010-04-07 20:28 253952 ----a-w- c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]\plugins\npCoralIETab.dll
2010-04-12 20:33 . 2010-04-12 20:33 -------- d-----w- c:\program files\WhoCrashed
2010-04-12 18:26 . 2010-04-12 18:26 237320 ----a-w- c:\windows\system32\PDBoot.exe
2010-04-12 05:13 . 2010-03-29 20:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-12 05:13 . 2010-03-29 20:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-11 07:11 . 2010-04-12 05:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-11 03:44 . 2010-04-11 03:44 2291200 ----a-w- c:\windows\system32\python27.dll
2010-04-08 18:20 . 2010-04-08 18:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20 . 2010-04-08 18:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-02 05:18 . 2010-04-02 05:12 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-04-02 05:18 . 2010-04-02 05:11 986904 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-04-02 05:18 . 2009-09-01 11:38 529200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
2010-04-02 05:18 . 2009-09-01 11:37 529200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-04-02 05:18 . 2010-04-02 05:18 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-02 05:18 . 2010-04-02 05:18 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-04-02 05:18 . 2010-04-02 05:18 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-04-02 05:18 . 2010-04-02 05:18 57677 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-04-02 05:17 . 2010-04-02 05:17 84035 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-04-02 05:17 . 2010-04-02 05:17 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-04-02 05:17 . 2010-04-02 05:17 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-04-02 05:17 . 2010-04-02 05:17 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-04-02 05:17 . 2010-04-02 05:17 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-04-02 05:17 . 2010-04-02 05:17 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-04-02 05:17 . 2010-04-02 05:17 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-04-02 05:17 . 2010-04-02 05:17 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-04-02 05:17 . 2010-04-02 05:17 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-04-02 05:17 . 2010-04-02 05:17 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-04-02 05:16 . 2010-04-02 05:16 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-04-02 05:16 . 2010-04-02 05:16 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-02 05:15 . 2010-04-02 05:15 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-04-02 05:15 . 2010-04-02 05:15 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-04-02 05:12 . 2010-04-02 05:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-04-01 21:25 . 2010-04-01 21:25 -------- d-----w- C:\_OTL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 17:58 . 2010-03-29 01:09 -------- d-----w- c:\program files\PeerBlock
2010-05-01 04:10 . 2005-10-26 18:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-01 04:08 . 2005-10-26 19:00 -------- d-----w- c:\program files\Creative
2010-05-01 04:07 . 2007-11-18 06:48 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-05-01 04:07 . 2005-10-26 19:01 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-05-01 03:55 . 2007-10-13 04:23 -------- d-----w- c:\program files\Live for Speed S2 Modified
2010-04-30 03:28 . 2007-05-15 04:13 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-29 12:34 . 2005-11-01 03:26 37274 ----a-w- c:\documents and settings\Graham\Application Data\wklnhst.dat
2010-04-28 21:03 . 2006-12-28 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-04-28 02:04 . 2006-11-17 23:04 -------- d-----w- c:\program files\iPod
2010-04-28 02:04 . 2007-06-30 20:12 -------- d-----w- c:\program files\Common Files\Apple
2010-04-24 02:47 . 2006-12-06 22:51 -------- d-----w- c:\documents and settings\Graham\Application Data\BitTorrent
2010-04-23 06:49 . 2005-10-26 19:00 -------- d-----w- c:\program files\ATI Technologies
2010-04-21 02:07 . 2007-01-02 03:15 -------- d-----w- c:\documents and settings\Graham\Application Data\DivX
2010-04-20 23:40 . 2009-11-13 01:23 -------- d-----w- c:\program files\MSECACHE
2010-04-19 21:25 . 2009-10-15 22:22 -------- d-----w- c:\program files\SystemRequirementsLab
2010-04-19 21:24 . 2009-10-15 22:22 -------- d-----w- c:\documents and settings\Graham\Application Data\SystemRequirementsLab
2010-04-18 14:55 . 2005-11-10 03:15 -------- d-----w- c:\program files\NovaLogic
2010-04-13 20:53 . 2007-03-28 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-02 05:18 . 2007-01-02 02:54 -------- d-----w- c:\program files\DivX
2010-04-02 05:15 . 2009-09-01 11:34 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-31 03:00 . 2010-03-31 03:00 -------- d-----w- c:\program files\Common Files\Java
2010-03-31 02:59 . 2008-11-22 01:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-30 23:30 . 2010-03-30 23:30 11024 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2010-03-30 23:30 . 2007-01-15 01:33 3494576 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-03-30 23:29 . 2010-03-30 23:29 15607 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2010-03-30 22:37 . 2010-03-30 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-03-30 22:33 . 2006-01-27 03:53 -------- d-----w- c:\program files\QuickTime
2010-03-30 07:28 . 2010-03-06 20:19 -------- d-----w- c:\program files\CCleaner
2010-03-29 01:33 . 2010-03-29 01:33 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-29 01:32 . 2006-03-03 02:43 -------- d-----w- c:\program files\Google
2010-03-29 01:09 . 2008-10-25 22:44 -------- d-----w- c:\program files\PeerGuardian2
2010-03-27 17:57 . 2007-10-08 23:36 -------- d-----w- c:\program files\Live for Speed S2
2010-03-21 05:43 . 2010-03-21 05:43 2137600 ----a-w- c:\windows\system32\python31.dll
2010-03-10 05:07 . 2009-10-22 23:57 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-03-10 00:27 . 2010-03-10 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2010-03-10 00:27 . 2010-01-27 02:58 -------- d-----w- c:\program files\Raxco
2010-03-09 11:09 . 2004-08-19 20:49 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-26 05:43 . 2004-08-19 20:49 667136 ------w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2004-08-19 20:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 15:16 . 2009-10-03 19:56 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 13:11 . 2005-10-26 18:34 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-16 14:08 . 2004-08-19 20:49 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 03:59 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-19 20:49 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-19 20:49 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-11 07:38 . 2010-04-30 23:37 3565056 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-02-11 05:17 . 2010-04-30 23:37 11845632 ----a-w- c:\windows\system32\atioglxx.dll
2010-02-11 05:07 . 2010-04-30 23:37 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2010-02-11 04:46 . 2007-03-15 01:58 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-02-11 04:45 . 2010-04-30 23:37 325120 ----a-w- c:\windows\system32\ati2dvag.dll
2010-02-11 04:45 . 2007-07-28 03:30 325120 ----a-w- c:\windows\system32\ati2dvag.dll.tmp
2010-02-11 04:37 . 2007-09-29 02:47 290816 ----a-w- c:\windows\system32\atiok3x2.dll
2010-02-11 04:36 . 2010-04-30 23:37 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2010-02-11 04:35 . 2010-04-30 23:37 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-02-11 04:35 . 2010-04-30 23:37 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-02-11 04:35 . 2010-04-30 23:37 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-02-11 04:35 . 2010-04-30 23:37 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2010-02-11 04:33 . 2010-04-30 23:37 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-02-11 04:32 . 2010-04-30 23:37 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-02-11 04:25 . 2010-04-30 23:37 3818144 ----a-w- c:\windows\system32\ati3duag.dll
2010-02-11 04:25 . 2005-10-26 18:35 3818144 ----a-w- c:\windows\system32\ati3duag.dll.tmp
2010-02-11 04:23 . 2010-02-11 04:23 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-02-11 04:22 . 2010-02-11 04:22 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-02-11 04:21 . 2010-02-11 04:21 3227648 ----a-w- c:\windows\system32\aticaldd.dll
2010-02-11 04:19 . 2010-04-30 23:37 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-02-11 04:12 . 2010-04-30 23:37 2670592 ----a-w- c:\windows\system32\ativvaxx.dll
2010-02-11 04:12 . 2005-10-26 18:35 2670592 ----a-w- c:\windows\system32\ativvaxx.dll.tmp
2010-02-11 04:12 . 2007-09-29 02:36 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-02-11 04:12 . 2007-09-29 02:36 3107788 ----a-w- c:\windows\system32\ativva5x.dat
2010-02-11 03:59 . 2010-02-11 03:59 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-11 03:55 . 2010-04-30 23:37 475136 ----a-w- c:\windows\system32\atikvmag.dll
2010-02-11 03:54 . 2010-02-11 03:54 126976 ----a-w- c:\windows\system32\atiadlxx.dll
2010-02-11 03:53 . 2010-04-30 23:37 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-02-11 03:47 . 2010-04-30 23:37 626688 ----a-w- c:\windows\system32\ati2cqag.dll
2010-02-11 03:47 . 2005-10-26 18:35 626688 ----a-w- c:\windows\system32\ati2cqag.dll.tmp
2010-02-11 02:20 . 2007-11-14 05:12 593920 ------w- c:\windows\system32\ati2sgag.exe
2008-03-29 20:18 . 2005-10-28 04:27 3558 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-03-09 1738352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-24 142120]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"P17Helper"="P17.dll" [2005-05-04 64512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Auto Detect.lnk - c:\program files\iConcepts Music Express\MEAutoDetect.exe [2007-9-22 270336]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-10-26 24576]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-06-10 08:57 136472 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-06-10 09:02 904840 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\acs\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2003-09-17 15:43 57344 ----a-w- c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2007-04-02 10:24 113400 ----a-w- c:\program files\Sonic\Product\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 19:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2009-07-20 19:52 41264 ----a-w- c:\program files\Common Files\AOL\1130467576\EE\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2005-05-04 00:38 64512 ----a-w- c:\windows\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-11 04:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 16:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2009-06-10 08:55 1326080 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2 (0x2)
"usnjsvc"=3 (0x3)
"WUSB54GCSVC"=3 (0x3)
"wlidsvc"=2 (0x2)
"Roxio Upnp Server 9"=3 (0x3)
"Roxio UPnP Renderer 9"=3 (0x3)
"Pml Driver HPZ12"=3 (0x3)
"idsvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"DSBrokerService"=3 (0x3)
"Creative Service for CDROM Access"=3 (0x3)
"BcmSqlStartupSvc"=2 (0x2)
"AOL ACS"=3 (0x3)
"AcrSch2Svc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1130467576\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\1130467576\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1130467576\\EE\\aim6.exe"=
"c:\\WINDOWS\\kdx\\khost.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Terminal Reality\\4x4 Evo2\\4x42.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Live for Speed S2\\LFS.exe"=
"c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"= c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:192.168.1.1/255.255.255.255:Disabled:Adobe CSI CS4
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"f:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"=
"c:\\Program Files\\AOL 9.6\\waol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"3689:TCP"= 3689:TCP:iPhone 3G Remote
"5353:TCP"= 5353:TCP:iPhone 3G Remote
"8889:TCP"= 8889:TCP:iPhone

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [12/6/2005 10:11 AM 35328]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/21/2007 8:45 PM 682232]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 cpuz126;cpuz126;\??\c:\docume~1\Graham\LOCALS~1\Temp\cpuz.sys --> c:\docume~1\Graham\LOCALS~1\Temp\cpuz.sys [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [10/19/2006 10:45 AM 10664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/12/2010 12:13 AM 38224]
S3 SysProtDrv.sys;SysProtDrv.sys;c:\documents and settings\Graham\Desktop\Alureon.G\SysProt\SysProtDrv.sys [4/10/2010 6:27 PM 44288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2010-04-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2007-04-05 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2006-11-22 01:09]

2010-04-30 c:\windows\Tasks\{5A946781-7F50-46F7-B9B9-3B43599481E3}_XPS400_Graham.job
- c:\windows\system32\mobsync.exe [2004-08-19 00:12]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 64.34.161.90:80
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Save with Download Manager... - c:\program files\J River\Media Jukebox\DMDownload.htm
Trusted Zone: musicmatch.com\online
TCP: {2F69DF63-90DE-4818-A569-A6BCFA5464FD} = 24.177.176.38,24.197.160.18
FF - ProfilePath - c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: network.proxy.ftp - 64.90.179.108
FF - prefs.js: network.proxy.gopher - 64.90.179.108
FF - prefs.js: network.proxy.socks - 64.90.179.108
FF - prefs.js: network.proxy.ssl - 64.90.179.108
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]\plugins\npCoralIETab.dll
FF - plugin: c:\documents and settings\Graham\Application Data\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-855771979-2752217130-3050068086-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1236)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1292)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-05-01 13:14:14
ComboFix-quarantined-files.txt 2010-05-01 18:14
ComboFix2.txt 2010-04-02 11:36
ComboFix3.txt 2010-04-01 22:07

Pre-Run: 11,234,562,048 bytes free
Post-Run: 11,481,518,080 bytes free

- - End Of File - - B68DB688B07002175661E4F693EC9814




+++++++++++++++++++++++++++
+ File Lister Version 1.1.4 +
+ +
+ By bamajim / SpywareHammer.com +
+++++++++++++++++++++++++++

Report ran on --->>> 5/1/2010 1:21:10 PM

====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Internet Explorer\iexplore.exe

====== BHO's ======
BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}\ - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

BHO: (NO NAME) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: (NO NAME) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

====== System Keys (some whitelisted items will not be shown)======

Winlogon\Userinit = C:\WINDOWS\system32\userinit.exe,
Winlogon\Shell = Explorer.exe

====== HKLM\~\Run Keys ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

[iTunesHelper] = "C:\Program Files\iTunes\iTunesHelper.exe"
[XboxStat] = "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
[MSSE] = "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
[IntelliPoint] = "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
[IAAnotif] = C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
[ATIPTA] = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
[P17Helper] = Rundll32 P17.dll,P17Helper

====== HKCU\~\Run Keys ======

[PeerBlock] = C:\Program Files\PeerBlock\peerblock.exe

====== DNS Info (List may be empty) ======

HKEY_LOCAL_MACHINE\CCS\~\{2F69DF63-90DE-4818-A569-A6BCFA5464FD}\ NameServer= 24.177.176.38,24.197.160.18

NV Hostname = XPS400
DataBasePath = %SystemRoot%\System32\drivers\etc
ForwardBroadcasts = 0
IPEnableRouter = 0
Hostname = XPS400
UseDomainNameDevolution = 1
DeadGWDetectDefault = 1
DontAddDefaultGatewayDefault = 0
TcpMaxDataRetransmissions = 5

====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

4/1/2010 4:44:49 PM 8140197 C:\cmdcons
4/1/2010 4:44:55 PM 860672 C:\cmdcons\SYSTEM32
5/1/2010 12:58:45 PM 467056 C:\ComboFix
4/13/2010 5:49:14 PM 43835625 C:\Python27
4/13/2010 5:49:33 PM 6161564 C:\Python27\DLLs
4/13/2010 5:49:43 PM 5661447 C:\Python27\Doc
4/13/2010 5:49:34 PM 447234 C:\Python27\include
4/13/2010 5:49:15 PM 22637232 C:\Python27\Lib
4/13/2010 5:49:33 PM 317852 C:\Python27\Lib\bsddb
4/13/2010 5:49:33 PM 234082 C:\Python27\Lib\bsddb\test
4/13/2010 5:49:33 PM 193782 C:\Python27\Lib\compiler
4/13/2010 5:49:32 PM 255862 C:\Python27\Lib\ctypes
4/13/2010 5:49:33 PM 10478 C:\Python27\Lib\ctypes\macholib
4/13/2010 5:49:32 PM 210530 C:\Python27\Lib\ctypes\test
4/13/2010 5:49:32 PM 19843 C:\Python27\Lib\curses
4/13/2010 5:49:31 PM 1445648 C:\Python27\Lib\distutils
4/13/2010 5:49:31 PM 866932 C:\Python27\Lib\distutils\command
4/13/2010 5:49:31 PM 173015 C:\Python27\Lib\distutils\tests
4/13/2010 5:49:30 PM 516515 C:\Python27\Lib\email
4/13/2010 5:49:31 PM 11365 C:\Python27\Lib\email\mime
4/13/2010 5:49:30 PM 344632 C:\Python27\Lib\email\test
4/13/2010 5:49:30 PM 86861 C:\Python27\Lib\email\test\data
4/13/2010 5:49:29 PM 1338389 C:\Python27\Lib\encodings
4/13/2010 5:49:29 PM 12550 C:\Python27\Lib\hotshot
4/13/2010 5:49:29 PM 716375 C:\Python27\Lib\idlelib
4/13/2010 5:49:29 PM 58065 C:\Python27\Lib\idlelib\Icons
4/13/2010 5:49:29 PM 1365 C:\Python27\Lib\importlib
4/13/2010 5:49:28 PM 70678 C:\Python27\Lib\json
4/13/2010 5:49:29 PM 24918 C:\Python27\Lib\json\tests
4/13/2010 5:49:28 PM 582895 C:\Python27\Lib\lib-tk
4/13/2010 5:49:28 PM 75056 C:\Python27\Lib\lib-tk\test
4/13/2010 5:49:28 PM 2675 C:\Python27\Lib\lib-tk\test\test_tkinter
4/13/2010 5:49:28 PM 70020 C:\Python27\Lib\lib-tk\test\test_ttk
4/13/2010 5:49:27 PM 603493 C:\Python27\Lib\lib2to3
4/13/2010 5:49:28 PM 101439 C:\Python27\Lib\lib2to3\fixes
4/13/2010 5:49:28 PM 65475 C:\Python27\Lib\lib2to3\pgen2
4/13/2010 5:49:27 PM 339554 C:\Python27\Lib\lib2to3\tests
4/13/2010 5:49:27 PM 160383 C:\Python27\Lib\lib2to3\tests\data
4/13/2010 5:49:28 PM 1079 C:\Python27\Lib\lib2to3\tests\data\fixers
4/13/2010 5:49:28 PM 884 C:\Python27\Lib\lib2to3\tests\data\fixers\myfixes
4/13/2010 5:49:27 PM 140597 C:\Python27\Lib\logging
4/13/2010 5:49:27 PM 115981 C:\Python27\Lib\msilib
4/13/2010 5:49:27 PM 152617 C:\Python27\Lib\multiprocessing
4/13/2010 5:49:27 PM 4508 C:\Python27\Lib\multiprocessing\dummy
4/13/2010 5:49:27 PM 424010 C:\Python27\Lib\pydoc_data
4/13/2010 5:49:27 PM 121 C:\Python27\Lib\site-packages
4/13/2010 5:49:27 PM 103041 C:\Python27\Lib\sqlite3
4/13/2010 5:49:27 PM 96864 C:\Python27\Lib\sqlite3\test
4/13/2010 5:49:18 PM 11117422 C:\Python27\Lib\test
4/13/2010 5:49:27 PM 7774 C:\Python27\Lib\test\crashers
4/13/2010 5:49:25 PM 4445817 C:\Python27\Lib\test\decimaltestdata
4/13/2010 5:49:25 PM 2140 C:\Python27\Lib\test\leakers
4/13/2010 5:49:25 PM 3267 C:\Python27\Lib\test\xmltestdata
4/13/2010 5:49:18 PM 274120 C:\Python27\Lib\unittest
4/13/2010 5:49:18 PM 182602 C:\Python27\Lib\unittest\test
4/13/2010 5:49:18 PM 48671 C:\Python27\Lib\wsgiref
4/13/2010 5:49:18 PM 278610 C:\Python27\Lib\xml
4/13/2010 5:49:18 PM 142414 C:\Python27\Lib\xml\dom
4/13/2010 5:49:18 PM 74224 C:\Python27\Lib\xml\etree
4/13/2010 5:49:18 PM 293 C:\Python27\Lib\xml\parsers
4/13/2010 5:49:18 PM 60658 C:\Python27\Lib\xml\sax
4/13/2010 5:49:35 PM 1097890 C:\Python27\libs
4/13/2010 5:49:35 PM 6846173 C:\Python27\tcl
4/13/2010 5:49:43 PM 19278 C:\Python27\tcl\dde1.3
4/13/2010 5:49:42 PM 18814 C:\Python27\tcl\reg1.2
4/13/2010 5:49:42 PM 165466 C:\Python27\tcl\tcl8
4/13/2010 5:49:42 PM 52156 C:\Python27\tcl\tcl8\8.4
4/13/2010 5:49:42 PM 5838 C:\Python27\tcl\tcl8\8.4\platform
4/13/2010 5:49:42 PM 113310 C:\Python27\tcl\tcl8\8.5
4/13/2010 5:49:38 PM 3278068 C:\Python27\tcl\tcl8.5
4/13/2010 5:49:42 PM 1413736 C:\Python27\tcl\tcl8.5\encoding
4/13/2010 5:49:42 PM 10494 C:\Python27\tcl\tcl8.5\http1.0
4/13/2010 5:49:41 PM 112332 C:\Python27\tcl\tcl8.5\msgs
4/13/2010 5:49:41 PM 33620 C:\Python27\tcl\tcl8.5\opt0.4
4/13/2010 5:49:38 PM 1451874 C:\Python27\tcl\tcl8.5\tzdata
4/13/2010 5:49:41 PM 41089 C:\Python27\tcl\tcl8.5\tzdata\Africa
4/13/2010 5:49:40 PM 645699 C:\Python27\tcl\tcl8.5\tzdata\America
4/13/2010 5:49:41 PM 77165 C:\Python27\tcl\tcl8.5\tzdata\America\Argentina
4/13/2010 5:49:41 PM 57371 C:\Python27\tcl\tcl8.5\tzdata\America\Indiana
4/13/2010 5:49:41 PM 17611 C:\Python27\tcl\tcl8.5\tzdata\America\Kentucky
4/13/2010 5:49:41 PM 16559 C:\Python27\tcl\tcl8.5\tzdata\America\North_Dakota
4/13/2010 5:49:40 PM 16607 C:\Python27\tcl\tcl8.5\tzdata\Antarctica
4/13/2010 5:49:40 PM 176 C:\Python27\tcl\tcl8.5\tzdata\Arctic
4/13/2010 5:49:39 PM 181163 C:\Python27\tcl\tcl8.5\tzdata\Asia
4/13/2010 5:49:39 PM 51011 C:\Python27\tcl\tcl8.5\tzdata\Atlantic
4/13/2010 5:49:39 PM 59789 C:\Python27\tcl\tcl8.5\tzdata\Australia
4/13/2010 5:49:39 PM 737 C:\Python27\tcl\tcl8.5\tzdata\Brazil
4/13/2010 5:49:39 PM 1685 C:\Python27\tcl\tcl8.5\tzdata\Canada
4/13/2010 5:49:39 PM 373 C:\Python27\tcl\tcl8.5\tzdata\Chile
4/13/2010 5:49:39 PM 4207 C:\Python27\tcl\tcl8.5\tzdata\Etc
4/13/2010 5:49:38 PM 341361 C:\Python27\tcl\tcl8.5\tzdata\Europe
4/13/2010 5:49:38 PM 1722 C:\Python27\tcl\tcl8.5\tzdata\Indian
4/13/2010 5:49:38 PM 566 C:\Python27\tcl\tcl8.5\tzdata\Mexico
4/13/2010 5:49:38 PM 33436 C:\Python27\tcl\tcl8.5\tzdata\Pacific
4/13/2010 5:49:38 PM 2459 C:\Python27\tcl\tcl8.5\tzdata\SystemV
4/13/2010 5:49:38 PM 2426 C:\Python27\tcl\tcl8.5\tzdata\US
4/13/2010 5:49:36 PM 1264677 C:\Python27\tcl\tix8.4.3
4/13/2010 5:49:37 PM 18303 C:\Python27\tcl\tix8.4.3\bitmaps
4/13/2010 5:49:36 PM 246247 C:\Python27\tcl\tix8.4.3\demos
4/13/2010 5:49:37 PM 38718 C:\Python27\tcl\tix8.4.3\demos\bitmaps
4/13/2010 5:49:36 PM 157421 C:\Python27\tcl\tix8.4.3\demos\samples
4/13/2010 5:49:36 PM 230453 C:\Python27\tcl\tix8.4.3\pref
4/13/2010 5:49:35 PM 1399693 C:\Python27\tcl\tk8.5
4/13/2010 5:49:35 PM 684237 C:\Python27\tcl\tk8.5\demos
4/13/2010 5:49:36 PM 277824 C:\Python27\tcl\tk8.5\demos\images
4/13/2010 5:49:35 PM 97217 C:\Python27\tcl\tk8.5\images
4/13/2010 5:49:35 PM 69298 C:\Python27\tcl\tk8.5\msgs
4/13/2010 5:49:35 PM 99406 C:\Python27\tcl\tk8.5\ttk
4/13/2010 5:49:43 PM 563409 C:\Python27\Tools
4/13/2010 5:49:43 PM 30557 C:\Python27\Tools\i18n
4/13/2010 5:49:43 PM 134262 C:\Python27\Tools\pynche
4/13/2010 5:49:43 PM 19509 C:\Python27\Tools\pynche\X
4/13/2010 5:49:43 PM 320587 C:\Python27\Tools\Scripts
4/13/2010 5:49:43 PM 8249 C:\Python27\Tools\versioncheck
4/13/2010 5:49:43 PM 69754 C:\Python27\Tools\webchecker
4/13/2010 5:52:36 PM 39588252 C:\Python31
4/13/2010 5:52:49 PM 5009564 C:\Python31\DLLs
4/13/2010 5:52:58 PM 5108933 C:\Python31\Doc
4/13/2010 5:52:50 PM 423256 C:\Python31\include
4/13/2010 5:52:36 PM 20324499 C:\Python31\Lib
4/13/2010 5:52:49 PM 254297 C:\Python31\Lib\ctypes
4/13/2010 5:52:49 PM 9385 C:\Python31\Lib\ctypes\macholib
4/13/2010 5:52:49 PM 211110 C:\Python31\Lib\ctypes\test
4/13/2010 5:52:49 PM 19852 C:\Python31\Lib\curses
4/13/2010 5:52:49 PM 16177 C:\Python31\Lib\dbm
4/13/2010 5:52:47 PM 1467149 C:\Python31\Lib\distutils
4/13/2010 5:52:48 PM 867895 C:\Python31\Lib\distutils\command
4/13/2010 5:52:48 PM 162297 C:\Python31\Lib\distutils\tests
4/13/2010 5:52:47 PM 391105 C:\Python31\Lib\email
4/13/2010 5:52:47 PM 11356 C:\Python31\Lib\email\mime
4/13/2010 5:52:47 PM 222088 C:\Python31\Lib\email\test
4/13/2010 5:52:47 PM 86564 C:\Python31\Lib\email\test\data
4/13/2010 5:52:46 PM 1290187 C:\Python31\Lib\encodings
4/13/2010 5:52:46 PM 32089 C:\Python31\Lib\html
4/13/2010 5:52:46 PM 183874 C:\Python31\Lib\http
4/13/2010 5:52:45 PM 715752 C:\Python31\Lib\idlelib
4/13/2010 5:52:45 PM 58065 C:\Python31\Lib\idlelib\Icons
4/13/2010 5:52:45 PM 147214 C:\Python31\Lib\importlib
4/13/2010 5:52:45 PM 108434 C:\Python31\Lib\importlib\test
4/13/2010 5:52:45 PM 5059 C:\Python31\Lib\importlib\test\builtin
4/13/2010 5:52:45 PM 5591 C:\Python31\Lib\importlib\test\extension
4/13/2010 5:52:45 PM 5200 C:\Python31\Lib\importlib\test\frozen
4/13/2010 5:52:45 PM 31461 C:\Python31\Lib\importlib\test\import_
4/13/2010 5:52:45 PM 42158 C:\Python31\Lib\importlib\test\source
4/13/2010 5:52:45 PM 66184 C:\Python31\Lib\json
4/13/2010 5:52:45 PM 23562 C:\Python31\Lib\json\tests
4/13/2010 5:52:44 PM 598209 C:\Python31\Lib\lib2to3
4/13/2010 5:52:44 PM 98684 C:\Python31\Lib\lib2to3\fixes
4/13/2010 5:52:44 PM 65530 C:\Python31\Lib\lib2to3\pgen2
4/13/2010 5:52:44 PM 337077 C:\Python31\Lib\lib2to3\tests
4/13/2010 5:52:44 PM 160383 C:\Python31\Lib\lib2to3\tests\data
4/13/2010 5:52:44 PM 1079 C:\Python31\Lib\lib2to3\tests\data\fixers
4/13/2010 5:52:44 PM 884 C:\Python31\Lib\lib2to3\tests\data\fixers\myfixes
4/13/2010 5:52:44 PM 115875 C:\Python31\Lib\logging
4/13/2010 5:52:44 PM 113413 C:\Python31\Lib\msilib
4/13/2010 5:52:44 PM 149766 C:\Python31\Lib\multiprocessing
4/13/2010 5:52:44 PM 4630 C:\Python31\Lib\multiprocessing\dummy
4/13/2010 5:52:44 PM 380582 C:\Python31\Lib\pydoc_data
4/13/2010 5:52:44 PM 121 C:\Python31\Lib\site-packages
4/13/2010 5:52:43 PM 94453 C:\Python31\Lib\sqlite3
4/13/2010 5:52:43 PM 88259 C:\Python31\Lib\sqlite3\test
4/13/2010 5:52:38 PM 10240950 C:\Python31\Lib\test
4/13/2010 5:52:43 PM 7786 C:\Python31\Lib\test\crashers
4/13/2010 5:52:42 PM 4445817 C:\Python31\Lib\test\decimaltestdata
4/13/2010 5:52:42 PM 2140 C:\Python31\Lib\test\leakers
4/13/2010 5:52:38 PM 430764 C:\Python31\Lib\tkinter
4/13/2010 5:52:38 PM 74954 C:\Python31\Lib\tkinter\test
4/13/2010 5:52:38 PM 2684 C:\Python31\Lib\tkinter\test\test_tkinter
4/13/2010 5:52:38 PM 68952 C:\Python31\Lib\tkinter\test\test_ttk
4/13/2010 5:52:38 PM 125521 C:\Python31\Lib\urllib
4/13/2010 5:52:38 PM 50622 C:\Python31\Lib\wsgiref
4/13/2010 5:52:38 PM 259043 C:\Python31\Lib\xml
4/13/2010 5:52:38 PM 142576 C:\Python31\Lib\xml\dom
4/13/2010 5:52:38 PM 54691 C:\Python31\Lib\xml\etree
4/13/2010 5:52:38 PM 293 C:\Python31\Lib\xml\parsers
4/13/2010 5:52:38 PM 60462 C:\Python31\Lib\xml\sax
4/13/2010 5:52:38 PM 75966 C:\Python31\Lib\xmlrpc
4/13/2010 5:52:50 PM 1094670 C:\Python31\libs
4/13/2010 5:52:50 PM 6846173 C:\Python31\tcl
4/13/2010 5:52:57 PM 19278 C:\Python31\tcl\dde1.3
4/13/2010 5:52:56 PM 18814 C:\Python31\tcl\reg1.2
4/13/2010 5:52:56 PM 165466 C:\Python31\tcl\tcl8
4/13/2010 5:52:56 PM 52156 C:\Python31\tcl\tcl8\8.4
4/13/2010 5:52:56 PM 5838 C:\Python31\tcl\tcl8\8.4\platform
4/13/2010 5:52:56 PM 113310 C:\Python31\tcl\tcl8\8.5
4/13/2010 5:52:52 PM 3278068 C:\Python31\tcl\tcl8.5
4/13/2010 5:52:56 PM 1413736 C:\Python31\tcl\tcl8.5\encoding
4/13/2010 5:52:56 PM 10494 C:\Python31\tcl\tcl8.5\http1.0
4/13/2010 5:52:55 PM 112332 C:\Python31\tcl\tcl8.5\msgs
4/13/2010 5:52:55 PM 33620 C:\Python31\tcl\tcl8.5\opt0.4
4/13/2010 5:52:52 PM 1451874 C:\Python31\tcl\tcl8.5\tzdata
4/13/2010 5:52:55 PM 41089 C:\Python31\tcl\tcl8.5\tzdata\Africa
4/13/2010 5:52:54 PM 645699 C:\Python31\tcl\tcl8.5\tzdata\America
4/13/2010 5:52:55 PM 77165 C:\Python31\tcl\tcl8.5\tzdata\America\Argentina
4/13/2010 5:52:55 PM 57371 C:\Python31\tcl\tcl8.5\tzdata\America\Indiana
4/13/2010 5:52:55 PM 17611 C:\Python31\tcl\tcl8.5\tzdata\America\Kentucky
4/13/2010 5:52:55 PM 16559 C:\Python31\tcl\tcl8.5\tzdata\America\North_Dakota
4/13/2010 5:52:54 PM 16607 C:\Python31\tcl\tcl8.5\tzdata\Antarctica
4/13/2010 5:52:54 PM 176 C:\Python31\tcl\tcl8.5\tzdata\Arctic
4/13/2010 5:52:54 PM 181163 C:\Python31\tcl\tcl8.5\tzdata\Asia
4/13/2010 5:52:54 PM 51011 C:\Python31\tcl\tcl8.5\tzdata\Atlantic
4/13/2010 5:52:54 PM 59789 C:\Python31\tcl\tcl8.5\tzdata\Australia
4/13/2010 5:52:53 PM 737 C:\Python31\tcl\tcl8.5\tzdata\Brazil
4/13/2010 5:52:53 PM 1685 C:\Python31\tcl\tcl8.5\tzdata\Canada
4/13/2010 5:52:53 PM 373 C:\Python31\tcl\tcl8.5\tzdata\Chile
4/13/2010 5:52:53 PM 4207 C:\Python31\tcl\tcl8.5\tzdata\Etc
4/13/2010 5:52:53 PM 341361 C:\Python31\tcl\tcl8.5\tzdata\Europe
4/13/2010 5:52:53 PM 1722 C:\Python31\tcl\tcl8.5\tzdata\Indian
4/13/2010 5:52:53 PM 566 C:\Python31\tcl\tcl8.5\tzdata\Mexico
4/13/2010 5:52:53 PM 33436 C:\Python31\tcl\tcl8.5\tzdata\Pacific
4/13/2010 5:52:53 PM 2459 C:\Python31\tcl\tcl8.5\tzdata\SystemV
4/13/2010 5:52:53 PM 2426 C:\Python31\tcl\tcl8.5\tzdata\US
4/13/2010 5:52:51 PM 1264677 C:\Python31\tcl\tix8.4.3
4/13/2010 5:52:52 PM 18303 C:\Python31\tcl\tix8.4.3\bitmaps
4/13/2010 5:52:52 PM 246247 C:\Python31\tcl\tix8.4.3\demos
4/13/2010 5:52:52 PM 38718 C:\Python31\tcl\tix8.4.3\demos\bitmaps
4/13/2010 5:52:52 PM 157421 C:\Python31\tcl\tix8.4.3\demos\samples
4/13/2010 5:52:52 PM 230453 C:\Python31\tcl\tix8.4.3\pref
4/13/2010 5:52:50 PM 1399693 C:\Python31\tcl\tk8.5
4/13/2010 5:52:51 PM 684237 C:\Python31\tcl\tk8.5\demos
4/13/2010 5:52:51 PM 277824 C:\Python31\tcl\tk8.5\demos\images
4/13/2010 5:52:51 PM 97217 C:\Python31\tcl\tk8.5\images
4/13/2010 5:52:50 PM 69298 C:\Python31\tcl\tk8.5\msgs
4/13/2010 5:52:50 PM 99406 C:\Python31\tcl\tk8.5\ttk
4/13/2010 5:52:57 PM 554799 C:\Python31\Tools
4/13/2010 5:52:57 PM 30554 C:\Python31\Tools\i18n
4/13/2010 5:52:57 PM 134156 C:\Python31\Tools\pynche
4/13/2010 5:52:57 PM 19509 C:\Python31\Tools\pynche\X
4/13/2010 5:52:57 PM 312005 C:\Python31\Tools\Scripts
4/13/2010 5:52:58 PM 8264 C:\Python31\Tools\versioncheck
4/13/2010 5:52:58 PM 69820 C:\Python31\Tools\webchecker
4/1/2010 4:37:31 PM 15806402 C:\Qoobox
5/1/2010 1:01:24 PM 12483 C:\Qoobox\BackEnv
4/1/2010 4:37:31 PM 13992846 C:\Qoobox\Quarantine
4/1/2010 4:48:51 PM 13909425 C:\Qoobox\Quarantine\C
4/1/2010 4:55:36 PM 1037 C:\Qoobox\Quarantine\C\Documents and Settings
4/1/2010 4:55:36 PM 1037 C:\Qoobox\Quarantine\C\Documents and Settings\Graham
4/1/2010 4:55:36 PM 1037 C:\Qoobox\Quarantine\C\Documents and Settings\Graham\Start Menu
4/1/2010 4:55:36 PM 1037 C:\Qoobox\Quarantine\C\Documents and Settings\Graham\Start Menu\Programs
4/1/2010 4:55:36 PM 1037 C:\Qoobox\Quarantine\C\Documents and Settings\Graham\Start Menu\Programs\AVI Codec Pack +
4/1/2010 4:55:36 PM 4138279 C:\Qoobox\Quarantine\C\Program Files
4/1/2010 4:55:36 PM 4138279 C:\Qoobox\Quarantine\C\Program Files\AVI Codec Pack
4/1/2010 4:55:36 PM 1667153 C:\Qoobox\Quarantine\C\Program Files\AVI Codec Pack\DivX 3.11
4/1/2010 4:55:38 PM 1916963 C:\Qoobox\Quarantine\C\Program Files\AVI Codec Pack\ffdhow
4/1/2010 4:55:39 PM 321536 C:\Qoobox\Quarantine\C\Program Files\AVI Codec Pack\LAYER-3
4/1/2010 4:55:40 PM 9770109 C:\Qoobox\Quarantine\C\WINDOWS
4/2/2010 6:25:14 AM 39424 C:\Qoobox\Quarantine\C\WINDOWS\AppPatch
4/1/2010 4:55:40 PM 241 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files
4/1/2010 4:55:40 PM 9374092 C:\Qoobox\Quarantine\C\WINDOWS\system32
4/2/2010 6:25:14 AM 123136 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers
4/1/2010 4:37:31 PM 18780 C:\Qoobox\Quarantine\Registry_backups
4/1/2010 4:25:40 PM 67243663 C:\_OTL
4/1/2010 4:25:40 PM 67243663 C:\_OTL\MovedFiles
4/1/2010 4:25:40 PM 17337614 C:\_OTL\MovedFiles\04012010_162540
4/1/2010 4:25:43 PM 0 C:\_OTL\MovedFiles\04012010_162540\C_Documents and Settings
4/1/2010 4:25:43 PM 0 C:\_OTL\MovedFiles\04012010_162540\C_Documents and Settings\Graham
4/1/2010 4:25:43 PM 0 C:\_OTL\MovedFiles\04012010_162540\C_Documents and Settings\Graham\Application Data
4/1/2010 4:25:43 PM 0 4/1/2010 4:45:00 PM 209 32 C:\Boot.bak
4/1/2010 4:44:55 PM 260272 32 C:\cmldr
5/1/2010 1:14:15 PM 38230 32 C:\ComboFix.txt
4/30/2010 6:53:18 PM 3756167168 38 C:\hiberfil.sys
4/2/2010 6:37:47 AM 34526 32 C:\TDSSKiller.2.2.8.1_02.04.2010_06.37.47_log.txt
4/12/2010 8:31:44 PM 1218 32 C:\VEW.txt
4/1/2010 4:43:06 PM 196633830 C:\WINDOWS\ERDNT
4/1/2010 5:05:47 PM 21430768 C:\WINDOWS\ERDNT\cache
4/1/2010 4:43:06 PM 88087876 C:\WINDOWS\ERDNT\Hiv-backup
5/1/2010 1:01:21 PM 17379328 C:\WINDOWS\ERDNT\Hiv-backup\Users
5/1/2010 1:01:21 PM 241664 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001
5/1/2010 1:01:21 PM 8192 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002
5/1/2010 1:01:21 PM 237568 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003
5/1/2010 1:01:21 PM 8192 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004
5/1/2010 1:01:21 PM 16560128 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005
5/1/2010 1:01:21 PM 323584 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006
4/2/2010 6:25:38 AM 87115076 C:\WINDOWS\ERDNT\subs
4/2/2010 6:25:41 AM 16392192 C:\WINDOWS\ERDNT\subs\Users
4/2/2010 6:25:41 AM 241664 C:\WINDOWS\ERDNT\subs\Users\00000001
4/2/2010 6:25:41 AM 8192 C:\WINDOWS\ERDNT\subs\Users\00000002
4/2/2010 6:25:41 AM 237568 C:\WINDOWS\ERDNT\subs\Users\00000003
4/2/2010 6:25:41 AM 8192 C:\WINDOWS\ERDNT\subs\Users\00000004
4/2/2010 6:25:41 AM 15572992 C:\WINDOWS\ERDNT\subs\Users\00000005
4/2/2010 6:25:42 AM 323584 C:\WINDOWS\ERDNT\subs\Users\00000006
4/2/2010 6:25:32 AM 32768 C:\WINDOWS\temp
5/1/2010 12:35:43 PM 0 32 C:\WINDOWS\0.log
4/18/2010 12:54:00 PM 545 32 C:\WINDOWS\ARJ.PIF
4/1/2010 4:43:31 PM 80412 32 C:\WINDOWS\grep.exe
4/18/2010 12:54:00 PM 545 32 C:\WINDOWS\LHA.PIF
4/1/2010 4:43:32 PM 77312 32 C:\WINDOWS\MBR.exe
4/1/2010 4:43:31 PM 31232 32 C:\WINDOWS\NIRCMD.exe
4/18/2010 12:54:00 PM 545 32 C:\WINDOWS\NOCLOSE.PIF
5/1/2010 1:00:58 PM 256512 32 C:\WINDOWS\PEV.exe
3/30/2010 9:51:31 PM 1091826 32 C:\WINDOWS\pfirewall.log
3/30/2010 9:51:31 PM 4194840 32 C:\WINDOWS\pfirewall.log.old
4/18/2010 12:54:00 PM 545 32 C:\WINDOWS\PKUNZIP.PIF
4/18/2010 12:54:00 PM 545 32 C:\WINDOWS\PKZIP.PIF
4/18/2010 12:54:00 PM 545 32 C:\WINDOWS\RAR.PIF
3/30/2010 9:51:05 PM 32048 32 C:\WINDOWS\SchedLgU.Txt
4/1/2010 4:43:31 PM 98816 32 C:\WINDOWS\sed.exe
4/30/2010 10:33:14 PM 6095 32 C:\WINDOWS\setupapi.log
4/24/2010 12:25:00 PM 0 0 C:\WINDOWS\Sti_Trace.log
4/1/2010 4:43:31 PM 161792 32 C:\WINDOWS\SWREG.exe
4/1/2010 4:43:31 PM 136704 32 C:\WINDOWS\SWSC.exe
4/1/2010 4:43:30 PM 212480 32 C:\WINDOWS\SWXCACLS.exe
4/18/2010 12:54:00 PM 545 32 C:\WINDOWS\UC.PIF
4/24/2010 12:25:01 PM 216 32 C:\WINDOWS\wiadebug.log
4/24/2010 12:25:00 PM 48 32 C:\WINDOWS\wiaservc.log
3/30/2010 9:50:01 PM 1461695 32 C:\WINDOWS\WindowsUpdate.log
4/1/2010 4:43:31 PM 68096 32 C:\WINDOWS\zip.exe
4/30/2010 6:37:09 PM 626688 32 C:\WINDOWS\system32\ati2cqag.dll
4/30/2010 6:37:19 PM 325120 32 C:\WINDOWS\system32\ati2dvag.dll
4/30/2010 6:37:14 PM 43520 32 C:\WINDOWS\system32\ati2edxx.dll
4/30/2010 6:37:12 PM 155648 32 C:\WINDOWS\system32\ati2evxx.dll
4/30/2010 6:37:11 PM 602112 32 C:\WINDOWS\system32\ati2evxx.exe
4/30/2010 6:37:10 PM 26112 32 C:\WINDOWS\system32\Ati2mdxx.exe
4/30/2010 6:37:10 PM 3818144 32 C:\WINDOWS\system32\ati3duag.dll
4/30/2010 6:37:11 PM 53248 32 C:\WINDOWS\system32\ATIDDC.DLL
4/30/2010 6:37:15 PM 303104 32 C:\WINDOWS\system32\ATIDEMGR.dll
4/30/2010 6:37:15 PM 7167 32 C:\WINDOWS\system32\atifglpf.xml
4/30/2010 6:37:11 PM 189051 32 C:\WINDOWS\system32\atiicdxx.dat
4/30/2010 6:37:19 PM 307200 32 C:\WINDOWS\system32\atiiiexx.dll
4/30/2010 6:37:15 PM 475136 32 C:\WINDOWS\system32\atikvmag.dll
4/30/2010 6:37:15 PM 6684672 32 C:\WINDOWS\system32\atioglx1.dll
4/30/2010 6:37:15 PM 11845632 32 C:\WINDOWS\system32\atioglxx.dll
4/30/2010 6:37:14 PM 204800 32 C:\WINDOWS\system32\atipdlxx.dll
4/30/2010 6:37:11 PM 17408 32 C:\WINDOWS\system32\atitvo32.dll
4/30/2010 6:37:10 PM 2670592 32 C:\WINDOWS\system32\ativvaxx.dll
3/2/2010 1:16:04 PM 353592 32 C:\WINDOWS\system32\DivXControlPanelApplet.cpl
4/8/2010 1:20:02 PM 107808 32 C:\WINDOWS\system32\dns-sd.exe
4/8/2010 1:20:02 PM 91424 32 C:\WINDOWS\system32\dnssd.dll
3/8/2010 12:59:18 PM 94208 32 C:\WINDOWS\system32\dpl100.dll
3/30/2010 10:00:09 PM 145184 32 C:\WINDOWS\system32\java.exe
3/30/2010 10:00:09 PM 73728 32 C:\WINDOWS\system32\javacpl.cpl
3/30/2010 10:00:09 PM 145184 32 C:\WINDOWS\system32\javaw.exe
3/30/2010 10:00:09 PM 153376 32 C:\WINDOWS\system32\javaws.exe
4/30/2010 6:37:14 PM 155648 32 C:\WINDOWS\system32\Oemdspif.dll
4/12/2010 1:26:02 PM 237320 32 C:\WINDOWS\system32\PDBoot.exe
4/10/2010 10:44:10 PM 2291200 32 C:\WINDOWS\system32\python27.dll
3/21/2010 12:43:00 AM 2137600 32 C:\WINDOWS\system32\python31.dll
3/17/2010 9:53:42 PM 69632 32 C:\WINDOWS\system32\QuickTime.qts
3/17/2010 9:53:42 PM 94208 32 C:\WINDOWS\system32\QuickTimeVR.qtx
3/30/2010 6:30:06 PM 33846 32 C:\WINDOWS\system32\SpoonUninstall-dBpoweramp DSP Effects.bmp
3/30/2010 6:30:06 PM 11024 32 C:\WINDOWS\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
3/30/2010 6:29:59 PM 33846 32 C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
3/30/2010 6:29:59 PM 15607 32 C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
4/18/2010 12:46:48 PM 22360 32 C:\WINDOWS\system32\X3DAudio1_7.dll
4/18/2010 12:46:48 PM 238936 32 C:\WINDOWS\system32\xactengine3_6.dll
4/18/2010 12:46:49 PM 74072 32 C:\WINDOWS\system32\XAPOFX1_4.dll
4/18/2010 12:46:49 PM 528216 32 C:\WINDOWS\system32\XAudio2_6.dll

====== "\Administrator & All Users\Startup" Last 60 Days======


4/28/2010 4:54:49 PM 1741 32 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk
4/28/2010 4:54:49 PM 493 32 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
4/28/2010 4:54:49 PM 1787 32 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

====== "\Program Files" Last 60 Days======

4/28/2010 1:04:42 AM 1111409 C:\Program Files\BitTorrent
4/27/2010 8:58:30 PM 599827 C:\Program Files\Bonjour
3/6/2010 3:19:24 PM 2812120 C:\Program Files\CCleaner
4/27/2010 9:04:01 PM 126470055 C:\Program Files\iTunes
4/11/2010 2:11:59 AM 3947668 C:\Program Files\Malwarebytes' Anti-Malware
4/15/2010 8:02:21 PM 0 C:\Program Files\NirSoft
3/28/2010 8:09:07 PM 30668956 C:\Program Files\PeerBlock
4/12/2010 3:33:43 PM 2155705 C:\Program Files\WhoCrashed
4/20/2010 6:40:20 PM 142742 C:\Program Files\Windows Installer Clean Up

======"Drivers" Modified Last 60 Days======

4/12/2010 12:13:53 AM 20824 32 C:\WINDOWS\system32\drivers\mbam.sys
4/12/2010 12:13:56 AM 38224 32 C:\WINDOWS\system32\drivers\mbamswissarmy.sys

====== Files Deleted under "%Temp%" ======

0 Files deleted

======"All Users\Application Data" Last 60 Days======

4/24/2010 2:40:13 AM 188 C:\Documents and Settings\All Users\Application Data\ATI
4/24/2010 2:40:13 AM 188 C:\Documents and Settings\All Users\Application Data\ATI\ACE
4/2/2010 12:12:05 AM 4090359 C:\Documents and Settings\All Users\Application Data\DivX
4/2/2010 12:15:13 AM 56969 C:\Documents and Settings\All Users\Application Data\DivX\ASPEncoder
4/2/2010 12:16:57 AM 57409 C:\Documents and Settings\All Users\Application Data\DivX\ControlPanel
4/2/2010 12:17:13 AM 54128 C:\Documents and Settings\All Users\Application Data\DivX\Converter
4/2/2010 12:17:15 AM 54153 C:\Documents and Settings\All Users\Application Data\DivX\DFXPlugin
4/2/2010 12:18:37 AM 1058400 C:\Documents and Settings\All Users\Application Data\DivX\DivX7
4/2/2010 12:18:37 AM 529200 C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Converter
4/2/2010 12:18:37 AM 529200 C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters
4/2/2010 12:17:19 AM 56458 C:\Documents and Settings\All Users\Application Data\DivX\DivXDecoderShortcut
4/2/2010 12:18:34 AM 56766 C:\Documents and Settings\All Users\Application Data\DivX\DivXPlusShortcuts
4/2/2010 12:17:18 AM 54174 C:\Documents and Settings\All Users\Application Data\DivX\DSAACDecoder
4/2/2010 12:17:22 AM 57532 C:\Documents and Settings\All Users\Application Data\DivX\DSASPDecoder
4/2/2010 12:17:25 AM 54166 C:\Documents and Settings\All Users\Application Data\DivX\DSAVCDecoder
4/2/2010 12:17:26 AM 57054 C:\Documents and Settings\All Users\Application Data\DivX\DSDesktopComponents
4/2/2010 12:17:00 AM 54101 C:\Documents and Settings\All Users\Application Data\DivX\MPEG2Plugin
4/2/2010 12:16:55 AM 52963 C:\Documents and Settings\All Users\Application Data\DivX\MSVC80CRTRedist
4/2/2010 12:18:16 AM 57677 C:\Documents and Settings\All Users\Application Data\DivX\Player
4/2/2010 12:15:25 AM 54073 C:\Documents and Settings\All Users\Application Data\DivX\Qt4.5
4/2/2010 12:12:05 AM 2005094 C:\Documents and Settings\All Users\Application Data\DivX\Setup
4/2/2010 12:12:14 AM 73637 C:\Documents and Settings\All Users\Application Data\DivX\Setup\DefaultBanner
4/2/2010 12:12:16 AM 21000 C:\Documents and Settings\All Users\Application Data\DivX\Setup\EULAs
4/2/2010 12:12:16 AM 21000 C:\Documents and Settings\All Users\Application Data\DivX\Setup\EULAs\consumer
4/2/2010 12:17:10 AM 54629 C:\Documents and Settings\All Users\Application Data\DivX\TranscodeEngine
4/2/2010 12:17:35 AM 84035 C:\Documents and Settings\All Users\Application Data\DivX\TransferWizard
4/2/2010 12:18:18 AM 53600 C:\Documents and Settings\All Users\Application Data\DivX\Update
4/2/2010 12:18:28 AM 56978 C:\Documents and Settings\All Users\Application Data\DivX\WebPlayer
3/9/2010 7:27:56 PM 2704210 C:\Documents and Settings\All Users\Application Data\Raxco
3/9/2010 7:27:56 PM 2704210 C:\Documents and Settings\All Users\Application Data\Raxco\PerfectDisk
3/9/2010 7:27:56 PM 2704210 C:\Documents and Settings\All Users\Application Data\Raxco\PerfectDisk\11.0
3/30/2010 5:36:41 PM 541387 C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
3/30/2010 5:37:54 PM 541387 C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86
4/27/2010 9:05:03 PM 133968 C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86

====== HKLM\~\ShellServiceObjectDelayLoad======

PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\shell32.dll

CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %Systemroot%\system32\webcheck.dll

SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - %systemroot%\system32\stobject.dll

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll


====== HKLM\~\SharedTaskScheduler======

Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\system32\browseui.dll

Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll

======HKLM\~\msconfig\startupreg======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service
HKLM\Software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKLM\Software\microsoft\shared tools\msconfig\startupreg\AOLDialer
HKLM\Software\microsoft\shared tools\msconfig\startupreg\CTSysVol
HKLM\Software\microsoft\shared tools\msconfig\startupreg\DivXUpdate
HKLM\Software\microsoft\shared tools\msconfig\startupreg\DMXLauncher
HKLM\Software\microsoft\shared tools\msconfig\startupreg\ehTray
HKLM\Software\microsoft\shared tools\msconfig\startupreg\HostManager
HKLM\Software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKLM\Software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
HKLM\Software\microsoft\shared tools\msconfig\startupreg\P17Helper
HKLM\Software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKLM\Software\microsoft\shared tools\msconfig\startupreg\StartCCC
HKLM\Software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKLM\Software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe
HKLM\Software\microsoft\shared tools\msconfig\startupreg\UpdReg

====== Services ( Services that are Whitelisted are not shown) ======

adfs (adfs)- C:\WINDOWS\system32\drivers\adfs.sys - Auto/Running
bvrp_pci (bvrp_pci)- - Manual/Stopped
cpudrv (cpudrv)- \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys - Manual/Stopped
cpuz126 (cpuz126)- \??\C:\DOCUME~1\Graham\LOCALS~1\Temp\cpuz.sys - Manual/Stopped
ctsfm2k (Creative SoundFont Management Device Driver)- C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys - Manual/Running
DLABOIOM (DLABOIOM)- C:\WINDOWS\system32\DLA\DLABOIOM.SYS - Auto/Running
DLACDBHM (DLACDBHM)- C:\WINDOWS\system32\Drivers\DLACDBHM.SYS - System/Running
DLADResN (DLADResN)- C:\WINDOWS\system32\DLA\DLADResN.SYS - Auto/Running
DLAIFS_M (DLAIFS_M)- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS - Auto/Running
DLAOPIOM (DLAOPIOM)- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS - Auto/Running
DLAPoolM (DLAPoolM)- C:\WINDOWS\system32\DLA\DLAPoolM.SYS - Auto/Running
DLARTL_N (DLARTL_N)- C:\WINDOWS\system32\Drivers\DLARTL_N.SYS - System/Running
DLAUDFAM (DLAUDFAM)- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS - Auto/Running
DLAUDF_M (DLAUDF_M)- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS - Auto/Running
drvmcdb (drvmcdb)- C:\WINDOWS\system32\Drivers\DRVMCDB.SYS - Boot/Running
drvnddm (drvnddm)- C:\WINDOWS\system32\Drivers\DRVNDDM.SYS - Auto/Running
DSproct (DSproct)- \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys - Manual/Stopped
dsunidrv (DellSupport UniDriver)- C:\WINDOWS\system32\DRIVERS\dsunidrv.sys - Auto/Running
E100B (Intel® PRO Adapter Driver)- C:\WINDOWS\system32\DRIVERS\e100b325.sys - Manual/Stopped
e1express (Intel® PRO/1000 PCI Express Network Connection Driver)- C:\WINDOWS\system32\DRIVERS\e1e5132.sys - Manual/Running
GcKernel (Microsoft SideWinder Value Add - Filter Driver)- C:\WINDOWS\system32\DRIVERS\GcKernel.sys - Manual/Stopped
GTNDIS5 (GTNDIS5 NDIS Protocol Driver)- \??\C:\WINDOWS\system32\GTNDIS5.SYS - Manual/Stopped
hamachi_oem (PlayLinc Adapter)- C:\WINDOWS\system32\DRIVERS\gan_adapter.sys - Manual/Stopped
HIDSwvd (Microsoft SideWinder Virtual HID Device Mini-Driver)- C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys - Manual/Stopped
iastor (Intel AHCI Controller)- C:\WINDOWS\system32\drivers\iastor.sys - Boot/Running
MBAMSwissArmy (MBAMSwissArmy)- \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys - Manual/Stopped
MHNDRV (MHN driver)- C:\WINDOWS\system32\DRIVERS\mhndrv.sys - Manual/Stopped
motmodem (Motorola USB CDC ACM Driver)- C:\WINDOWS\system32\DRIVERS\motmodem.sys - Manual/Stopped
MpFilter (Microsoft Malware Protection Driver)- C:\WINDOWS\system32\DRIVERS\MpFilter.sys - System/Running
ndiscm (Motorola SURFboard USB Cable Modem Windows Driver)- C:\WINDOWS\system32\DRIVERS\NetMotCM.sys - Manual/Stopped
ossrv (Creative OS Services Driver)- C:\WINDOWS\system32\DRIVERS\ctoss2k.sys - Manual/Running
P2k (Motorola USB Device)- C:\WINDOWS\system32\DRIVERS\P2k.sys - Manual/Stopped
RT73 (Linksys Home Wireless-G USB Adapter Driver)- C:\WINDOWS\system32\DRIVERS\rt73.sys - Manual/Running
sfdrv01 (StarForce Protection Environment Driver (version 1.x))- C:\WINDOWS\system32\drivers\sfdrv01.sys - Boot/Running
sfhlp02 (StarForce Protection Helper Driver (version 2.x))- C:\WINDOWS\system32\drivers\sfhlp02.sys - Boot/Running
sfsync02 (StarForce Protection Synchronization Driver (version 2.x))- C:\WINDOWS\system32\drivers\sfsync02.sys - Boot/Running
sfsync03 (StarForce Protection Synchronization Driver (version 3.x))- C:\WINDOWS\system32\drivers\sfsync03.sys - Boot/Running
sfvfs02 (StarForce Protection VFS Driver (version 2.x))- C:\WINDOWS\system32\drivers\sfvfs02.sys - Boot/Running
snapman (Acronis Snapshots Manager)- C:\WINDOWS\system32\DRIVERS\snapman.sys - Boot/Running
SysProtDrv.sys (SysProtDrv.sys)- \??\C:\Documents and Settings\Graham\Desktop\Alureon.G\SysProt\SysProtDrv.sys - Manual/Stopped
Tcpip6 (Microsoft IPv6 Protocol Driver)- C:\WINDOWS\system32\DRIVERS\tcpip6.sys - System/Running
tdrpman (Acronis Try&Decide and Restore Points filter)- C:\WINDOWS\system32\DRIVERS\tdrpman.sys - Boot/Running
TIEHDUSB (TIEHDUSB)- C:\WINDOWS\system32\drivers\tiehdusb.sys - Manual/Stopped
tifsfilter (Acronis True Image FS Filter)- C:\WINDOWS\system32\DRIVERS\tifsfilt.sys - Auto/Running
timounter (Acronis True Image Backup Archive Explorer)- C:\WINDOWS\system32\DRIVERS\timntr.sys - Boot/Running
tunmp (Microsoft Tun Miniport Adapter Driver)- C:\WINDOWS\system32\DRIVERS\tunmp.sys - Manual/Running
TVICHW32 (TVICHW32)- \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS - Manual/Stopped
USBAAPL (Apple Mobile USB Driver)- C:\WINDOWS\system32\Drivers\usbaapl.sys - Manual/Stopped
usbser (Motorola USB Modem Driver)- C:\WINDOWS\system32\DRIVERS\usbser.sys - Manual/Stopped
USB_RNDIS (USB Remote NDIS Network Device Driver)- C:\WINDOWS\system32\DRIVERS\usb8023.sys - Manual/Stopped
wanatw (WAN Miniport (ATW))- C:\WINDOWS\system32\DRIVERS\wanatw4.sys - Manual/Running
Wdf01000 (Wdf01000)- C:\WINDOWS\system32\DRIVERS\Wdf01000.sys - Manual/Running
xusb21 (Xbox 360 Wireless Receiver Driver Service 21)- C:\WINDOWS\system32\DRIVERS\xusb21.sys - Manual/Running

====== Uninstall List ======

A file named 'UNI.txt' was created and saved to
FileListers default location. Post the results if requested.

======== Other Info ========

TOTAL PHYSICAL RAM: 3756 MB

Boot Info

[boot loader]
timeout=3
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

OS Type: Microsoft Windows XP Professional
Build: 5.1.2600
Service Pack: 3.0

====== Files with Hidden Attributes======

A file named 'Hidden.txt' was created and saved to
FileListers default location. Post the results if requested.

==End of Report==



I am unable to logon to the Recovery Console, I get the error 0x0000007B, as pictured below:

Posted Image
  • 0

#68
hammerman
Posted 02 May 2010 - 04:49 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
c:\docume~1\Graham\LOCALS~1\Temp\cpuz.sys

Folder::

Registry::

Driver::
cpuz126


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Please try running another MBAM scan.
  • 0

#69
hammerman
Posted 02 May 2010 - 05:56 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Please ignore the instructions in my last post. The errors you are getting point to a problem with your file system or hard drive. I suggest you backup all the data on your system and then reformat and reinstall. You will find an excellent guide here that will help you. Please let me know if you need any assistance.
  • 0

#70
K1500
Posted 02 May 2010 - 06:31 PM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Well, I'm not sure if I want to go that far! Plus, I don't think I have everything I'd need to reinstall everything. I think I'll just have to relegate to running MBAM in safe mode on occasion. :) Thank you so much for the endless assistance in trying to get to the bottom of the problem! :)
  • 0

Advertisements

#71
hammerman
Posted 04 May 2010 - 12:19 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
OK - I understand. I do recommend though that you backup your data.

Can you do the step in post #68 and then we'll have a tidy up.
  • 0

#72
K1500
Posted 04 May 2010 - 08:20 AM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
ComboFix 10-05-03.05 - Graham 05/04/2010 7:17.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2909 [GMT -5:00]
Running from: c:\documents and settings\Graham\Desktop\Alureon.G\ComboFix.exe
Command switches used :: c:\documents and settings\Graham\Desktop\Alureon.G\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FILE ::
"c:\docume~1\Graham\LOCALS~1\Temp\cpuz.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CPUZ126
-------\Service_cpuz126


((((((((((((((((((((((((( Files Created from 2010-04-04 to 2010-05-04 )))))))))))))))))))))))))))))))
.

2010-05-03 22:29 . 2010-05-03 22:29 -------- d-----w- c:\program files\SimBin
2010-05-03 21:26 . 2010-05-03 21:35 -------- d-----w- c:\documents and settings\All Users\Application Data\X-Setup Pro
2010-05-03 21:26 . 2010-05-03 21:26 -------- d-----w- c:\documents and settings\Graham\Application Data\X-Setup Pro
2010-04-28 22:26 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-04-28 22:26 . 2001-08-18 03:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-04-28 22:26 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-04-28 22:26 . 2001-08-18 03:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-04-28 22:26 . 2001-08-18 03:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-04-28 22:25 . 2001-08-18 03:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2010-04-28 22:25 . 2001-08-17 17:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-04-28 22:25 . 2004-08-04 03:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-04-28 22:25 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-04-28 22:25 . 2004-08-04 03:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-04-28 22:25 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2010-04-28 22:25 . 2008-04-13 18:36 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-04-28 22:25 . 2004-08-04 03:31 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-04-28 22:25 . 2001-08-17 17:12 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-04-28 22:25 . 2001-08-17 18:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2010-04-28 22:23 . 2001-08-17 18:49 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2010-04-28 22:22 . 2001-08-18 03:36 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2010-04-28 22:21 . 2001-08-17 17:12 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
2010-04-28 22:20 . 2001-08-17 17:50 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2010-04-28 22:19 . 2001-08-18 03:36 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-04-28 22:18 . 2001-08-17 17:12 24576 ----a-w- c:\windows\system32\dllcache\smc8000n.sys
2010-04-28 22:17 . 2001-08-17 17:50 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2010-04-28 22:16 . 2008-04-13 18:40 43904 ----a-w- c:\windows\system32\dllcache\sbp2port.sys
2010-04-28 22:15 . 2001-08-17 17:12 19017 ----a-w- c:\windows\system32\dllcache\rtl8029.sys
2010-04-28 22:14 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\dllcache\ptpusb.dll
2010-04-28 22:13 . 2001-08-17 17:11 30282 ----a-w- c:\windows\system32\dllcache\pcntn5hl.sys
2010-04-28 22:12 . 2001-08-17 17:12 27209 ----a-w- c:\windows\system32\dllcache\otc06x5.sys
2010-04-28 22:11 . 2001-08-17 17:50 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys
2010-04-28 22:10 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2010-04-28 22:10 . 2008-04-13 18:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2010-04-28 22:10 . 2001-08-17 18:48 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-04-28 22:10 . 2001-08-17 19:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-04-28 22:10 . 2008-04-13 18:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2010-04-28 22:10 . 2004-08-10 10:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2010-04-28 22:10 . 2001-08-17 19:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2010-04-28 22:10 . 2001-08-17 18:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2010-04-28 22:10 . 2008-04-13 18:46 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2010-04-28 22:10 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2010-04-28 22:08 . 2004-08-04 03:41 420992 ----a-w- c:\windows\system32\dllcache\ltmdmntt.sys
2010-04-28 22:07 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2010-04-28 22:06 . 2001-08-18 03:36 372824 ----a-w- c:\windows\system32\dllcache\iconf32.dll
2010-04-28 22:05 . 2001-08-17 18:28 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys
2010-04-28 22:04 . 2001-08-18 03:36 93696 ----a-w- c:\windows\system32\dllcache\hpgt42.dll
2010-04-28 22:03 . 2001-08-17 17:15 455296 ----a-w- c:\windows\system32\dllcache\fusbbase.sys
2010-04-28 22:02 . 2001-08-17 18:28 594238 ----a-w- c:\windows\system32\dllcache\es56hpi.sys
2010-04-28 22:01 . 2001-08-17 17:10 55999 ----a-w- c:\windows\system32\dllcache\el556nd5.sys
2010-04-28 22:00 . 2001-08-18 03:36 419357 ----a-w- c:\windows\system32\dllcache\dgconfig.dll
2010-04-28 21:59 . 2004-08-10 10:00 18944 ----a-w- c:\windows\system32\dllcache\cprofile.exe
2010-04-28 21:58 . 2004-08-10 10:00 6656 ----a-w- c:\windows\system32\dllcache\c_is2022.dll
2010-04-28 21:57 . 2001-08-17 17:11 54271 ----a-w- c:\windows\system32\dllcache\bcm42xx5.sys
2010-04-28 21:56 . 2001-08-17 17:19 553984 ----a-w- c:\windows\system32\dllcache\adm8820.sys
2010-04-28 21:55 . 2001-08-17 19:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-04-28 21:03 . 2010-04-28 21:03 -------- d-----w- c:\documents and settings\Graham\AdobeLicensingFilesBackup
2010-04-28 06:04 . 2010-04-28 06:04 -------- d-----w- c:\program files\BitTorrent
2010-04-28 02:04 . 2010-04-28 02:05 -------- d-----w- c:\program files\iTunes
2010-04-28 01:58 . 2010-04-28 01:58 -------- d-----w- c:\program files\Bonjour
2010-04-24 07:40 . 2010-04-24 07:40 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-04-20 23:40 . 2010-04-20 23:40 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-04-18 17:54 . 2010-04-27 12:31 -------- d-----w- c:\documents and settings\Graham\Application Data\GHISLER
2010-04-18 17:54 . 2009-09-24 12:50 545 ----a-w- c:\windows\UC.PIF
2010-04-18 17:54 . 2009-09-24 12:50 545 ----a-w- c:\windows\RAR.PIF
2010-04-18 17:54 . 2009-09-24 12:50 545 ----a-w- c:\windows\PKZIP.PIF
2010-04-18 17:54 . 2009-09-24 12:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-04-18 17:54 . 2009-09-24 12:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-04-18 17:54 . 2009-09-24 12:50 545 ----a-w- c:\windows\LHA.PIF
2010-04-18 17:54 . 2009-09-24 12:50 545 ----a-w- c:\windows\ARJ.PIF
2010-04-18 17:46 . 2010-02-04 15:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-04-18 17:46 . 2010-02-04 15:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-04-18 17:46 . 2010-02-04 15:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-04-18 17:46 . 2010-02-04 15:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-04-16 01:02 . 2010-04-16 01:14 -------- d-----w- c:\program files\NirSoft
2010-04-13 22:52 . 2010-04-13 22:52 -------- d-----w- C:\Python31
2010-04-13 22:49 . 2010-04-13 22:49 -------- d-----w- C:\Python27
2010-04-12 20:33 . 2010-04-12 20:33 -------- d-----w- c:\program files\WhoCrashed
2010-04-12 18:26 . 2010-04-12 18:26 237320 ----a-w- c:\windows\system32\PDBoot.exe
2010-04-12 05:13 . 2010-03-29 20:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-12 05:13 . 2010-03-29 20:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-11 07:11 . 2010-04-12 05:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-11 03:44 . 2010-04-11 03:44 2291200 ----a-w- c:\windows\system32\python27.dll
2010-04-08 18:20 . 2010-04-08 18:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20 . 2010-04-08 18:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-04 12:33 . 2010-03-29 01:09 -------- d-----w- c:\program files\PeerBlock
2010-05-04 00:31 . 2007-10-13 04:23 -------- d-----w- c:\program files\Live for Speed S2 Modified
2010-05-04 00:14 . 2010-03-06 20:19 -------- d-----w- c:\program files\CCleaner
2010-05-03 03:30 . 2007-05-15 04:13 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-02 17:18 . 2006-12-06 22:51 -------- d-----w- c:\documents and settings\Graham\Application Data\BitTorrent
2010-05-01 04:10 . 2005-10-26 18:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-01 04:08 . 2005-10-26 19:00 -------- d-----w- c:\program files\Creative
2010-05-01 04:07 . 2007-11-18 06:48 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-05-01 04:07 . 2005-10-26 19:01 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-04-29 12:34 . 2005-11-01 03:26 37274 ----a-w- c:\documents and settings\Graham\Application Data\wklnhst.dat
2010-04-28 21:03 . 2006-12-28 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-04-28 02:04 . 2006-11-17 23:04 -------- d-----w- c:\program files\iPod
2010-04-28 02:04 . 2007-06-30 20:12 -------- d-----w- c:\program files\Common Files\Apple
2010-04-28 01:56 . 2010-04-28 01:56 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.11\SetupAdmin.exe
2010-04-23 06:49 . 2005-10-26 19:00 -------- d-----w- c:\program files\ATI Technologies
2010-04-21 02:07 . 2007-01-02 03:15 -------- d-----w- c:\documents and settings\Graham\Application Data\DivX
2010-04-20 23:40 . 2010-04-20 23:40 3584 ----a-r- c:\documents and settings\Graham\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-04-20 23:40 . 2009-11-13 01:23 -------- d-----w- c:\program files\MSECACHE
2010-04-19 21:25 . 2009-10-15 22:22 -------- d-----w- c:\program files\SystemRequirementsLab
2010-04-19 21:24 . 2010-04-19 21:24 84480 ----a-w- c:\documents and settings\Graham\Application Data\SystemRequirementsLab\srlproxy_intel_4.1.66.0A.dll
2010-04-19 21:24 . 2009-10-15 22:22 -------- d-----w- c:\documents and settings\Graham\Application Data\SystemRequirementsLab
2010-04-18 14:55 . 2005-11-10 03:15 -------- d-----w- c:\program files\NovaLogic
2010-04-13 20:53 . 2007-03-28 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-07 20:28 . 2010-04-13 20:44 253952 ----a-w- c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]\plugins\npCoralIETab.dll
2010-04-02 05:18 . 2010-04-02 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-04-02 05:18 . 2010-04-02 05:18 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-02 05:18 . 2007-01-02 02:54 -------- d-----w- c:\program files\DivX
2010-04-02 05:18 . 2010-04-02 05:18 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-04-02 05:18 . 2010-04-02 05:18 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-04-02 05:18 . 2010-04-02 05:18 57677 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-04-02 05:17 . 2010-04-02 05:17 84035 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-04-02 05:17 . 2010-04-02 05:17 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-04-02 05:17 . 2010-04-02 05:17 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-04-02 05:17 . 2010-04-02 05:17 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-04-02 05:17 . 2010-04-02 05:17 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-04-02 05:17 . 2010-04-02 05:17 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-04-02 05:17 . 2010-04-02 05:17 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-04-02 05:17 . 2010-04-02 05:17 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-04-02 05:17 . 2010-04-02 05:17 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-04-02 05:17 . 2010-04-02 05:17 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-04-02 05:16 . 2010-04-02 05:16 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-04-02 05:16 . 2010-04-02 05:16 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-02 05:15 . 2010-04-02 05:15 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-04-02 05:15 . 2010-04-02 05:15 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-04-02 05:15 . 2009-09-01 11:34 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-02 05:12 . 2010-04-02 05:18 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-04-02 05:11 . 2010-04-02 05:18 986904 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-03-31 03:00 . 2010-03-31 03:00 -------- d-----w- c:\program files\Common Files\Java
2010-03-31 02:59 . 2008-11-22 01:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-30 23:30 . 2010-03-30 23:30 11024 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2010-03-30 23:30 . 2007-01-15 01:33 3494576 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-03-30 23:29 . 2010-03-30 23:29 15607 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2010-03-30 22:37 . 2010-03-30 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-03-30 22:33 . 2006-01-27 03:53 -------- d-----w- c:\program files\QuickTime
2010-03-29 01:33 . 2010-03-29 01:33 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-29 01:32 . 2006-03-03 02:43 -------- d-----w- c:\program files\Google
2010-03-29 01:09 . 2008-10-25 22:44 -------- d-----w- c:\program files\PeerGuardian2
2010-03-27 17:57 . 2007-10-08 23:36 -------- d-----w- c:\program files\Live for Speed S2
2010-03-26 15:33 . 2010-04-28 05:33 1496064 ----a-w- c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 15:33 . 2010-04-28 05:33 43008 ----a-w- c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 15:33 . 2010-04-28 05:33 339456 ----a-w- c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 15:32 . 2010-04-28 05:33 346112 ----a-w- c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-21 05:43 . 2010-03-21 05:43 2137600 ----a-w- c:\windows\system32\python31.dll
2010-03-10 05:07 . 2009-10-22 23:57 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-03-10 00:27 . 2010-03-10 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2010-03-10 00:27 . 2010-01-27 02:58 -------- d-----w- c:\program files\Raxco
2010-03-09 11:09 . 2004-08-19 20:49 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-26 05:43 . 2004-08-19 20:49 667136 ------w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2004-08-19 20:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 15:16 . 2009-10-03 19:56 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 13:11 . 2005-10-26 18:34 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-16 14:08 . 2004-08-19 20:49 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 03:59 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-19 20:49 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-19 20:49 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-11 07:38 . 2010-04-30 23:37 3565056 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-02-11 05:17 . 2010-04-30 23:37 11845632 ----a-w- c:\windows\system32\atioglxx.dll
2010-02-11 05:07 . 2010-04-30 23:37 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2010-02-11 04:46 . 2007-03-15 01:58 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-02-11 04:45 . 2010-04-30 23:37 325120 ----a-w- c:\windows\system32\ati2dvag.dll
2010-02-11 04:45 . 2007-07-28 03:30 325120 ----a-w- c:\windows\system32\ati2dvag.dll.tmp
2010-02-11 04:37 . 2007-09-29 02:47 290816 ----a-w- c:\windows\system32\atiok3x2.dll
2010-02-11 04:36 . 2010-04-30 23:37 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2010-02-11 04:35 . 2010-04-30 23:37 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-02-11 04:35 . 2010-04-30 23:37 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-02-11 04:35 . 2010-04-30 23:37 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-02-11 04:35 . 2010-04-30 23:37 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2010-02-11 04:33 . 2010-04-30 23:37 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-02-11 04:32 . 2010-04-30 23:37 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-02-11 04:25 . 2010-04-30 23:37 3818144 ----a-w- c:\windows\system32\ati3duag.dll
2010-02-11 04:25 . 2005-10-26 18:35 3818144 ----a-w- c:\windows\system32\ati3duag.dll.tmp
2010-02-11 04:23 . 2010-02-11 04:23 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-02-11 04:22 . 2010-02-11 04:22 45056 ----a-w- c:\windows\system32\aticalcl.dll
2008-03-29 20:18 . 2005-10-28 04:27 3558 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-03-09 1738352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-24 142120]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"P17Helper"="P17.dll" [2005-05-04 64512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Auto Detect.lnk - c:\program files\iConcepts Music Express\MEAutoDetect.exe [2007-9-22 270336]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-10-26 24576]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-06-10 08:57 136472 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-06-10 09:02 904840 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\acs\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2003-09-17 15:43 57344 ----a-w- c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2007-04-02 10:24 113400 ----a-w- c:\program files\Sonic\Product\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 19:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2009-07-20 19:52 41264 ----a-w- c:\program files\Common Files\AOL\1130467576\EE\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2005-05-04 00:38 64512 ----a-w- c:\windows\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-11 04:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 16:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2009-06-10 08:55 1326080 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2 (0x2)
"usnjsvc"=3 (0x3)
"WUSB54GCSVC"=3 (0x3)
"wlidsvc"=2 (0x2)
"Roxio Upnp Server 9"=3 (0x3)
"Roxio UPnP Renderer 9"=3 (0x3)
"Pml Driver HPZ12"=3 (0x3)
"idsvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"DSBrokerService"=3 (0x3)
"Creative Service for CDROM Access"=3 (0x3)
"BcmSqlStartupSvc"=2 (0x2)
"AOL ACS"=3 (0x3)
"AcrSch2Svc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1130467576\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\1130467576\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1130467576\\EE\\aim6.exe"=
"c:\\WINDOWS\\kdx\\khost.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Terminal Reality\\4x4 Evo2\\4x42.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Live for Speed S2\\LFS.exe"=
"c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"= c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:192.168.1.1/255.255.255.255:Disabled:Adobe CSI CS4
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"f:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"=
"c:\\Program Files\\AOL 9.6\\waol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"3689:TCP"= 3689:TCP:iPhone 3G Remote
"5353:TCP"= 5353:TCP:iPhone 3G Remote
"8889:TCP"= 8889:TCP:iPhone

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [12/6/2005 10:11 AM 35328]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/21/2007 8:45 PM 682232]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [4/9/2010 6:53 PM 18544]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [10/19/2006 10:45 AM 10664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/12/2010 12:13 AM 38224]
S3 SysProtDrv.sys;SysProtDrv.sys;c:\documents and settings\Graham\Desktop\Alureon.G\SysProt\SysProtDrv.sys [4/10/2010 6:27 PM 44288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2010-05-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2007-04-05 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2006-11-22 01:09]

2010-05-03 c:\windows\Tasks\{5A946781-7F50-46F7-B9B9-3B43599481E3}_XPS400_Graham.job
- c:\windows\system32\mobsync.exe [2004-08-19 00:12]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 64.34.161.90:80
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Save with Download Manager... - c:\program files\J River\Media Jukebox\DMDownload.htm
Trusted Zone: musicmatch.com\online
TCP: {2F69DF63-90DE-4818-A569-A6BCFA5464FD} = 24.177.176.38,24.197.160.18
FF - ProfilePath - c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: network.proxy.ftp - 64.90.179.108
FF - prefs.js: network.proxy.gopher - 64.90.179.108
FF - prefs.js: network.proxy.socks - 64.90.179.108
FF - prefs.js: network.proxy.ssl - 64.90.179.108
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]\plugins\npCoralIETab.dll
FF - plugin: c:\documents and settings\Graham\Application Data\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-04 07:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\MPInstrumentation\client_manifest.txt 60 bytes
c:\windows\TEMP\MPInstrumentation\watson_manifest.txt 816 bytes

scan completed successfully
hidden files: 2

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys sfsync03.sys hal.dll sfsync02.sys >>UNKNOWN [0x8B8DD1E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e7fcb8
\Driver\atapi -> sfsync03.sys @ 0xba0d995c
\Driver\iaStor -> sfsync03.sys @ 0xba0d995c
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-855771979-2752217130-3050068086-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1292)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1348)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(1476)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Raxco\PerfectDisk10\PDEngine.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2010-05-04 07:38:53 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-04 12:38
ComboFix2.txt 2010-05-01 18:14
ComboFix3.txt 2010-04-02 11:36
ComboFix4.txt 2010-04-01 22:07

Pre-Run: 10,301,194,240 bytes free
Post-Run: 10,265,489,408 bytes free

- - End Of File - - 9EF377F655797E71BC3F415A8E81A09F
  • 0

#73
hammerman
Posted 04 May 2010 - 08:33 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Let's remove the tools we've been using. Please follow these steps.

-- Step 1 --

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image
-- Step 2 --
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
-- Step 3 --

Please delete SystemLook, GMER, FileLister, maxlook and any logs created.

I recommend you update to Internet Explorer 8.


Here are some measures you can take to ensure that your computer remains clean.

1. Updates

Windows Updates

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. It is recommended that you set Windows to check, download and install your updates automatically.

  • Click Start
  • Select Control Panel
  • Click on Automatic (recommended)
  • Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
  • Click Apply then OK.
Java Updates

As with Windows, Java also needs to be regularly updated to fix security vulnerabilites. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.

  • Click Start
  • Select Control Panel
  • Select Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
Adobe Updates

You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. You can download the latest reader and updates from here.

Other Updates

Regularly check for updates for all your security programs including firewall, antivirus, antispyware etc

2. Security Programs

Here is a list of security programs that I would recommend.

Firewall

A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.

Zone Alarm is an excellent free basic firewall which is very easy to use.
Online-Armor Free is a more advanced firewall which includes a Host Intrusion Protection System (HIPS). This ensures that unrecognised programs will not run unless you give permission.

Antivirus

An antivirus program is essential. The following antivirus programs are free for personal use. Do not use more than one antivirus and always update virus definitions regularly.

AVG
Avira Free
Avast

Anti-Malware

Malwarebytes Anti-Malware MBAM is an excellent anti-malware tool that should be updated and a Quick Scan performed regularly. A Full Scan does not have to be carried out on such a regular basis as the developers aim to detect the vast majority of malware with the Quick Scan. The scanner is free for on-demand scans only.

Ad-Aware, Spybot, SuperAntispyware and A-Squared Free are also very good anti-malware programs that are free for on-demand scans. Spybot has a real-time protection feature called TeaTimer.

Prevention

SpywareBlaster is an excellent free tool for preventing the installation of spyware.
SpywareGuard offers real-time protection so that spyware is detected and blocked before it can do any harm.

Cleaner

ATF Cleaner removes temporary Internet Explorer, Firefox and Windows files.

Browser

Firefox is an alternative browser to Internet Explorer and is more secure.
NoScript is an add-on for Firefox and prevents execution of malicious scripts.
MVPS is a HOSTS file to replace your existing file. This prevents you connecting to a list of well-known ad sites.
  • 0

#74
K1500
Posted 05 May 2010 - 07:00 PM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Alright, thanks once again for all of your assistance! I greatly appreciate it, hammerman! :)

BTW, is it that necessary to install IE8? I'm a devout Firefox user and have IE uninstalled all the way down to the core IE6 files required by XP, and it never gets used unless a program happens to open it for updates or such.

Edited by K1500, 05 May 2010 - 07:01 PM.

  • 0

#75
hammerman
Posted 06 May 2010 - 01:58 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
You should be OK if you use Firefox instead of IE.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP