TechSpot

Win32/zbot.g virus on computer - can't update Windows

By rockyrob
Aug 4, 2011
  1. Hi.

    I've been working my computer scanning software for the past 2 days to try and remove the zbot.g virus from my computer.

    It started after having Google re-direct my clicked web pages, then within minutes I could not access any spyware/AV software apart from Malwarebytes Anti-Malware, which found some issues and that gave me access to the run the other spyware/AV programmes.

    AVG picked up some 2000+ infections all around my computer.
    I cleaned it out using CCleaner and I lost a lot of software in the process (all re-loaded again through).
    I have ran the ESET scanner which picked up just a handful of issues, but that was all cleared.
    I downloaded the Windows Safety Scanner and let it run this morning and it picked up some 4400+ infections, but the majority was within the c:\System Volume Information\_restore folder

    I've re-ran it again and it seems to be clear (for now).

    Now the Windows icon pop up on the task bar saying that the Automatic Updates is turned off. Going into the Control Panel, it's saying that Automatic Updates are actually switched on.
    I've tried running the Windows Update manually (finding it on the Microsoft website) but it comes up with the Error number: 0x80070424.

    I am also getting up can't find '?square icon' in the registry when I start up the computer.



    Here are my logs as requested.


    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7377

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    04/08/2011 18:37:38
    mbam-log-2011-08-04 (18-37-38).txt

    Scan type: Quick scan
    Objects scanned: 196090
    Time elapsed: 9 minute(s), 25 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  2. rockyrob

    rockyrob TS Rookie Topic Starter Posts: 21

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-08-04 19:33:34
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST332063 rev.3.AD
    Running: y0ud715w.exe; Driver: C:\DOCUME~1\Robin\LOCALS~1\Temp\pxtdypod.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  3. rockyrob

    rockyrob TS Rookie Topic Starter Posts: 21

    My computer shut itself down on the first attempt of this programme

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0
    Run by Robin at 19:55:44 on 2011-08-04
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.450 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\msiexec.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.google.co.uk/
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:43902
    uSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\documents and settings\robin\local settings\application data\ygpafppq\hmempsyh.exe,
    uWindows: load=?
    uWindows: Run=?
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [Google Update] "c:\documents and settings\robin\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
    mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\robin\startm~1\programs\access~1\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
    IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193693666062
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193693595625
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
    R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2009-8-5 8576]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-8 54752]
    R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-1-12 13696]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-1-12 13568]
    R3 avera800;AVerMedia DVB-T BDA Video Capture(A800);c:\windows\system32\drivers\avera800.sys [2006-10-25 41600]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-22 135664]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-13 1025352]
    S3 DellBIOS;DellBIOS;\??\c:\docume~1\robin\locals~1\temp\dellbios.sys --> c:\docume~1\robin\locals~1\temp\DellBIOS.Sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-22 135664]
    S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [2005-3-4 52384]
    S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\drivers\k600mdfl.sys [2005-3-4 6096]
    S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\drivers\k600mdm.sys [2005-3-4 87456]
    S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\drivers\k600mgmt.sys [2005-3-4 79248]
    S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\k600obex.sys [2005-3-4 77072]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-9 41272]
    S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2010-12-7 83208]
    S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2010-12-7 15112]
    S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2010-12-7 108680]
    S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2010-12-7 100488]
    S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2010-12-7 98568]
    S4 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
    S4 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088]
    .
    =============== File Associations ===============
    .
    JSEFile=NOTEPAD.EXE %1
    VBEFile=NOTEPAD.EXE %1
    VBSFile=NOTEPAD.EXE %1
    .
    =============== Created Last 30 ================
    .
    2011-08-04 16:00:54 -------- d-----w- c:\windows\system32\MpEngineStore
    2011-08-03 17:16:16 -------- d-----w- c:\documents and settings\all users\application data\AVG Security Toolbar
    2011-08-03 16:15:42 -------- d-----w- c:\documents and settings\robin\local settings\application data\WinZip
    2011-08-03 11:05:14 -------- d-----w- c:\program files\ESET
    2011-08-03 10:06:23 -------- dc-h--w- c:\windows\ie8
    2011-08-02 21:05:50 -------- d-----w- c:\program files\ATI
    2011-08-02 21:04:18 -------- d-----w- C:\ATI
    2011-08-02 19:56:14 -------- d-----w- c:\documents and settings\robin\local settings\application data\Sun
    2011-08-02 16:42:46 225280 ------w- c:\program files\common files\installshield\iscript\iscript.dll
    2011-08-02 16:42:45 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
    2011-08-02 16:42:45 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
    2011-08-02 16:42:45 176128 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
    2011-08-02 16:14:56 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
    2011-08-02 16:14:56 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
    2011-08-02 16:14:56 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
    2011-08-02 16:14:56 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
    2011-08-02 15:56:09 -------- d-----w- c:\documents and settings\all users\Uniblue
    2011-08-02 15:53:03 -------- d-----w- c:\documents and settings\robin\local settings\application data\OpenCandy
    2011-08-02 15:52:04 -------- d-----w- c:\documents and settings\robin\application data\OpenCandy
    2011-08-02 14:17:00 105472 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
    2011-08-02 14:05:17 611224 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    2011-08-02 14:05:14 544656 ----a-w- c:\windows\system32\deployJava1.dll
    2011-08-02 13:36:52 -------- d-----w- c:\documents and settings\robin\local settings\application data\uTorrent
    2011-08-02 13:16:50 -------- d-----w- c:\program files\FileHippo.com
    2011-08-01 14:21:11 -------- d-----w- c:\documents and settings\robin\local settings\application data\ygpafppq
    2011-07-25 08:56:52 -------- d-----w- c:\program files\BBC iPlayer Desktop
    2011-07-22 20:56:26 -------- d-----w- c:\documents and settings\robin\application data\uTorrent
    2011-07-11 10:13:20 3727360 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
    2011-07-08 15:34:00 -------- d-----w- c:\documents and settings\robin\application data\Wiva
    2011-07-08 15:34:00 -------- d-----w- c:\documents and settings\robin\application data\Alnyox
    .
    ==================== Find3M ====================
    .
    2011-08-02 14:16:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-08-02 14:16:34 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-08-02 14:04:36 128000 ----a-w- c:\windows\system32\javacpl.cpl
    2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-22 18:50:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2006-11-06 10:55:58 748344 ----a-w- c:\program files\Filemon.exe
    .
    ============= FINISH: 19:56:49.70 ===============
     
  4. rockyrob

    rockyrob TS Rookie Topic Starter Posts: 21

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 25/10/2006 19:54:07
    System Uptime: 04/08/2011 19:51:48 (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0WG855
    Processor: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz | Microprocessor | 2127/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 219 GiB total, 105.012 GiB free.
    D: is FIXED (NTFS) - 74 GiB total, 11.849 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
    Description: Nokia 6500c
    Device ID: ROOT\WPD\0000
    Manufacturer: Nokia
    Name: Nokia 6500c
    PNP Device ID: ROOT\WPD\0000
    Service: WUDFRd
    .
    ==== System Restore Points ===================
    .
    RP899: 06/05/2011 16:26:01 - System Checkpoint
    RP900: 07/05/2011 16:27:28 - System Checkpoint
    RP901: 08/05/2011 16:52:40 - System Checkpoint
    RP902: 08/05/2011 20:19:39 - Software Distribution Service 3.0
    RP903: 09/05/2011 20:21:54 - Installed Lyrics Plugin for Windows Media Player
    RP904: 10/05/2011 20:38:32 - System Checkpoint
    RP905: 11/05/2011 21:00:24 - Software Distribution Service 3.0
    RP906: 13/05/2011 20:07:47 - System Checkpoint
    RP907: 15/05/2011 11:48:06 - System Checkpoint
    RP908: 16/05/2011 17:07:13 - System Checkpoint
    RP909: 17/05/2011 17:37:04 - System Checkpoint
    RP910: 19/05/2011 12:26:17 - System Checkpoint
    RP911: 20/05/2011 20:16:28 - Installed Google SketchUp 8
    RP912: 20/05/2011 20:24:36 - Installed AVG 2011
    RP913: 20/05/2011 20:32:34 - Removed AVG 2011
    RP914: 21/05/2011 20:57:23 - System Checkpoint
    RP915: 25/05/2011 19:28:17 - System Checkpoint
    RP916: 26/05/2011 19:49:46 - System Checkpoint
    RP917: 28/05/2011 18:07:15 - System Checkpoint
    RP918: 29/05/2011 18:16:44 - System Checkpoint
    RP919: 06/06/2011 11:35:27 - System Checkpoint
    RP920: 07/06/2011 12:54:52 - System Checkpoint
    RP921: 08/06/2011 16:37:14 - System Checkpoint
    RP922: 09/06/2011 17:02:27 - System Checkpoint
    RP923: 10/06/2011 20:34:10 - System Checkpoint
    RP924: 12/06/2011 18:56:11 - System Checkpoint
    RP925: 13/06/2011 19:32:03 - System Checkpoint
    RP926: 14/06/2011 20:44:54 - Software Distribution Service 3.0
    RP927: 14/06/2011 21:01:45 - Software Distribution Service 3.0
    RP928: 15/06/2011 00:23:39 - Software Distribution Service 3.0
    RP929: 21/06/2011 21:12:59 - Logitech Webcam Software v12.10.1110
    RP930: 23/06/2011 12:27:43 - System Checkpoint
    RP931: 24/06/2011 12:48:44 - System Checkpoint
    RP932: 25/06/2011 19:36:35 - System Checkpoint
    RP933: 26/06/2011 19:47:35 - System Checkpoint
    RP934: 27/06/2011 20:08:51 - System Checkpoint
    RP935: 02/07/2011 12:39:24 - System Checkpoint
    RP936: 04/07/2011 12:27:09 - System Checkpoint
    RP937: 06/07/2011 16:45:33 - System Checkpoint
    RP938: 07/07/2011 17:23:55 - System Checkpoint
    RP939: 08/07/2011 17:38:04 - System Checkpoint
    RP940: 11/07/2011 09:41:37 - System Checkpoint
    RP941: 12/07/2011 19:24:15 - System Checkpoint
    RP942: 13/07/2011 20:14:10 - System Checkpoint
    RP943: 15/07/2011 13:17:00 - System Checkpoint
    RP944: 18/07/2011 18:26:45 - System Checkpoint
    RP945: 21/07/2011 10:01:36 - System Checkpoint
    RP946: 22/07/2011 19:08:16 - System Checkpoint
    RP947: 23/07/2011 19:29:25 - System Checkpoint
    RP948: 24/07/2011 20:22:34 - System Checkpoint
    RP949: 26/07/2011 12:23:30 - System Checkpoint
    RP950: 27/07/2011 17:55:58 - System Checkpoint
    RP951: 29/07/2011 12:32:45 - System Checkpoint
    RP952: 30/07/2011 21:16:22 - System Checkpoint
    RP953: 31/07/2011 21:56:56 - System Checkpoint
    RP954: 02/08/2011 11:38:07 - System Checkpoint
    RP955: 02/08/2011 15:04:31 - Installed Java(TM) 7
    RP956: 02/08/2011 16:49:55 - Installed WinZip 15.5
    RP957: 02/08/2011 17:18:28 - Removed Creative Audio Creation Mode console
    RP958: 02/08/2011 17:18:39 - Configured Engine Installer
    RP959: 02/08/2011 17:18:53 - Installed Creative Audio Creation Mode console
    RP960: 02/08/2011 17:19:27 - Removed Creative Console Launcher Component
    RP961: 02/08/2011 17:19:39 - Configured Engine Installer
    RP962: 02/08/2011 17:19:53 - Installed Creative Console Launcher Component
    RP963: 02/08/2011 17:20:32 - Removed Creative Audio Device Selection
    RP964: 02/08/2011 17:20:42 - Installed Creative Audio Device Selection
    RP965: 02/08/2011 17:20:59 - Installed Engine Installer
    RP966: 02/08/2011 17:21:18 - Installed Engine Installer
    RP967: 02/08/2011 17:21:52 - Removed Creative Entertainment Mode console
    RP968: 02/08/2011 17:22:10 - Installed Creative Entertainment Mode console
    RP969: 02/08/2011 17:22:29 - Removed Creative Console Launcher Component
    RP970: 02/08/2011 17:22:36 - Configured Engine Installer
    RP971: 02/08/2011 17:22:45 - Installed Creative Console Launcher Component
    RP972: 02/08/2011 17:23:20 - Removed Creative Audio Device Selection
    RP973: 02/08/2011 17:23:32 - Installed Creative Audio Device Selection
    RP974: 02/08/2011 17:23:43 - Installed Engine Installer
    RP975: 02/08/2011 17:24:03 - Removed Creative Game Mode console
    RP976: 02/08/2011 17:24:11 - Installed Creative Game Mode console
    RP977: 02/08/2011 17:24:27 - Removed Creative Console Launcher Component
    RP978: 02/08/2011 17:24:34 - Configured Engine Installer
    RP979: 02/08/2011 17:24:44 - Installed Creative Console Launcher Component
    RP980: 02/08/2011 17:25:18 - Removed Creative Audio Device Selection
    RP981: 02/08/2011 17:25:28 - Installed Creative Audio Device Selection
    RP982: 02/08/2011 17:25:38 - Installed Engine Installer
    RP983: 02/08/2011 17:25:58 - Removed Mode Switcher
    RP984: 02/08/2011 17:26:06 - Configured Engine Installer
    RP985: 02/08/2011 17:26:19 - Installed Mode Switcher
    RP986: 02/08/2011 17:26:29 - Removed Creative Audio Device Selection
    RP987: 02/08/2011 17:26:36 - Installed Creative Audio Device Selection
    RP988: 02/08/2011 17:26:46 - Installed Engine Installer
    RP989: 02/08/2011 17:26:59 - Removed Creative Audio Console
    RP990: 02/08/2011 17:27:08 - Installed Creative Audio Console
    RP991: 02/08/2011 17:27:21 - Removed Creative 3DMIDI Player
    RP992: 02/08/2011 17:27:33 - Installed Creative 3DMIDI Player
    RP993: 02/08/2011 17:28:15 - Removed Creative Diagnostics 4
    RP994: 02/08/2011 17:28:22 - Installed Creative Diagnostics 4
    RP995: 02/08/2011 17:28:39 - Removed Creative MediaSource DVD-Audio Player
    RP996: 02/08/2011 17:28:50 - Configured Engine Installer
    RP997: 02/08/2011 17:28:59 - Installed Creative MediaSource DVD-Audio Player
    RP998: 02/08/2011 17:29:18 - Installed Engine Installer
    RP999: 02/08/2011 17:29:38 - Removed Creative Speaker Connection Wizard
    RP1000: 02/08/2011 17:29:46 - Installed Creative Speaker Connection Wizard
    RP1001: 02/08/2011 17:29:58 - Removed THX Setup Console
    RP1002: 02/08/2011 17:30:15 - Installed THX Setup Console
    RP1003: 02/08/2011 17:30:27 - Removed SoundFont Bank Manager
    RP1004: 02/08/2011 17:30:35 - Installed SoundFont Bank Manager
    RP1005: 02/08/2011 17:30:46 - Removed Creative Karaoke Player
    RP1006: 02/08/2011 17:30:52 - Configured Engine Installer
    RP1007: 02/08/2011 17:31:00 - Installed Creative Karaoke Player
    RP1008: 02/08/2011 17:32:10 - Removed Creative Audio Device Selection
    RP1009: 02/08/2011 17:32:37 - Installed Creative Audio Device Selection
    RP1010: 02/08/2011 17:33:01 - Installed Engine Installer
    RP1011: 02/08/2011 17:33:55 - Removed Creative Smart Recorder
    RP1012: 02/08/2011 17:34:02 - Configured Engine Installer
    RP1013: 02/08/2011 17:34:14 - Installed Creative Smart Recorder
    RP1014: 02/08/2011 17:34:43 - Installed Engine Installer
    RP1015: 02/08/2011 17:35:09 - Removed Creative Vienna SoundFont Studio
    RP1016: 02/08/2011 17:35:17 - Installed Creative Vienna SoundFont Studio
    RP1017: 02/08/2011 17:35:33 - Removed Creative Volume Panel
    RP1018: 02/08/2011 17:35:40 - Configured Engine Installer
    RP1019: 02/08/2011 17:35:48 - Installed Creative Volume Panel
    RP1020: 02/08/2011 17:35:58 - Removed Creative Audio Device Selection
    RP1021: 02/08/2011 17:36:05 - Installed Creative Audio Device Selection
    RP1022: 02/08/2011 17:36:14 - Installed Engine Installer
    RP1023: 02/08/2011 17:36:27 - Removed Creative WaveStudio
    RP1024: 02/08/2011 17:36:45 - Installed Creative WaveStudio
    RP1025: 02/08/2011 17:36:58 - Removed X-Fi Splash
    RP1026: 02/08/2011 17:37:04 - Configured Engine Installer
    RP1027: 02/08/2011 17:37:14 - Installed X-Fi Splash
    RP1028: 02/08/2011 17:37:52 - Installed Engine Installer
    RP1029: 02/08/2011 17:38:12 - Removed On Screen Display
    RP1030: 02/08/2011 17:38:20 - Installed On Screen Display
    RP1031: 02/08/2011 17:43:05 - Configured Sound Blaster X-Fi
    RP1032: 02/08/2011 22:03:06 - Installed Engine Installer
    RP1033: 02/08/2011 22:04:18 - Installed Creative MediaSource
    RP1034: 02/08/2011 22:05:59 - Installed Creative MediaSource Detector
    RP1035: 02/08/2011 22:06:16 - Installed Creative MediaSource Player Skin Pack
    RP1036: 02/08/2011 22:06:58 - Installed Creative Music Store Plugin
    RP1037: 02/08/2011 22:07:32 - Installed Creative MediaSource
    RP1038: 02/08/2011 22:08:01 - Configured Engine Installer
    RP1039: 02/08/2011 22:08:08 - Installed Creative Music Store Plugin
    RP1040: 03/08/2011 10:27:20 - Installed Windows Media Player 11
    RP1041: 03/08/2011 10:32:25 - Installed Windows XP MSCompPackV1.
    RP1042: 03/08/2011 11:07:03 - Installed Windows Internet Explorer 8.
    RP1043: 03/08/2011 11:46:48 - Installed Microsoft Fix it 50686
    RP1044: 03/08/2011 12:00:53 - Installed Microsoft Fix it 50362
    .
    ==== Installed Programs ======================
    .
    .
    µTorrent
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Advertising Center
    Apple Application Support
    Apple Software Update
    ARTEuro
    ATI Catalyst Control Center
    ATI Catalyst Install Manager
    ATI Display Driver
    ATI Parental Control & Encoder
    AVerMedia DVB-T BDA Video Capture(A800)
    AVerTV 6.0
    AVG 2011
    AVG PC Tuneup 2011
    BBC iPlayer Desktop
    CapMan
    CCleaner
    Citrix XenApp Web Plugin
    Click to Call with Skype
    Creative MediaSource
    Creative MediaSource 5
    Date Cracker 2000
    Dell CinePlayer
    Dell Driver Download Manager
    Dell Driver Reset Tool
    Dell Network Assistant
    Dell Support Center
    Dell System Restore
    DivX Converter
    DivX Plus DirectShow Filters
    DivX Setup
    DivX Version Checker
    DolbyFiles
    DVD Flick
    ESET Online Scanner v3
    FileHippo.com Update Checker
    Foxit Reader 5.0
    GemMaster Mystic
    Google Chrome
    Google Earth Plug-in
    Google SketchUp 8
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.0 (KB932471)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB2443685)
    ieSpell
    Image Resizer Powertoy for Windows XP
    ImgBurn
    Intel(R) PRO Network Connections
    Intel® Matrix Storage Manager
    InterVideo DeviceService
    Java Auto Updater
    Java(TM) 6 Update 15
    Java(TM) 7
    Junk Mail filter update
    K-Lite Codec Pack 5.3.0 (Standard)
    Logitech Webcam Software
    Logitech Webcam Software Driver Package
    Lyrics Plugin for Windows Media Player
    Macromedia Flash Player
    Malwarebytes' Anti-Malware version 1.51.1.1800
    MCU
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Automated Troubleshooting Services Shim
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.3
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.9
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Windows XP Video Decoder Checkup Utility
    MSVC80_x86_v2
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB954459)
    Nero ControlCenter
    Nero Installer
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    OBD-DIAG V1.01.02
    PC Connectivity Solution
    Photo DVD Maker Professional 7.78
    Photo Story 3 for Windows
    Power MP3 Recorder Cutter, (ver 5.0)
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Rhapsody Player Engine
    Roxio DLA
    Roxio MyDVD LE
    Roxio RecordNow Audio
    Roxio RecordNow Copy
    Roxio RecordNow Data
    Roxio Update Manager
    Seagate Dashboard
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Media Encoder (KB2447961)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Segoe UI
    Skype™ 5.5
    Sonic Activation Module
    Sonic Advanced Decoder
    Sonic Encoders
    Sound Blaster X-Fi
    Spybot - Search & Destroy
    SpywareGuard v2.2
    Sweet Home 3D
    Tweak UI
    Ulead VideoStudio 11
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Outlook 2007 Junk Email Filter (KB2536413)
    Update for Windows Media Player 10 (KB910393)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB971029)
    VC80CRTRedist - 8.0.50727.4053
    VideoEgg Publisher
    VideoStudio
    VLC media player 1.1.5
    WavePad Sound Editor
    WebFldrs XP
    Winamp
    Windows Driver Package - Nokia Modem (02/15/2007 3.1)
    Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
    Windows Driver Package - Nokia Modem (10/07/2010 4.6)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Imaging Component
    Windows Installer Clean Up
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Encoder 9 Series
    Windows Media Format 11 runtime
    Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows Presentation Foundation
    Windows Rights Management Client Backwards Compatibility SP2
    Windows Rights Management Client with Service Pack 2
    Windows XP Media Center Edition 2005 KB2502898
    Windows XP Service Pack 3
    WinZip 15.5
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== End Of File ===========================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,910   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  6. rockyrob

    rockyrob TS Rookie Topic Starter Posts: 21

    Hi. Thanks for your assistance.

    Logs:


    aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
    Run date: 2011-08-05 09:16:53
    -----------------------------
    09:16:53.250 OS Version: Windows 5.1.2600 Service Pack 3
    09:16:53.250 Number of processors: 2 586 0xF06
    09:16:53.250 ComputerName: FAMILY UserName: Robin
    09:16:54.593 Initialize success
    09:17:17.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    09:17:17.484 Disk 0 Vendor: ST332063 3.AD Size: 305245MB BusType: 8
    09:17:17.500 Disk 0 MBR read successfully
    09:17:17.500 Disk 0 MBR scan
    09:17:17.500 Disk 0 unknown MBR code
    09:17:17.500 Disk 0 scanning sectors +625137345
    09:17:17.562 Disk 0 scanning C:\WINDOWS\system32\drivers
    09:17:32.171 Service scanning
    09:17:33.406 Modules scanning
    09:17:38.000 Disk 0 trace - called modules:
    09:17:38.031 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
    09:17:38.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f84030]
    09:17:38.031 3 CLASSPNP.SYS[f7544fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86f54028]
    09:17:38.031 Scan finished successfully
    09:22:03.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Robin\Desktop\MBR.dat"
    09:22:03.437 The log file has been saved successfully to "C:\Documents and Settings\Robin\Desktop\aswMBR.txt"
     
  7. rockyrob

    rockyrob TS Rookie Topic Starter Posts: 21

    ComboFix 11-08-05.01 - Robin 05/08/2011 9:58.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.475 [GMT 1:00]
    Running from: c:\documents and settings\Robin\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Robin\Application Data\alot
    c:\documents and settings\Robin\Local Settings\Application Data\{5F2715B7-B51D-4D1C-9E93-43378687EE5D}
    c:\documents and settings\Robin\Local Settings\Application Data\{5F2715B7-B51D-4D1C-9E93-43378687EE5D}\chrome.manifest
    c:\documents and settings\Robin\Local Settings\Application Data\{5F2715B7-B51D-4D1C-9E93-43378687EE5D}\chrome\content\_cfg.js
    c:\documents and settings\Robin\Local Settings\Application Data\{5F2715B7-B51D-4D1C-9E93-43378687EE5D}\chrome\content\overlay.xul
    c:\documents and settings\Robin\Local Settings\Application Data\{5F2715B7-B51D-4D1C-9E93-43378687EE5D}\install.rdf
    c:\documents and settings\Robin\Start Menu\Internet Explorer.lnk
    c:\documents and settings\Robin\WINDOWS
    c:\windows\PCGWIN32.LI5
    c:\windows\setup.exe
    c:\windows\system32\drivers\1028_DELL_XPS_Dell DXP061 .MRK
    c:\windows\system32\drivers\DELL_XPS_Dell DXP061 .MRK
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_MYWEBSEARCHSERVICE
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-05 to 2011-08-05 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-04 16:00 . 2011-08-04 16:32 -------- d-----w- c:\windows\system32\MpEngineStore
    2011-08-03 16:15 . 2011-08-03 16:15 -------- d-----w- c:\documents and settings\Robin\Local Settings\Application Data\WinZip
    2011-08-03 11:05 . 2011-08-03 11:05 -------- d-----w- c:\program files\ESET
    2011-08-03 10:06 . 2011-08-03 10:07 -------- dc-h--w- c:\windows\ie8
    2011-08-02 21:05 . 2011-08-02 21:05 -------- d-----w- c:\program files\ATI
    2011-08-02 21:04 . 2011-08-02 21:04 -------- d-----w- C:\ATI
    2011-08-02 19:56 . 2011-08-02 19:56 -------- d-----w- c:\documents and settings\Robin\Local Settings\Application Data\Sun
    2011-08-02 16:42 . 2001-09-05 02:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
    2011-08-02 16:42 . 2001-09-05 02:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
    2011-08-02 16:42 . 2001-09-05 02:14 176128 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
    2011-08-02 16:42 . 2001-09-05 02:13 32768 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2011-08-02 16:14 . 2003-11-10 17:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
    2011-08-02 16:14 . 2003-11-10 17:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
    2011-08-02 16:14 . 2003-11-10 17:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
    2011-08-02 16:14 . 2003-11-10 17:10 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
    2011-08-02 15:56 . 2011-08-02 15:56 -------- d-----w- c:\documents and settings\All Users\Uniblue
    2011-08-02 15:53 . 2011-08-03 08:44 -------- d-----w- c:\documents and settings\Robin\Local Settings\Application Data\OpenCandy
    2011-08-02 15:52 . 2011-08-02 15:52 -------- d-----w- c:\documents and settings\Robin\Application Data\OpenCandy
    2011-08-02 15:50 . 2011-08-02 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
    2011-08-02 14:17 . 2011-08-02 14:17 105472 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
    2011-08-02 14:06 . 2011-08-02 14:06 -------- d-----w- c:\program files\Common Files\Java
    2011-08-02 14:05 . 2011-08-02 14:04 611224 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-08-02 14:05 . 2011-08-02 14:04 544656 ----a-w- c:\windows\system32\deployJava1.dll
    2011-08-02 13:36 . 2011-08-02 13:36 -------- d-----w- c:\documents and settings\Robin\Local Settings\Application Data\uTorrent
    2011-08-02 13:16 . 2011-08-02 13:16 -------- d-----w- c:\program files\FileHippo.com
    2011-08-01 14:21 . 2011-08-02 10:08 -------- d-----w- c:\documents and settings\Robin\Local Settings\Application Data\ygpafppq
    2011-07-28 21:48 . 2011-07-28 21:48 -------- d-----w- c:\program files\Apple Software Update
    2011-07-25 08:56 . 2011-08-02 11:16 -------- d-----w- c:\program files\BBC iPlayer Desktop
    2011-07-22 20:56 . 2011-08-02 15:31 -------- d-----w- c:\documents and settings\Robin\Application Data\uTorrent
    2011-07-11 10:13 . 2011-07-11 10:13 3727360 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    2011-07-08 15:34 . 2011-07-08 20:45 -------- d-----w- c:\documents and settings\Robin\Application Data\Wiva
    2011-07-08 15:34 . 2011-07-08 15:34 -------- d-----w- c:\documents and settings\Robin\Application Data\Alnyox
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-02 14:16 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-08-02 14:16 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-08-02 14:04 . 2007-11-12 17:53 128000 ----a-w- c:\windows\system32\javacpl.cpl
    2011-07-06 18:52 . 2010-12-09 20:06 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 18:52 . 2010-12-09 20:06 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-22 18:50 . 2011-06-22 18:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2006-11-06 10:55 . 2008-10-15 19:08 748344 ----a-w- c:\program files\Filemon.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-08-02 273544]
    "CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
    "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
    "CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 20480]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\Robin\Start Menu\Programs\Accessories\Startup\
    SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Robin^Start Menu^Programs^Accessories^Startup^Logitech . Product Registration.lnk]
    path=c:\documents and settings\Robin\Start Menu\Programs\Accessories\Startup\Logitech . Product Registration.lnk
    backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
    2006-01-02 16:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
    2006-12-12 10:46 19456 ----a-w- c:\windows\system32\CtHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
    2006-12-12 09:46 20480 ----a-w- c:\windows\system32\Ctxfihlp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
    2005-09-08 04:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    2005-09-29 13:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2008-10-24 08:14 79136 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2009-10-14 12:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
    2010-04-30 14:47 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2011-07-21 18:22 17357448 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "UleadBurningHelper"=2 (0x2)
    "Norton Ghost"=2 (0x2)
    "MyWebSearchService"=2 (0x2)
    "ioloSystemService"=2 (0x2)
    "ioloFileInfoList"=2 (0x2)
    "ImapiService"=3 (0x3)
    "Creative Service for CDROM Access"=2 (0x2)
    "CCALib8"=2 (0x2)
    "Autodata Limited License Service"=2 (0x2)
    "SeagateDashboardService"=2 (0x2)
    "WMPNetworkSvc"=3 (0x3)
    "JavaQuickStarterService"=2 (0x2)
    "gupdatem"=3 (0x3)
    "gupdate"=2 (0x2)
    "fsssvc"=3 (0x3)
    "AOL ACS"=2 (0x2)
    "Capture Device Service"=2 (0x2)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
    "c:\\Program Files\\AOL 9.0\\waol.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1168812342\\ee\\aolsoftware.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "10421:UDP"= 10421:UDP:*Disabled:SingleClick Discovery Protocol
    "10426:UDP"= 10426:UDP:*Disabled:SingleClick ICC
    "3389:TCP"= 3389:TCP:*Disabled:mad:xpsp2res.dll,-22009
    .
    R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [05/08/2009 09:38 8576]
    R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [12/01/2006 22:27 13696]
    R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [12/01/2006 22:29 13568]
    R3 avera800;AVerMedia DVB-T BDA Video Capture(A800);c:\windows\system32\drivers\avera800.sys [25/10/2006 20:21 41600]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22/02/2010 22:04 135664]
    S3 DellBIOS;DellBIOS;\??\c:\docume~1\Robin\LOCALS~1\Temp\DellBIOS.Sys --> c:\docume~1\Robin\LOCALS~1\Temp\DellBIOS.Sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [22/02/2010 22:04 135664]
    S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [04/03/2005 20:08 52384]
    S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\drivers\k600mdfl.sys [04/03/2005 20:11 6096]
    S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\drivers\k600mdm.sys [04/03/2005 20:11 87456]
    S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\drivers\k600mgmt.sys [04/03/2005 20:13 79248]
    S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\k600obex.sys [04/03/2005 20:15 77072]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [09/12/2010 21:06 41272]
    S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [07/12/2010 22:58 83208]
    S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [07/12/2010 22:58 15112]
    S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [07/12/2010 22:58 108680]
    S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [07/12/2010 22:58 100488]
    S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [07/12/2010 22:58 98568]
    S4 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [30/04/2010 15:47 14088]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WUAUSERV
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-07-28 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
    .
    2011-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 21:04]
    .
    2011-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 21:04]
    .
    2011-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1721640027-2127551328-3980725348-1005Core.job
    - c:\documents and settings\Robin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-02 18:22]
    .
    2011-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1721640027-2127551328-3980725348-1005UA.job
    - c:\documents and settings\Robin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-02 18:22]
    .
    2011-08-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
    .
    2011-08-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
    .
    2011-08-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1721640027-2127551328-3980725348-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
    .
    2011-08-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1721640027-2127551328-3980725348-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
    .
    2011-08-27 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
    .
    2011-08-05 c:\windows\Tasks\User_Feed_Synchronization-{9039F7F2-8B6A-4671-A98E-34792758D91F}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.google.co.uk/
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:43902
    uSearchAssistant = hxxp://www.google.com/ie
    TCP: DhcpNameServer = 192.168.0.1
    .
    .
    ------- File Associations -------
    .
    JSEFile=NOTEPAD.EXE %1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
    MSConfigStartUp-HmeMpsyh - c:\documents and settings\Robin\Local Settings\Application Data\ygpafppq\hmempsyh.exe
    MSConfigStartUp-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe
    MSConfigStartUp-Izelobesi - c:\windows\linwlus.dll
    MSConfigStartUp-jnlxejji - c:\docume~1\Robin\LOCALS~1\Temp\wrfaaprdt\wtxhvcmaffm.exe
    MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
    MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    AddRemove-InstallShield_{AC97FBCD-448B-416C-A720-EBDEC9EF6340} - c:\progra~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
    AddRemove-InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9} - c:\program files\InstallShield Installation Information\{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}\setup.exe
    AddRemove-InstallShield_{FC87BEA8-5582-476C-A754-41F3A9D976D4} - c:\progra~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
    AddRemove-{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1 - c:\program files\AVG\AVG PC Tuneup 2011\unins000.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-08-05 10:06
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(6764)
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    c:\windows\system32\ctagent.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\OneX.DLL
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
    c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
    c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
    c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\program files\Java\jre7\bin\jqs.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\SYSTEM32\CTXFISPI.EXE
    c:\windows\system32\msiexec.exe
    c:\program files\SpywareGuard\sgbhp.exe
    .
    **************************************************************************
    .
    Completion time: 2011-08-05 10:14:44 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-08-05 09:14
    .
    Pre-Run: 114,477,756,416 bytes free
    Post-Run: 114,819,366,912 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - A49136B986447EBE654495A775AA3607
     
  8. Broni

    Broni Malware Annihilator Posts: 52,910   +344

    How is computer doing?

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box
    • Click OK
    Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Folder::
    c:\documents and settings\All Users\Uniblue
    c:\documents and settings\Robin\Local Settings\Application Data\ygpafppq
    
    
    DDS::
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:43902
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "MyWebSearchService"=-
    
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  9. rockyrob

    rockyrob TS Rookie Topic Starter Posts: 21

    My computer looks as though everything is back working again.

    Now the problem: I ran Combifix as requested but I closed the LOG file by accident before I managed to save it.
    The computer has been re-booted since as I had to re-load AVG back on the system.
    I've done a system search but can't find the log file anywhere.

    Can I run Combifix again? I didn't want to after all the warnings against the programme.

    Again, much appeciated for your service. :)
     
  10. rockyrob

    rockyrob TS Rookie Topic Starter Posts: 21

    I've just had AVG Resident Shield pop up with the Zbot.G virus again in the c:\System Volume Information\_restore directory.

    I guess it's not left my computer just yet!
     
  11. Broni

    Broni Malware Annihilator Posts: 52,910   +344

    Good news :)

    That's not a problem. It's in one of your restore points. We'll reset them little bit later.
    As long as you don't use system restore until we're done, that entry is not active.

    Now as for Combofix log look here: C:\combofix.txt
     
  12. rockyrob

    rockyrob TS Rookie Topic Starter Posts: 21

    ComboFix 11-08-05.01 - Robin 06/08/2011 11:25:54.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.487 [GMT 1:00]
    Running from: c:\documents and settings\Robin\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Robin\Desktop\CFScript.txt
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Uniblue
    c:\documents and settings\Robin\Local Settings\Application Data\ygpafppq
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-06 to 2011-08-06 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-04 16:00 . 2011-08-04 16:32 -------- d-----w- c:\windows\system32\MpEngineStore
    2011-08-03 16:15 . 2011-08-03 16:15 -------- d-----w- c:\documents and settings\Robin\Local Settings\Application Data\WinZip
    2011-08-03 11:05 . 2011-08-03 11:05 -------- d-----w- c:\program files\ESET
    2011-08-03 10:06 . 2011-08-03 10:07 -------- dc-h--w- c:\windows\ie8
    2011-08-02 21:05 . 2011-08-02 21:05 -------- d-----w- c:\program files\ATI
    2011-08-02 21:04 . 2011-08-02 21:04 -------- d-----w- C:\ATI
    2011-08-02 19:56 . 2011-08-02 19:56 -------- d-----w- c:\documents and settings\Robin\Local Settings\Application Data\Sun
    2011-08-02 16:42 . 2001-09-05 02:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
    2011-08-02 16:42 . 2001-09-05 02:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
    2011-08-02 16:42 . 2001-09-05 02:14 176128 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
    2011-08-02 16:42 . 2001-09-05 02:13 32768 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2011-08-02 16:14 . 2003-11-10 17:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
    2011-08-02 16:14 . 2003-11-10 17:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
    2011-08-02 16:14 . 2003-11-10 17:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
    2011-08-02 16:14 . 2003-11-10 17:10 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
    2011-08-02 15:53 . 2011-08-03 08:44 -------- d-----w- c:\documents and settings\Robin\Local Settings\Application Data\OpenCandy
    2011-08-02 15:52 . 2011-08-02 15:52 -------- d-----w- c:\documents and settings\Robin\Application Data\OpenCandy
    2011-08-02 15:50 . 2011-08-02 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
    2011-08-02 14:17 . 2011-08-02 14:17 105472 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
    2011-08-02 14:06 . 2011-08-02 14:06 -------- d-----w- c:\program files\Common Files\Java
    2011-08-02 14:05 . 2011-08-02 14:04 611224 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-08-02 14:05 . 2011-08-02 14:04 544656 ----a-w- c:\windows\system32\deployJava1.dll
    2011-08-02 13:36 . 2011-08-02 13:36 -------- d-----w- c:\documents and settings\Robin\Local Settings\Application Data\uTorrent
    2011-08-02 13:16 . 2011-08-02 13:16 -------- d-----w- c:\program files\FileHippo.com
    2011-07-28 21:48 . 2011-07-28 21:48 -------- d-----w- c:\program files\Apple Software Update
    2011-07-25 08:56 . 2011-08-02 11:16 -------- d-----w- c:\program files\BBC iPlayer Desktop
    2011-07-22 20:56 . 2011-08-02 15:31 -------- d-----w- c:\documents and settings\Robin\Application Data\uTorrent
    2011-07-11 10:13 . 2011-07-11 10:13 3727360 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    2011-07-08 15:34 . 2011-07-08 20:45 -------- d-----w- c:\documents and settings\Robin\Application Data\Wiva
    2011-07-08 15:34 . 2011-07-08 15:34 -------- d-----w- c:\documents and settings\Robin\Application Data\Alnyox
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-02 14:16 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-08-02 14:16 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-08-02 14:04 . 2007-11-12 17:53 128000 ----a-w- c:\windows\system32\javacpl.cpl
    2011-07-06 18:52 . 2010-12-09 20:06 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 18:52 . 2010-12-09 20:06 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-22 18:50 . 2011-06-22 18:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-02 14:02 . 2005-08-16 03:18 1858944 ----a-w- c:\windows\system32\win32k.sys
    2006-11-06 10:55 . 2008-10-15 19:08 748344 ----a-w- c:\program files\Filemon.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-08-05_09.06.43 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2005-08-16 03:18 . 2009-03-08 03:31 66560 c:\windows\system32\mshtmled.dll
    + 2005-08-16 03:18 . 2011-04-25 16:11 66560 c:\windows\system32\mshtmled.dll
    + 2007-08-13 18:54 . 2011-04-25 16:11 55296 c:\windows\system32\msfeedsbs.dll
    - 2007-08-13 18:54 . 2009-03-08 03:31 55296 c:\windows\system32\msfeedsbs.dll
    + 2005-08-16 03:18 . 2011-04-25 16:11 43520 c:\windows\system32\licmgr10.dll
    + 2005-08-16 03:18 . 2011-04-25 16:11 25600 c:\windows\system32\jsproxy.dll
    - 2005-08-16 03:18 . 2009-03-08 03:33 25600 c:\windows\system32\jsproxy.dll
    - 2006-10-19 13:25 . 2009-03-08 03:31 66560 c:\windows\system32\dllcache\mshtmled.dll
    + 2006-10-19 13:25 . 2011-04-25 16:11 66560 c:\windows\system32\dllcache\mshtmled.dll
    + 2008-01-12 10:51 . 2011-04-25 16:11 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    - 2008-01-12 10:51 . 2009-03-08 03:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2007-08-13 18:44 . 2011-04-25 16:11 43520 c:\windows\system32\dllcache\licmgr10.dll
    - 2006-10-19 13:25 . 2009-03-08 03:33 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2006-10-19 13:25 . 2011-04-25 16:11 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
    - 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
    - 2005-08-16 03:18 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
    + 2005-08-16 03:18 . 2011-04-26 11:07 33280 c:\windows\system32\csrsrv.dll
    - 2011-06-14 19:47 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\update\spcustom.dll
    - 2011-06-14 19:47 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\spmsg.dll
    - 2011-06-14 19:47 . 2011-04-25 16:09 12800 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\xpshims.dll
    - 2011-06-14 19:47 . 2011-04-25 16:09 66560 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\mshtmled.dll
    - 2011-06-14 19:48 . 2011-04-25 16:09 55296 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\msfeedsbs.dll
    - 2011-06-14 19:48 . 2011-04-25 16:09 43520 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\licmgr10.dll
    - 2011-06-14 19:48 . 2011-04-25 16:09 25600 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\jsproxy.dll
    - 2011-06-14 19:47 . 2011-04-25 16:11 12800 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\xpshims.dll
    - 2011-06-14 19:48 . 2011-04-25 16:11 66560 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\mshtmled.dll
    - 2011-06-14 19:48 . 2011-04-25 16:11 55296 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\msfeedsbs.dll
    - 2011-06-14 19:48 . 2011-04-25 16:11 43520 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\licmgr10.dll
    - 2011-06-14 19:48 . 2011-04-25 16:11 25600 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\jsproxy.dll
    - 2011-06-14 18:48 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\85ef43cf285b550a459dd3afbad2f0b8\update\spcustom.dll
    - 2011-06-14 18:48 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\85ef43cf285b550a459dd3afbad2f0b8\spmsg.dll
    + 2009-09-01 05:20 . 2011-08-05 11:04 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
    - 2009-09-01 05:20 . 2011-06-14 23:29 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
    - 2009-09-01 05:20 . 2011-06-14 23:29 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
    + 2009-09-01 05:20 . 2011-08-05 11:04 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
    - 2009-09-01 05:20 . 2011-06-14 23:29 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
    + 2009-09-01 05:20 . 2011-08-05 11:04 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
    + 2011-08-05 11:02 . 2010-07-05 13:15 17272 c:\windows\ie8updates\KB2544521-IE8\spmsg.dll
    + 2011-08-05 11:02 . 2010-07-05 13:15 26488 c:\windows\ie8updates\KB2544521-IE8\spcustom.dll
    + 2011-08-05 11:03 . 2009-03-08 03:33 12288 c:\windows\ie8updates\KB2530548-IE8\xpshims.dll
    + 2011-08-05 11:03 . 2010-07-05 13:15 17272 c:\windows\ie8updates\KB2530548-IE8\spmsg.dll
    + 2011-08-05 11:03 . 2010-07-05 13:15 26488 c:\windows\ie8updates\KB2530548-IE8\spcustom.dll
    + 2011-08-05 11:02 . 2009-03-08 03:31 66560 c:\windows\ie8updates\KB2530548-IE8\mshtmled.dll
    + 2011-08-05 11:02 . 2009-03-08 03:31 55296 c:\windows\ie8updates\KB2530548-IE8\msfeedsbs.dll
    + 2011-08-05 11:02 . 2009-03-08 03:34 43008 c:\windows\ie8updates\KB2530548-IE8\licmgr10.dll
    + 2011-08-05 11:02 . 2009-03-08 03:33 25600 c:\windows\ie8updates\KB2530548-IE8\jsproxy.dll
    + 2011-08-05 11:02 . 2010-07-05 13:15 17272 c:\windows\ie8updates\KB2510531-IE8\spmsg.dll
    + 2011-08-05 11:02 . 2010-07-05 13:15 26488 c:\windows\ie8updates\KB2510531-IE8\spcustom.dll
    + 2005-08-16 03:18 . 2011-04-26 11:07 293376 c:\windows\system32\winsrv.dll
    - 2005-08-16 03:18 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
    + 2005-08-16 03:18 . 2011-04-25 16:11 916480 c:\windows\system32\wininet.dll
    + 2005-08-16 03:18 . 2011-03-04 06:37 420864 c:\windows\system32\vbscript.dll
    + 2005-08-16 03:18 . 2011-04-29 17:25 151552 c:\windows\system32\schannel.dll
    + 2005-08-16 03:18 . 2011-04-25 16:11 206848 c:\windows\system32\occache.dll
    - 2005-08-16 03:18 . 2009-03-08 03:32 611840 c:\windows\system32\mstime.dll
    + 2005-08-16 03:18 . 2011-04-25 16:11 611840 c:\windows\system32\mstime.dll
    + 2007-08-13 18:54 . 2011-04-25 16:11 602112 c:\windows\system32\msfeeds.dll
    - 2005-08-16 03:18 . 2009-03-08 03:33 726528 c:\windows\system32\jscript.dll
    + 2005-08-16 03:18 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll
    + 2005-08-16 03:18 . 2011-04-25 16:11 184320 c:\windows\system32\iepeers.dll
    + 2005-08-16 03:18 . 2011-04-25 16:11 387584 c:\windows\system32\iedkcs32.dll
    + 2005-08-16 03:18 . 2011-04-25 12:01 173568 c:\windows\system32\ie4uinit.exe
    - 2005-08-16 03:27 . 2011-04-20 07:54 328296 c:\windows\system32\FNTCACHE.DAT
    + 2005-08-16 03:27 . 2011-08-05 11:50 328296 c:\windows\system32\FNTCACHE.DAT
    - 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
    + 2010-06-18 17:45 . 2011-04-26 11:07 293376 c:\windows\system32\dllcache\winsrv.dll
    + 2006-10-19 13:25 . 2011-04-25 16:11 916480 c:\windows\system32\dllcache\wininet.dll
    + 2006-09-18 14:15 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll
    + 2008-05-09 10:53 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll
    + 2008-12-05 06:54 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll
    + 2007-08-13 18:44 . 2011-04-25 16:11 206848 c:\windows\system32\dllcache\occache.dll
    + 2006-10-19 13:25 . 2011-04-25 16:11 611840 c:\windows\system32\dllcache\mstime.dll
    - 2006-10-19 13:25 . 2009-03-08 03:32 611840 c:\windows\system32\dllcache\mstime.dll
    + 2008-01-12 10:51 . 2011-04-25 16:11 602112 c:\windows\system32\dllcache\msfeeds.dll
    + 2008-05-09 10:53 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll
    - 2008-05-09 10:53 . 2009-03-08 03:33 726528 c:\windows\system32\dllcache\jscript.dll
    + 2006-10-19 13:25 . 2011-04-25 16:11 184320 c:\windows\system32\dllcache\iepeers.dll
    + 2007-08-13 18:39 . 2011-04-25 16:11 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2007-08-13 18:39 . 2011-04-25 12:01 173568 c:\windows\system32\dllcache\ie4uinit.exe
    - 2011-06-14 19:47 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\update\updspapi.dll
    - 2011-06-14 19:47 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\update\update.exe
    - 2011-06-14 19:47 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\spuninst.exe
    - 2011-06-14 19:47 . 2011-04-25 16:09 919552 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\wininet.dll
    - 2011-06-14 19:47 . 2011-04-25 16:09 206848 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\occache.dll
    - 2011-06-14 19:47 . 2011-04-25 16:09 611840 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\mstime.dll
    - 2011-06-14 19:48 . 2011-04-25 16:09 602112 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\msfeeds.dll
    - 2011-06-14 19:47 . 2011-04-25 16:09 247808 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\ieproxy.dll
    - 2011-06-14 19:47 . 2011-04-25 16:09 184320 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\iepeers.dll
    - 2011-06-14 19:47 . 2011-04-25 16:09 743424 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\iedvtool.dll
    - 2011-06-14 19:47 . 2011-04-25 16:09 387584 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\iedkcs32.dll
    - 2011-06-14 19:47 . 2011-04-25 11:37 173568 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\ie4uinit.exe
    - 2011-06-14 19:47 . 2011-04-25 16:11 916480 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\wininet.dll
    - 2011-06-14 19:47 . 2011-04-25 16:11 206848 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\occache.dll
    - 2011-06-14 19:47 . 2011-04-25 16:11 611840 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\mstime.dll
    - 2011-06-14 19:48 . 2011-04-25 16:11 602112 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\msfeeds.dll
    - 2011-06-14 19:47 . 2011-04-25 16:11 247808 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\ieproxy.dll
    - 2011-06-14 19:47 . 2011-04-25 16:11 184320 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\iepeers.dll
    - 2011-06-14 19:47 . 2011-04-25 16:11 743424 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\iedvtool.dll
    - 2011-06-14 19:47 . 2011-04-25 16:11 387584 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\iedkcs32.dll
    - 2011-06-14 19:47 . 2011-04-25 12:01 173568 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\ie4uinit.exe
    - 2011-06-14 18:48 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\85ef43cf285b550a459dd3afbad2f0b8\update\updspapi.dll
    - 2011-06-14 18:48 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\85ef43cf285b550a459dd3afbad2f0b8\update\update.exe
    - 2011-06-14 18:48 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\85ef43cf285b550a459dd3afbad2f0b8\spuninst.exe
    - 2011-06-14 18:48 . 2011-04-30 02:59 758784 c:\windows\SoftwareDistribution\Download\85ef43cf285b550a459dd3afbad2f0b8\SP3QFE\vgx.dll
    - 2011-06-14 18:48 . 2011-04-30 03:01 758784 c:\windows\SoftwareDistribution\Download\85ef43cf285b550a459dd3afbad2f0b8\SP3GDR\vgx.dll
    + 2009-09-01 05:20 . 2011-08-05 11:04 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
    - 2009-09-01 05:20 . 2011-06-14 23:29 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
    + 2009-09-01 05:20 . 2011-08-05 11:04 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
    - 2009-09-01 05:20 . 2011-06-14 23:29 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
    + 2009-09-01 05:20 . 2011-08-05 11:04 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
    - 2009-09-01 05:20 . 2011-06-14 23:29 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
    - 2009-09-01 05:20 . 2011-06-14 23:29 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
    + 2009-09-01 05:20 . 2011-08-05 11:04 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
    - 2009-09-01 05:20 . 2011-06-14 23:29 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
    + 2009-09-01 05:20 . 2011-08-05 11:04 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
    + 2009-09-01 05:20 . 2011-08-05 11:04 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
    - 2009-09-01 05:20 . 2011-06-14 23:29 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
    + 2011-08-05 11:02 . 2009-03-08 03:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
    + 2011-08-05 11:02 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\updspapi.dll
    + 2011-08-05 11:02 . 2010-07-05 13:15 755576 c:\windows\ie8updates\KB2544521-IE8\update.exe
    + 2011-08-05 11:02 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
    + 2011-08-05 11:02 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
    + 2011-08-05 11:02 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst.exe
    + 2011-08-05 11:02 . 2009-03-08 03:34 914944 c:\windows\ie8updates\KB2530548-IE8\wininet.dll
    + 2011-08-05 11:03 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2530548-IE8\updspapi.dll
    + 2011-08-05 11:03 . 2010-07-05 13:15 755576 c:\windows\ie8updates\KB2530548-IE8\update.exe
    + 2011-08-05 11:03 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2530548-IE8\spuninst\updspapi.dll
    + 2011-08-05 11:03 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2530548-IE8\spuninst\spuninst.exe
    + 2011-08-05 11:03 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2530548-IE8\spuninst.exe
    + 2011-08-05 11:02 . 2009-03-08 03:34 109568 c:\windows\ie8updates\KB2530548-IE8\occache.dll
    + 2011-08-05 11:02 . 2009-03-08 03:32 611840 c:\windows\ie8updates\KB2530548-IE8\mstime.dll
    + 2011-08-05 11:02 . 2009-03-08 03:32 594432 c:\windows\ie8updates\KB2530548-IE8\msfeeds.dll
    + 2011-08-05 11:03 . 2009-03-08 03:33 246784 c:\windows\ie8updates\KB2530548-IE8\ieproxy.dll
    + 2011-08-05 11:02 . 2009-03-08 03:31 183808 c:\windows\ie8updates\KB2530548-IE8\iepeers.dll
    + 2011-08-05 11:03 . 2009-03-08 03:35 742912 c:\windows\ie8updates\KB2530548-IE8\iedvtool.dll
    + 2011-08-05 11:03 . 2009-03-08 13:09 391536 c:\windows\ie8updates\KB2530548-IE8\iedkcs32.dll
    + 2011-08-05 11:03 . 2009-03-08 03:32 173056 c:\windows\ie8updates\KB2530548-IE8\ie4uinit.exe
    + 2011-08-05 11:02 . 2009-03-08 03:33 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
    + 2011-08-05 11:02 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\updspapi.dll
    + 2011-08-05 11:02 . 2010-07-05 13:15 755576 c:\windows\ie8updates\KB2510531-IE8\update.exe
    + 2011-08-05 11:02 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
    + 2011-08-05 11:02 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
    + 2011-08-05 11:02 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst.exe
    + 2011-08-05 11:02 . 2009-03-08 03:33 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
    + 2005-08-16 03:18 . 2011-04-25 16:11 1211904 c:\windows\system32\urlmon.dll
    + 2005-08-16 03:18 . 2011-05-30 22:19 5964800 c:\windows\system32\mshtml.dll
    + 2007-08-13 18:34 . 2011-04-25 16:11 1991680 c:\windows\system32\iertutil.dll
    + 2008-10-15 11:02 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys
    + 2006-10-19 13:25 . 2011-04-25 16:11 1211904 c:\windows\system32\dllcache\urlmon.dll
    + 2006-10-19 13:25 . 2011-05-30 22:19 5964800 c:\windows\system32\dllcache\mshtml.dll
    + 2008-01-12 10:51 . 2011-04-25 16:11 1991680 c:\windows\system32\dllcache\iertutil.dll
    - 2011-06-14 19:47 . 2011-04-25 16:09 1213952 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\urlmon.dll
    - 2011-06-14 19:47 . 2011-05-30 22:17 5967360 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\mshtml.dll
    - 2011-06-14 19:47 . 2011-04-25 16:09 1992192 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\iertutil.dll
    - 2011-06-14 19:47 . 2011-04-25 16:11 1211904 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\urlmon.dll
    - 2011-06-14 19:47 . 2011-05-30 22:19 5964800 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\mshtml.dll
    - 2011-06-14 19:47 . 2011-04-25 16:11 1991680 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\iertutil.dll
    + 2011-06-21 11:01 . 2011-06-21 11:01 4991488 c:\windows\Installer\6c3ffd.msp
    + 2011-08-05 10:07 . 2011-08-05 10:07 3489280 c:\windows\Installer\352cf3.msi
    + 2011-08-05 10:03 . 2011-08-05 10:03 1611776 c:\windows\Installer\352cee.msi
    + 2009-09-01 05:20 . 2011-08-05 11:04 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
    - 2009-09-01 05:20 . 2011-06-14 23:29 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
    - 2009-09-01 05:20 . 2011-06-14 23:29 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
    + 2009-09-01 05:20 . 2011-08-05 11:04 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
    + 2011-08-05 11:02 . 2009-03-08 03:34 1206784 c:\windows\ie8updates\KB2530548-IE8\urlmon.dll
    + 2011-08-05 11:02 . 2009-03-08 03:41 5937152 c:\windows\ie8updates\KB2530548-IE8\mshtml.dll
    + 2011-08-05 11:02 . 2009-03-08 03:32 1985024 c:\windows\ie8updates\KB2530548-IE8\iertutil.dll
    + 2006-12-27 11:53 . 2011-08-05 11:04 49089992 c:\windows\system32\MRT.exe
    + 2007-08-13 18:54 . 2011-04-26 09:11 11081728 c:\windows\system32\ieframe.dll
    + 2008-01-12 10:51 . 2011-04-26 09:11 11081728 c:\windows\system32\dllcache\ieframe.dll
    - 2011-06-14 19:47 . 2011-04-25 16:09 11083776 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\ieframe.dll
    + 2011-08-05 11:02 . 2009-03-08 03:39 11063808 c:\windows\ie8updates\KB2530548-IE8\ieframe.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
    "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
    "CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 20480]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\Robin\Start Menu\Programs\Accessories\Startup\
    SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Robin^Start Menu^Programs^Accessories^Startup^Logitech . Product Registration.lnk]
    path=c:\documents and settings\Robin\Start Menu\Programs\Accessories\Startup\Logitech . Product Registration.lnk
    backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
    2006-01-02 16:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
    2003-06-18 00:00 45056 ------w- c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
    2006-12-12 10:46 19456 ----a-w- c:\windows\system32\CtHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
    2006-12-12 09:46 20480 ----a-w- c:\windows\system32\Ctxfihlp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
    2005-09-08 04:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    2005-09-29 13:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2008-10-24 08:14 79136 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2009-10-14 12:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
    2010-04-30 14:47 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2011-07-21 18:22 17357448 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-05-04 12:59 252136 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2011-08-02 14:16 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "UleadBurningHelper"=2 (0x2)
    "Norton Ghost"=2 (0x2)
    "ioloSystemService"=2 (0x2)
    "ioloFileInfoList"=2 (0x2)
    "ImapiService"=3 (0x3)
    "Creative Service for CDROM Access"=2 (0x2)
    "CCALib8"=2 (0x2)
    "Autodata Limited License Service"=2 (0x2)
    "SeagateDashboardService"=2 (0x2)
    "WMPNetworkSvc"=3 (0x3)
    "JavaQuickStarterService"=2 (0x2)
    "gupdatem"=3 (0x3)
    "gupdate"=2 (0x2)
    "fsssvc"=3 (0x3)
    "AOL ACS"=2 (0x2)
    "Capture Device Service"=2 (0x2)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
    "c:\\Program Files\\AOL 9.0\\waol.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1168812342\\ee\\aolsoftware.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "10421:UDP"= 10421:UDP:*Disabled:SingleClick Discovery Protocol
    "10426:UDP"= 10426:UDP:*Disabled:SingleClick ICC
    "3389:TCP"= 3389:TCP:*Disabled:mad:xpsp2res.dll,-22009
    .
    R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [05/08/2009 09:38 8576]
    R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [12/01/2006 22:27 13696]
    R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [12/01/2006 22:29 13568]
    R3 avera800;AVerMedia DVB-T BDA Video Capture(A800);c:\windows\system32\drivers\avera800.sys [25/10/2006 20:21 41600]
    S3 DellBIOS;DellBIOS;\??\c:\docume~1\Robin\LOCALS~1\Temp\DellBIOS.Sys --> c:\docume~1\Robin\LOCALS~1\Temp\DellBIOS.Sys [?]
    S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [04/03/2005 20:08 52384]
    S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\drivers\k600mdfl.sys [04/03/2005 20:11 6096]
    S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\drivers\k600mdm.sys [04/03/2005 20:11 87456]
    S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\drivers\k600mgmt.sys [04/03/2005 20:13 79248]
    S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\k600obex.sys [04/03/2005 20:15 77072]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [09/12/2010 21:06 41272]
    S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [07/12/2010 22:58 83208]
    S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [07/12/2010 22:58 15112]
    S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [07/12/2010 22:58 108680]
    S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [07/12/2010 22:58 100488]
    S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [07/12/2010 22:58 98568]
    S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22/02/2010 22:04 135664]
    S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [22/02/2010 22:04 135664]
    S4 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [30/04/2010 15:47 14088]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-07-28 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
    .
    2011-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 21:04]
    .
    2011-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 21:04]
    .
    2011-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1721640027-2127551328-3980725348-1005Core.job
    - c:\documents and settings\Robin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-02 18:22]
    .
    2011-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1721640027-2127551328-3980725348-1005UA.job
    - c:\documents and settings\Robin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-02 18:22]
    .
    2011-08-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
    .
    2011-08-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
    .
    2011-08-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1721640027-2127551328-3980725348-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
    .
    2011-08-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1721640027-2127551328-3980725348-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
    .
    2011-08-27 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
    .
    2011-08-06 c:\windows\Tasks\User_Feed_Synchronization-{9039F7F2-8B6A-4671-A98E-34792758D91F}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.google.co.uk/
    uSearchAssistant = hxxp://www.google.com/ie
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-08-06 11:34
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3856)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\windows\system32\mslbui.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-08-06 11:36:55
    ComboFix-quarantined-files.txt 2011-08-06 10:36
    ComboFix2.txt 2011-08-05 09:14
    .
    Pre-Run: 114,780,409,856 bytes free
    Post-Run: 114,762,522,624 bytes free
    .
    - - End Of File - - 6A4618CC70963E9081EF0E4F6EDBBFB9
     
  13. Broni

    Broni Malware Annihilator Posts: 52,910   +344

    Good :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  14. rockyrob

    rockyrob TS Rookie Topic Starter Posts: 21

    OTL logfile created on: 07/08/2011 18:52:30 - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Robin\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1021.85 Mb Total Physical Memory | 325.42 Mb Available Physical Memory | 31.85% Memory free
    2.40 Gb Paging File | 1.48 Gb Available in Paging File | 61.52% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 218.89 Gb Total Space | 107.41 Gb Free Space | 49.07% Space Free | Partition Type: NTFS
    Drive D: | 74.50 Gb Total Space | 11.85 Gb Free Space | 15.90% Space Free | Partition Type: NTFS

    Computer Name: FAMILY | User Name: Robin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/08/07 18:40:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin\Desktop\OTL.exe
    PRC - [2011/07/27 09:03:22 | 001,017,912 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
    PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2011/04/14 21:30:46 | 003,588,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgui.exe
    PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
    PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
    PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
    PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
    PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
    PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/12/12 11:46:52 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
    PRC - [2006/12/12 10:46:54 | 000,020,480 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
    PRC - [2006/12/12 10:43:58 | 000,842,240 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
    PRC - [2005/11/04 18:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    PRC - [2005/10/14 11:01:06 | 000,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
    PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/08/07 18:40:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin\Desktop\OTL.exe
    MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2005/11/08 21:30:00 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (ServiceLayer)
    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [Disabled | Stopped] -- -- (Belkin Wireless USB Network Adapter Service)
    SRV - [2011/08/02 15:04:36 | 000,161,664 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2011/07/26 10:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
    SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/04/30 15:47:00 | 000,014,088 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
    SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2007/03/06 11:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
    SRV - [2006/10/23 13:50:35 | 000,046,640 | ---- | M] (AOL LLC) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2010/07/30 15:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2010/07/30 15:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2010/07/30 15:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2010/07/30 15:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2009/05/01 00:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
    DRV - [2009/04/30 23:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
    DRV - [2009/04/30 23:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
    DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2008/12/17 07:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2008/04/13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
    DRV - [2007/04/23 16:54:50 | 000,100,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
    DRV - [2007/04/23 16:54:50 | 000,098,568 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115obex.sys -- (s115obex)
    DRV - [2007/04/23 16:54:48 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdm.sys -- (s115mdm)
    DRV - [2007/04/23 16:54:48 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdfl.sys -- (s115mdfl)
    DRV - [2007/04/23 16:54:46 | 000,083,208 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
    DRV - [2006/06/07 15:08:58 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2006/01/12 22:29:38 | 000,013,568 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wsp_pkt.sys -- (wsppkt)
    DRV - [2006/01/12 22:27:16 | 000,013,696 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hnm_wrls_pkt.sys -- (hnmwrlspkt)
    DRV - [2006/01/12 22:26:10 | 000,013,312 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
    DRV - [2005/11/08 13:15:38 | 000,439,680 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
    DRV - [2005/11/08 13:15:38 | 000,007,168 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV - [2005/11/08 13:15:22 | 001,095,680 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
    DRV - [2005/11/08 13:14:54 | 000,114,688 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2005/11/08 13:14:46 | 000,143,360 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2005/11/08 13:14:44 | 000,077,824 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
    DRV - [2005/11/08 13:14:40 | 000,502,272 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
    DRV - [2005/09/20 12:47:00 | 000,041,600 | ---- | M] (AVerMedia Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avera800.sys -- (avera800) AVerMedia DVB-T BDA Video Capture(A800)
    DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
    DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
    DRV - [2005/08/02 16:00:36 | 000,232,192 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
    DRV - [2005/07/13 10:18:48 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
    DRV - [2005/03/04 20:15:54 | 000,077,072 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k600obex.sys -- (k600obex)
    DRV - [2005/03/04 20:13:46 | 000,079,248 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k600mgmt.sys -- (k600mgmt)
    DRV - [2005/03/04 20:11:26 | 000,087,456 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k600mdm.sys -- (k600mdm)
    DRV - [2005/03/04 20:11:20 | 000,006,096 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k600mdfl.sys -- (k600mdfl)
    DRV - [2005/03/04 20:08:50 | 000,052,384 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k600bus.sys -- (k600bus) Sony Ericsson 600i driver (WDM)
    DRV - [2003/12/03 18:44:58 | 000,013,566 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd)
    DRV - [2003/01/10 22:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2001/12/19 11:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\VCdRom.sys -- (vcdrom)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0061019
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0061019


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0061019
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0061019
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
    FF - prefs.js..extensions.enabledItems: avg@igeared:7.004.022.004
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
    FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
    FF - prefs.js..extensions.enabledItems: {5F2715B7-B51D-4D1C-9E93-43378687EE5D}:1.9.1
    FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390
    FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cbd4e0c&v=7.004.022.004&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/01/21 22:39:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/06 12:13:50 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/02 15:17:22 | 000,000,000 | ---D | M]

    [2009/09/14 19:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Extensions
    [2011/08/02 14:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\1mbovgcd.default\extensions
    [2011/08/02 16:33:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/08/06 16:18:31 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2011/08/02 15:05:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
    File not found (No name found) --
    [2011/08/02 15:17:22 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\ROBIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MBOVGCD.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ROBIN\LOCAL SETTINGS\APPLICATION DATA\{5F2715B7-B51D-4D1C-9E93-43378687EE5D}
    [2011/08/06 12:13:50 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
    [2011/08/06 12:14:33 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.007.026.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
    [2009/09/01 11:41:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011/08/02 15:04:39 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2011/08/05 10:06:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - No CLSID value found.
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O3 - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
    O4 - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Documents and Settings\Robin\Start Menu\Programs\Accessories\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - File not found
    O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - File not found
    O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - File not found
    O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O15 - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Reg Error: Key error.)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (Reg Error: Key error.)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1193693666062 (WUWebControl Class)
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Reg Error: Key error.)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1193693595625 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Robin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.MPEGacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
    Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: VIDC.I420 - C:\WINDOWS\System32\LVCodec2.dll (Logitech Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/08/07 18:40:14 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robin\Desktop\OTL.exe
    [2011/08/06 16:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Desktop\ADSL Using BT’s Speed tester service Community Site_files
    [2011/08/06 13:24:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/08/06 12:17:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Application Data\AVG10
    [2011/08/06 12:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2011/08/06 12:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
    [2011/08/06 12:11:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2011/08/06 12:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2011/08/06 11:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011/08/06 11:36:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/08/05 09:56:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/08/05 09:52:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/08/05 09:52:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/08/05 09:52:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/08/05 09:52:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/08/05 09:52:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/08/05 09:52:38 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/08/05 09:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Desktop\Win32 zbot.g virus on computer - can't update Windows - TechSpot OpenBoards_files
    [2011/08/05 09:31:38 | 006,640,296 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Robin\Desktop\AppRemover.exe
    [2011/08/05 09:23:08 | 004,164,628 | R--- | C] (Swearware) -- C:\Documents and Settings\Robin\Desktop\ComboFix.exe
    [2011/08/04 18:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Desktop\UPDATED 7-step Viruses Spyware Malware Preliminary Removal Instructions - TechSpot OpenBoards_files
    [2011/08/04 18:34:08 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Robin\Desktop\dds.scr
    [2011/08/04 17:00:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
    [2011/08/03 17:31:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Robin\Recent
    [2011/08/03 17:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Local Settings\Application Data\WinZip
    [2011/08/03 12:05:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/08/03 11:06:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2011/08/02 22:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
    [2011/08/02 22:04:18 | 000,000,000 | ---D | C] -- C:\ATI
    [2011/08/02 20:56:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Local Settings\Application Data\Sun
    [2011/08/02 16:53:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Local Settings\Application Data\OpenCandy
    [2011/08/02 16:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Application Data\OpenCandy
    [2011/08/02 16:50:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2011/08/02 16:49:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
    [2011/08/02 15:06:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2011/08/02 15:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011/08/02 15:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
    [2011/08/02 14:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader 5.0
    [2011/08/02 14:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Local Settings\Application Data\uTorrent
    [2011/08/02 14:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
    [2011/07/28 22:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2011/07/25 09:56:52 | 000,000,000 | ---D | C] -- C:\Program Files\BBC iPlayer Desktop
    [2011/07/22 21:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Application Data\uTorrent
    [2008/10/15 20:08:35 | 000,748,344 | ---- | C] (Sysinternals) -- C:\Program Files\Filemon.exe
    [2008/04/24 22:27:02 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
    [2008/04/24 22:27:00 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/08/27 13:56:53 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
    [2011/08/27 13:43:05 | 000,000,564 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask-Delay.job
    [2011/08/27 13:42:36 | 000,000,564 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
    [2011/08/07 18:55:06 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9039F7F2-8B6A-4671-A98E-34792758D91F}.job
    [2011/08/07 18:46:05 | 127,267,075 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2011/08/07 18:40:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin\Desktop\OTL.exe
    [2011/08/07 18:36:54 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1721640027-2127551328-3980725348-1005.job
    [2011/08/07 18:36:53 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/08/07 18:36:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/08/07 18:36:32 | 1071,562,752 | -HS- | M] () -- C:\hiberfil.sys
    [2011/08/07 10:16:33 | 000,064,984 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
    [2011/08/07 10:16:33 | 000,054,788 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
    [2011/08/07 10:16:33 | 000,054,788 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
    [2011/08/07 10:16:33 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
    [2011/08/07 10:16:33 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
    [2011/08/07 10:13:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\prvlcl.dat
    [2011/08/07 09:33:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/08/07 09:17:02 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1721640027-2127551328-3980725348-1005UA.job
    [2011/08/07 09:17:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1721640027-2127551328-3980725348-1005Core.job
    [2011/08/06 16:36:53 | 000,036,679 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\ADSL Using BT’s Speed tester service Community Site.htm
    [2011/08/06 12:14:05 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
    [2011/08/06 11:50:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/08/06 10:51:33 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2011/08/05 12:50:02 | 000,328,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/08/05 12:03:18 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/08/05 10:06:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/08/05 09:35:57 | 000,129,822 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\Win32 zbot.g virus on computer - can't update Windows - TechSpot OpenBoards.htm
    [2011/08/05 09:33:46 | 006,640,296 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Robin\Desktop\AppRemover.exe
    [2011/08/05 09:24:19 | 004,164,628 | R--- | M] (Swearware) -- C:\Documents and Settings\Robin\Desktop\ComboFix.exe
    [2011/08/05 09:22:03 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\MBR.dat
    [2011/08/04 18:34:42 | 000,102,884 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\UPDATED 7-step Viruses Spyware Malware Preliminary Removal Instructions - TechSpot OpenBoards.htm
    [2011/08/04 18:34:22 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Robin\Desktop\dds.scr
    [2011/08/04 18:17:19 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\y0ud715w.exe
    [2011/08/04 12:30:53 | 000,000,391 | -H-- | M] () -- C:\IPH.PH
    [2011/08/04 11:58:16 | 000,749,575 | ---- | M] () -- C:\Documents and Settings\Robin\My Documents\Socket Guarantee.PDF
    [2011/08/03 11:09:54 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/08/03 10:32:06 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2011/08/03 10:32:04 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2011/08/03 10:32:04 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2011/08/03 10:02:00 | 000,000,152 | ---- | M] () -- C:\WINDOWS\CoolPlay.ini
    [2011/08/02 22:08:15 | 000,000,183 | ---- | M] () -- C:\WINDOWS\setuplog
    [2011/08/02 16:21:10 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut (2) to Convert.lnk
    [2011/08/02 16:16:14 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1721640027-2127551328-3980725348-1005.job
    [2011/08/02 16:15:07 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\Google Chrome.lnk
    [2011/08/02 16:15:07 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2011/08/02 14:32:20 | 000,436,218 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110803-123035.backup
    [2011/08/02 14:16:52 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\Update Checker.lnk
    [2011/08/02 14:00:49 | 000,428,373 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110802-143219.backup
    [2011/08/02 13:58:23 | 000,020,988 | ---- | M] () -- C:\Documents and Settings\Robin\My Documents\cc_20110802_135807 1358 2-8-11.reg
    [2011/08/02 13:44:34 | 000,007,842 | ---- | M] () -- C:\Documents and Settings\Robin\My Documents\cc_20110802_134420 back up 1344 2-08-11.reg
    [2011/08/02 13:43:45 | 001,371,792 | ---- | M] () -- C:\Documents and Settings\Robin\My Documents\cc_20110802_134317 back up 1343 2-08-11.reg
    [2011/08/01 18:50:16 | 000,000,209 | ---- | M] () -- C:\Boot.bak
    [2011/07/31 19:50:22 | 000,132,608 | ---- | M] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/07/28 22:48:59 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/07/27 20:09:49 | 000,104,397 | ---- | M] () -- C:\Documents and Settings\Robin\My Documents\plugin-sleep_ebook.pdf
    [2011/07/13 18:01:56 | 000,172,619 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
    [2011/07/11 22:34:37 | 000,044,565 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\Robin & Dad.jpg
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
     
  15. rockyrob

    rockyrob TS Rookie Topic Starter Posts: 21

    ========== Files Created - No Company Name ==========

    [2011/08/27 13:43:05 | 000,000,564 | ---- | C] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask-Delay.job
    [2011/08/06 16:36:51 | 000,036,679 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\ADSL Using BT’s Speed tester service Community Site.htm
    [2011/08/06 12:14:05 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
    [2011/08/05 12:01:57 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2011/08/05 09:56:47 | 000,000,209 | ---- | C] () -- C:\Boot.bak
    [2011/08/05 09:56:41 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/08/05 09:52:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/08/05 09:52:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/08/05 09:52:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/08/05 09:52:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/08/05 09:52:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/08/05 09:35:56 | 000,129,822 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\Win32 zbot.g virus on computer - can't update Windows - TechSpot OpenBoards.htm
    [2011/08/05 09:22:03 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\MBR.dat
    [2011/08/04 18:34:36 | 000,102,884 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\UPDATED 7-step Viruses Spyware Malware Preliminary Removal Instructions - TechSpot OpenBoards.htm
    [2011/08/04 18:17:14 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\y0ud715w.exe
    [2011/08/04 12:30:25 | 000,000,391 | -H-- | C] () -- C:\IPH.PH
    [2011/08/04 11:59:16 | 000,749,575 | ---- | C] () -- C:\Documents and Settings\Robin\My Documents\Socket Guarantee.PDF
    [2011/08/03 11:13:20 | 000,000,422 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9039F7F2-8B6A-4671-A98E-34792758D91F}.job
    [2011/08/03 11:09:54 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/08/03 10:31:57 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2011/08/02 22:12:49 | 000,001,080 | ---- | C] () -- C:\WINDOWS\System32\settingsbkup.sfm
    [2011/08/02 22:12:49 | 000,001,080 | ---- | C] () -- C:\WINDOWS\System32\settings.sfm
    [2011/08/02 17:42:13 | 000,054,788 | ---- | C] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
    [2011/08/02 17:42:13 | 000,054,788 | ---- | C] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
    [2011/08/02 17:42:12 | 000,064,984 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
    [2011/08/02 16:21:10 | 000,000,633 | ---- | C] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut (2) to Convert.lnk
    [2011/08/02 16:16:13 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1721640027-2127551328-3980725348-1005.job
    [2011/08/02 16:16:13 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1721640027-2127551328-3980725348-1005.job
    [2011/08/02 16:15:07 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\Google Chrome.lnk
    [2011/08/02 16:15:07 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2011/08/02 16:07:14 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1721640027-2127551328-3980725348-1005UA.job
    [2011/08/02 16:07:12 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1721640027-2127551328-3980725348-1005Core.job
    [2011/08/02 14:16:51 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\Update Checker.lnk
    [2011/08/02 13:58:21 | 000,020,988 | ---- | C] () -- C:\Documents and Settings\Robin\My Documents\cc_20110802_135807 1358 2-8-11.reg
    [2011/08/02 13:44:31 | 000,007,842 | ---- | C] () -- C:\Documents and Settings\Robin\My Documents\cc_20110802_134420 back up 1344 2-08-11.reg
    [2011/08/02 13:43:38 | 001,371,792 | ---- | C] () -- C:\Documents and Settings\Robin\My Documents\cc_20110802_134317 back up 1343 2-08-11.reg
    [2011/07/28 22:48:59 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/07/27 20:17:42 | 000,104,397 | ---- | C] () -- C:\Documents and Settings\Robin\My Documents\plugin-sleep_ebook.pdf
    [2011/07/25 09:50:08 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\BBC iPlayer Desktop.lnk
    [2011/07/11 22:34:37 | 000,044,565 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\Robin & Dad.jpg
    [2011/06/21 21:11:06 | 000,001,400 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6grn36wgdoay08
    [2011/06/21 21:11:05 | 000,001,400 | -HS- | C] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\6grn36wgdoay08
    [2010/12/17 22:54:20 | 000,297,336 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/01/16 23:56:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\prvlcl.dat
    [2010/01/03 15:06:54 | 000,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2010/01/03 15:06:54 | 000,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2010/01/03 15:06:54 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2010/01/03 15:06:54 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2010/01/03 15:06:54 | 000,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2010/01/03 15:06:54 | 000,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2009/11/18 22:03:35 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
    [2009/11/07 13:06:55 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
    [2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
    [2009/09/26 11:29:12 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
    [2009/08/21 18:47:37 | 000,000,203 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2009/07/12 20:33:31 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Robin\Application Data\dvd.bmk
    [2009/03/08 18:27:21 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
    [2008/12/18 17:27:25 | 000,123,904 | ---- | C] () -- C:\WINDOWS\System32\Boxworld.exe
    [2008/11/29 11:37:09 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2008/08/17 11:40:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2008/05/01 14:41:58 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini
    [2008/05/01 14:16:59 | 000,000,347 | ---- | C] () -- C:\WINDOWS\CTWave32.INI
    [2008/05/01 14:11:45 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
    [2008/04/24 22:27:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
    [2008/04/24 22:27:04 | 000,366,255 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
    [2008/04/24 22:27:04 | 000,313,207 | R--- | C] () -- C:\WINDOWS\System32\ctstatic.dat
    [2008/04/24 22:27:04 | 000,265,066 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT
    [2008/04/24 22:27:04 | 000,231,821 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
    [2008/04/24 22:27:04 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
    [2008/04/24 22:27:04 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
    [2008/04/24 22:27:04 | 000,053,932 | R--- | C] () -- C:\WINDOWS\System32\ctdaught.dat
    [2008/04/24 22:27:02 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
    [2008/04/24 22:27:02 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
    [2008/04/24 22:27:02 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
    [2008/04/24 22:27:01 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
    [2008/03/10 19:54:01 | 000,029,574 | ---- | C] () -- C:\WINDOWS\SETUP1.EXE
    [2008/03/02 20:10:13 | 000,901,120 | R--- | C] () -- C:\Program Files\Settlers_1.adf
    [2008/01/12 11:02:52 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
    [2008/01/08 13:15:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2007/01/28 18:24:00 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\5B0180F91E.sys
    [2007/01/26 20:31:30 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\1EF980015B.sys
    [2007/01/26 20:31:28 | 000,006,216 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2007/01/05 18:00:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\B11gUSB.dll
    [2007/01/05 18:00:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
    [2007/01/03 22:30:51 | 000,000,021 | ---- | C] () -- C:\WINDOWS\GSP_ApRg.INI
    [2006/12/31 12:54:43 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
    [2006/12/29 19:53:54 | 000,132,608 | ---- | C] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/12/19 08:15:20 | 000,065,154 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
    [2006/12/12 11:39:02 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
    [2006/12/12 11:34:04 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ENLOCSTR.EXE
    [2006/12/04 19:16:38 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
    [2006/10/28 14:07:19 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
    [2006/10/25 21:03:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/10/25 20:44:33 | 000,000,750 | ---- | C] () -- C:\WINDOWS\Sof.INI
    [2006/10/25 20:26:31 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\EADF0FF5ED.sys
    [2006/10/25 20:20:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\CardID.dll
    [2006/10/25 20:18:48 | 000,001,216 | ---- | C] () -- C:\Documents and Settings\Robin\Application Data\wklnhst.dat
    [2006/10/25 20:05:07 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\BA801026DF.sys
    [2006/10/25 19:58:42 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2006/10/25 19:54:24 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\fusioncache.dat
    [2006/10/19 14:46:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/10/19 14:42:25 | 000,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
    [2006/10/19 14:39:15 | 000,000,916 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/10/19 14:36:11 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2006/10/19 14:35:06 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
    [2006/10/19 14:09:29 | 000,000,190 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2006/10/19 14:09:28 | 000,050,432 | R--- | C] () -- C:\WINDOWS\System32\claptn.ini
    [2006/10/19 14:08:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
    [2006/10/19 14:08:28 | 000,129,112 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2006/10/19 14:07:32 | 000,000,476 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/11/10 01:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/08/16 04:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2005/08/16 04:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/08/16 04:27:59 | 000,328,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2005/08/16 04:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2005/08/16 04:18:33 | 000,446,148 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2005/08/16 04:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2005/08/16 04:18:33 | 000,073,370 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2005/08/16 04:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2005/08/16 04:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2005/08/16 04:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2005/08/16 04:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2005/08/16 04:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2005/08/16 04:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2005/08/16 04:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2005/08/16 04:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2005/08/12 22:57:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2005/07/12 15:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
    [2004/03/23 17:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
    [2003/03/14 13:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe

    ========== LOP Check ==========

    [2010/10/30 22:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3131A
    [2008/04/06 18:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anvsoft
    [2008/03/10 20:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodata Limited
    [2011/08/06 16:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2011/08/06 12:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2010/10/18 21:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2008/01/15 19:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
    [2007/11/08 21:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
    [2010/10/19 08:52:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/01/21 22:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2010/01/03 15:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
    [2008/10/15 21:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
    [2008/01/17 00:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
    [2011/05/21 09:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
    [2011/08/06 12:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2008/10/02 19:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2009/05/05 21:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2009/03/09 18:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
    [2010/12/17 16:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
    [2011/08/02 11:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
    [2010/09/29 21:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
    [2011/06/07 09:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/01/02 20:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    [2006/10/19 14:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2007/01/03 21:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualDecor
    [2011/08/02 16:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2008/11/27 15:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\alot
    [2010/10/21 21:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\AVG
    [2010/10/19 09:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\AVG10
    [2009/07/15 20:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
    [2010/10/30 22:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\bearsharemediabartb
    [2009/02/18 15:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\Canon
    [2010/10/14 09:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\Foxit Software
    [2009/01/27 14:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\iolo
    [2008/06/11 13:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\Leadertech
    [2009/06/30 20:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\LimeWire
    [2009/05/06 08:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\PC Suite
    [2010/12/08 16:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\Teleca
    [2008/12/31 12:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\Template
    [2010/01/07 13:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\Ulead Systems
    [2010/12/31 19:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\uTorrent
    [2008/10/15 21:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
    [2009/09/17 10:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
    [2011/05/21 09:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Seagate
    [2011/08/03 13:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\471A38B5E31E62F5A5E71761DBE517AA
    [2011/07/08 16:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Alnyox
    [2011/08/06 12:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\AVG10
    [2009/12/22 20:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\AVG9
    [2009/07/03 22:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
    [2011/05/17 16:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\BitsPaper
    [2007/02/02 22:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\BitTorrent
    [2006/12/25 13:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Canon
    [2009/06/02 19:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Cisco
    [2007/12/05 23:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\CoCreate
    [2009/12/27 16:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\ElevatedDiagnostics
    [2011/03/13 21:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\eTeks
    [2008/10/02 19:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\FLV Extract
    [2010/12/01 15:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\ICAClient
    [2009/03/04 18:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\ieSpell
    [2009/08/26 20:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\ImgBurn
    [2007/01/25 19:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Intervideo
    [2008/12/20 12:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\iolo
    [2011/05/17 18:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Kuem
    [2006/10/25 20:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Leadertech
    [2008/10/02 19:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\NCH Swift Sound
    [2010/12/14 22:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Nokia
    [2011/08/02 16:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\OpenCandy
    [2010/12/14 22:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\PC Suite
    [2010/12/17 16:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\PCDr
    [2011/05/21 09:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Seagate
    [2010/12/07 22:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Teleca
    [2006/10/25 20:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Template
    [2011/05/19 12:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Toqy
    [2010/01/04 00:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Ulead Systems
    [2011/08/02 16:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\uTorrent
    [2011/07/08 21:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Wiva
    [2011/08/27 13:43:05 | 000,000,564 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
    [2011/08/27 13:42:36 | 000,000,564 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
    [2011/08/27 13:56:53 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job
    [2011/08/07 18:55:06 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{9039F7F2-8B6A-4671-A98E-34792758D91F}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2008/08/17 11:15:35 | 000,011,734 | ---- | M] () -- C:\B2K_FSK.pcm
    [2011/08/01 18:50:16 | 000,000,209 | ---- | M] () -- C:\Boot.bak
    [2011/08/06 10:51:33 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2011/06/05 19:25:19 | 000,008,620 | ---- | M] () -- C:\bootex.log
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/08/06 11:36:55 | 000,036,716 | ---- | M] () -- C:\ComboFix.txt
    [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2006/10/19 14:12:12 | 000,005,959 | RH-- | M] () -- C:\dell.sdr
    [2008/09/06 10:53:48 | 000,000,144 | ---- | M] () -- C:\domains.dat
    [2011/08/07 18:36:32 | 1071,562,752 | -HS- | M] () -- C:\hiberfil.sys
    [2006/10/25 22:33:28 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2009/09/26 11:29:14 | 000,001,120 | ---- | M] () -- C:\INSTALL.LOG
    [2005/08/16 04:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2011/08/04 12:30:53 | 000,000,391 | -H-- | M] () -- C:\IPH.PH
    [2011/05/23 20:23:11 | 000,000,326 | ---- | M] () -- C:\MemeoSendAddin
    [2005/08/16 04:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2004/08/10 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/12/23 12:50:16 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/08/07 18:36:31 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
    [2007/12/01 16:35:43 | 000,000,134 | ---- | M] () -- C:\pmt.dat
    [2009/09/14 17:37:11 | 000,001,156 | ---- | M] () -- C:\reregisterie.cmd
    [2009/01/01 12:36:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2009/01/05 15:29:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
    [2009/01/06 13:25:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
    [2009/01/07 16:32:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
    [2009/01/08 12:16:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
    [2009/01/09 12:51:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
    [2009/01/11 15:01:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
    [2009/01/11 15:06:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
    [2009/01/11 15:20:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
    [2009/01/11 15:20:31 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
    [2009/01/11 15:22:04 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
    [2009/01/11 15:27:31 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
    [2009/01/13 15:38:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
    [2009/01/14 19:20:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
    [2009/01/17 13:22:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
    [2009/01/20 23:26:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
    [2009/01/21 17:19:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
    [2009/01/24 17:16:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
    [2008/12/22 14:06:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
    [2008/12/31 14:06:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
    [2009/01/01 12:36:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2009/01/05 15:29:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2009/01/06 13:25:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2009/01/07 16:32:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2009/01/08 12:16:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2009/01/09 12:51:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2009/01/11 15:01:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2009/01/11 15:06:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2009/01/11 15:20:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2009/01/11 15:20:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2009/01/11 15:22:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2009/01/11 15:27:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2009/01/13 15:38:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [2009/01/14 19:20:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2009/01/17 13:22:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2009/01/20 23:26:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
    [2009/01/21 17:19:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
    [2009/01/24 17:16:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
    [2008/12/22 14:06:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
    [2008/12/31 14:06:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
    [2007/10/30 21:26:57 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX
    [2011/08/05 16:05:45 | 000,004,826 | ---- | M] () -- C:\winzip.log

    < %systemroot%\Fonts\*.com >
    [2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2005/08/16 04:42:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2009/01/21 20:57:13 | 000,001,722 | -H-- | M] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >
    [2006/07/28 08:32:44 | 000,007,005 | ---- | M] () -- C:\Program Files\Eula.txt
    [2006/11/06 11:55:58 | 000,748,344 | ---- | M] (Sysinternals) -- C:\Program Files\Filemon.exe
    [2003/03/20 16:26:42 | 000,014,619 | ---- | M] () -- C:\Program Files\FILEMON.HLP
    [1999/09/21 20:16:14 | 000,901,120 | R--- | M] () -- C:\Program Files\Settlers_1.adf

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2005/08/16 04:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2005/08/16 04:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2005/08/16 04:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/12/23 12:56:26 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >
    [2006/10/19 14:30:41 | 000,494,520 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\TRANSFORMS=1033.mst

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2006/10/25 19:54:34 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2005/08/16 04:50:28 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/08/05 09:33:46 | 006,640,296 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Robin\Desktop\AppRemover.exe
    [2011/08/05 09:24:19 | 004,164,628 | R--- | M] (Swearware) -- C:\Documents and Settings\Robin\Desktop\ComboFix.exe
    [2011/08/07 18:40:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin\Desktop\OTL.exe
    [2011/08/04 18:17:19 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\y0ud715w.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >
    [2009/11/16 19:58:14 | 000,000,786 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2004/08/10 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2006/10/25 19:54:34 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Robin\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/07/23 12:06:35 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Robin\Cookies\desktop.ini
    [2011/08/07 18:55:02 | 000,049,152 | -HS- | M] () -- C:\Documents and Settings\Robin\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2009/01/30 17:40:22 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 01:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2002/12/17 11:23:28 | 000,015,692 | ---- | M] () -- C:\Program Files\Messenger\license.txt
    [2002/12/17 11:23:22 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2002/12/17 11:23:22 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2002/12/17 11:23:28 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
    [2008/04/13 18:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 01:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2002/12/17 11:23:18 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2002/12/17 11:23:18 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2002/12/17 11:23:18 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2002/12/17 11:23:24 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
    "NoAutoUpdate" = 0

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21

    < End of report >
     
  16. Broni

    Broni Malware Annihilator Posts: 52,910   +344

    I still need Extras.txt
     
  17. rockyrob

    rockyrob TS Rookie Topic Starter Posts: 21

    Extras.txt

    OTL Extras logfile created on: 07/08/2011 18:52:30 - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Robin\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1021.85 Mb Total Physical Memory | 325.42 Mb Available Physical Memory | 31.85% Memory free
    2.40 Gb Paging File | 1.48 Gb Available in Paging File | 61.52% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 218.89 Gb Total Space | 107.41 Gb Free Space | 49.07% Space Free | Partition Type: NTFS
    Drive D: | 74.50 Gb Total Space | 11.85 Gb Free Space | 15.90% Space Free | Partition Type: NTFS

    Computer Name: FAMILY | User Name: Robin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-1721640027-2127551328-3980725348-1005\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "10421:UDP" = 10421:UDP:*:Disabled:SingleClick Discovery Protocol
    "10426:UDP" = 10426:UDP:*:Disabled:SingleClick ICC
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "3389:TCP" = 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
     
  18. rockyrob

    rockyrob TS Rookie Topic Starter Posts: 21

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
    "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- (AOL LLC)
    "C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
    "C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant -- (SingleClick Systems)
    "C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- (AOL LLC)
    "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Disabled:AOL -- (AOL LLC)
    "C:\Program Files\Common Files\AOL\1168812342\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1168812342\ee\aolsoftware.exe:*:Disabled:AOL Shared Components -- (America Online, Inc.)
    "C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
    "{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
    "{07035AB3-5C70-3315-35A9-CFFECA140880}" = BBC iPlayer Desktop
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
    "{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel(R) PRO Network Connections
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
    "{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
    "{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
    "{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
    "{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
    "{43002AE2-4093-49E0-A03D-990EE184C568}" = Lyrics Plugin for Windows Media Player
    "{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
    "{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Sonic Advanced Decoder
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
    "{4ecaf021-478c-40c1-b777-3368a15f9966}" = Macromedia Flash Player
    "{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
    "{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{6913FBE5-1B4B-4308-8DDD-2944F9C91E06}" = ATI Catalyst Control Center
    "{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{6F42FC6B-947B-9B89-29B0-545F0815AD7F}" = ATI Parental Control & Encoder
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
    "{AC97FBCD-448B-416C-A720-EBDEC9EF6340}" = AVerMedia DVB-T BDA Video Capture(A800)
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
    "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
    "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
    "{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
    "{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
    "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
    "{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E7C92C22-436B-46C4-AAF2-80C4C569A55F}" = AVG 2011
    "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
    "{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
    "{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
    "{ED9A325D-9622-4FD0-A731-73D23C6265F3}" = CapMan
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
    "{F48DC94B-E4EC-6F4C-6CA2-B3F2D13FF0FD}" = ATI Catalyst Install Manager
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
    "{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = AVerTV 6.0
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
    "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
    "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows Driver Package - Nokia Modem (10/07/2010 4.6)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "ATI Display Driver" = ATI Display Driver
    "AVG" = AVG 2011
    "BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
    "CCleaner" = CCleaner
    "DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
    "Dell Support Center" = Dell Support Center
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "DivX Setup.divx.com" = DivX Setup
    "DVD Flick_is1" = DVD Flick
    "E5372C32E8562C76C24DBA6525002B1031495F34" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
    "EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    "ESET Online Scanner" = ESET Online Scanner v3
    "FileHippo.com" = FileHippo.com Update Checker
    "Foxit Reader_is1" = Foxit Reader 5.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "ieSpell" = ieSpell
    "ImgBurn" = ImgBurn
    "KLiteCodecPack_is1" = K-Lite Codec Pack 5.3.0 (Standard)
    "lvdrivers_12.10" = Logitech Webcam Software Driver Package
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Nokia PC Suite" = Nokia PC Suite
    "OBD-DIAG_is1" = OBD-DIAG V1.01.02
    "Photo DVD Maker Professional" = Photo DVD Maker Professional 7.78
    "Power MP3 Recorder Cutter_is1" = Power MP3 Recorder Cutter, (ver 5.0)
    "PROPLUS" = Microsoft Office Professional Plus 2007
    "RealPlayer 12.0" = RealPlayer
    "SpywareGuard_is1" = SpywareGuard v2.2
    "ST6UNST #1" = Date Cracker 2000
    "Tweak UI 2.10" = Tweak UI
    "uTorrent" = µTorrent
    "VideoEgg" = VideoEgg Publisher
    "VLC media player" = VLC media player 1.1.5
    "WavePad" = WavePad Sound Editor
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "WIC" = Windows Imaging Component
    "Winamp" = Winamp
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1721640027-2127551328-3980725348-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "f031ef6ac137efc5" = Dell Driver Download Manager
    "Google Chrome" = Google Chrome
    "Sweet Home 3D" = Sweet Home 3D
    "uTorrent" = µTorrent

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 08/05/2011 05:50:51 | Computer Name = FAMILY | Source = Media Center Guide | ID = 20
    Description = Event Info: Unable to link service to lineup File validation error
    - mismatched guide package. The Guide listings service is not currently available.
    Please try again later. Process: DefaultDomain Object Name: Microsoft.Ehome.Epg.Loader.Xml.PresetLoader


    Error - 08/05/2011 05:50:51 | Computer Name = FAMILY | Source = Media Center Guide | ID = 20
    Description = Event Info: Unable to link service to lineup File validation error
    - mismatched guide package. The Guide listings service is not currently available.
    Please try again later. Process: DefaultDomain Object Name: Microsoft.Ehome.Epg.Loader.Xml.PresetLoader


    Error - 08/05/2011 05:50:51 | Computer Name = FAMILY | Source = Media Center Guide | ID = 20
    Description = Event Info: Unable to link service to lineup File validation error
    - mismatched guide package. The Guide listings service is not currently available.
    Please try again later. Process: DefaultDomain Object Name: Microsoft.Ehome.Epg.Loader.Xml.PresetLoader


    Error - 08/05/2011 05:50:51 | Computer Name = FAMILY | Source = Media Center Guide | ID = 20
    Description = Event Info: Unable to link service to lineup File validation error
    - mismatched guide package. The Guide listings service is not currently available.
    Please try again later. Process: DefaultDomain Object Name: Microsoft.Ehome.Epg.Loader.Xml.PresetLoader


    Error - 08/05/2011 05:50:52 | Computer Name = FAMILY | Source = Media Center Guide | ID = 20
    Description = Event Info: Unable to link service to lineup File validation error
    - mismatched guide package. The Guide listings service is not currently available.
    Please try again later. Process: DefaultDomain Object Name: Microsoft.Ehome.Epg.Loader.Xml.PresetLoader


    Error - 09/05/2011 14:41:03 | Computer Name = FAMILY | Source = Media Center Guide | ID = 20
    Description = Event Info: Unable to link service to lineup File validation error
    - mismatched guide package. The Guide listings service is not currently available.
    Please try again later. Process: DefaultDomain Object Name: Microsoft.Ehome.Epg.Loader.Xml.PresetLoader


    Error - 09/05/2011 14:41:03 | Computer Name = FAMILY | Source = Media Center Guide | ID = 20
    Description = Event Info: Unable to link service to lineup File validation error
    - mismatched guide package. The Guide listings service is not currently available.
    Please try again later. Process: DefaultDomain Object Name: Microsoft.Ehome.Epg.Loader.Xml.PresetLoader


    Error - 09/05/2011 14:41:03 | Computer Name = FAMILY | Source = Media Center Guide | ID = 20
    Description = Event Info: Unable to link service to lineup File validation error
    - mismatched guide package. The Guide listings service is not currently available.
    Please try again later. Process: DefaultDomain Object Name: Microsoft.Ehome.Epg.Loader.Xml.PresetLoader


    Error - 09/05/2011 14:41:03 | Computer Name = FAMILY | Source = Media Center Guide | ID = 20
    Description = Event Info: Unable to link service to lineup File validation error
    - mismatched guide package. The Guide listings service is not currently available.
    Please try again later. Process: DefaultDomain Object Name: Microsoft.Ehome.Epg.Loader.Xml.PresetLoader


    Error - 09/05/2011 14:41:03 | Computer Name = FAMILY | Source = Media Center Guide | ID = 20
    Description = Event Info: Unable to link service to lineup File validation error
    - mismatched guide package. The Guide listings service is not currently available.
    Please try again later. Process: DefaultDomain Object Name: Microsoft.Ehome.Epg.Loader.Xml.PresetLoader


    [ Cisco AnyConnect VPN Client Events ]
    Error - 15/07/2009 15:54:06 | Computer Name = WOODCROFT | Source = vpnagent | ID = 50331649
    Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
    Line:
    997 Description: fatal error, stopping service

    Error - 29/07/2009 07:10:20 | Computer Name = WOODCROFT | Source = vpnagent | ID = 50331650
    Description = Termination reason code 9: Client PC is shutting down.

    Error - 29/07/2009 07:10:20 | Computer Name = WOODCROFT | Source = vpnagent | ID = 50331649
    Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
    Line:
    997 Description: fatal error, stopping service

    Error - 01/09/2009 06:41:39 | Computer Name = FAMILY | Source = vpnagent | ID = 50331650
    Description = Termination reason code 9: Client PC is shutting down.

    Error - 01/09/2009 06:41:39 | Computer Name = FAMILY | Source = vpnagent | ID = 50331649
    Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
    Line:
    997 Description: fatal error, stopping service

    Error - 09/09/2009 06:42:46 | Computer Name = FAMILY | Source = vpnagent | ID = 50331650
    Description = Termination reason code 9: Client PC is shutting down.

    Error - 09/09/2009 06:42:46 | Computer Name = FAMILY | Source = vpnagent | ID = 50331649
    Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
    Line:
    997 Description: fatal error, stopping service

    Error - 12/09/2009 03:33:43 | Computer Name = FAMILY | Source = vpnagent | ID = 50331650
    Description = Termination reason code 9: Client PC is shutting down.

    Error - 14/09/2009 15:43:22 | Computer Name = FAMILY | Source = vpnagent | ID = 50331650
    Description = Termination reason code 7: The agent has been stopped.

    Error - 14/09/2009 15:43:22 | Computer Name = FAMILY | Source = vpnagent | ID = 50331649
    Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
    Line:
    997 Description: fatal error, stopping service

    [ OSession Events ]
    Error - 19/04/2010 13:05:39 | Computer Name = FAMILY | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 05/05/2011 12:01:52 | Computer Name = FAMILY | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 09/05/2011 06:27:19 | Computer Name = FAMILY | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the Dnscache service.

    Error - 09/05/2011 06:28:55 | Computer Name = FAMILY | Source = DCOM | ID = 10010
    Description = The server {CD621DE4-2AA5-4468-ADF1-087A05891DA7} did not register
    with DCOM within the required timeout.

    Error - 10/05/2011 07:53:29 | Computer Name = FAMILY | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.0.2 for the Network Card with network
    address 001676DC332D has been denied by the DHCP server 192.168.0.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 11/05/2011 14:08:05 | Computer Name = FAMILY | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.0.2 on
    the Network Card with network address 001676DC332D.

    Error - 13/05/2011 12:37:14 | Computer Name = FAMILY | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.0.2 on
    the Network Card with network address 001676DC332D.

    Error - 15/05/2011 04:57:16 | Computer Name = FAMILY | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.0.2 on
    the Network Card with network address 001676DC332D.

    Error - 16/05/2011 09:27:04 | Computer Name = FAMILY | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.0.2 for the Network Card with network
    address 001676DC332D has been denied by the DHCP server 192.168.0.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 17/05/2011 06:46:56 | Computer Name = FAMILY | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.0.2 for the Network Card with network
    address 001676DC332D has been denied by the DHCP server 192.168.0.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 19/05/2011 06:39:08 | Computer Name = FAMILY | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.0.2 on
    the Network Card with network address 001676DC332D.

    Error - 21/05/2011 03:54:00 | Computer Name = FAMILY | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.0.2 for the Network Card with network
    address 001676DC332D has been denied by the DHCP server 192.168.0.1 (The DHCP Server
    sent a DHCPNACK message).


    < End of report >
     
  19. rockyrob

    rockyrob TS Rookie Topic Starter Posts: 21

    I noticed that the following link is not actually on my C drive

    "C:\Program Files\BearShare Applications\BearShare\BearShare.exe

    I offloaded that last year, after my missus downloaded it, but thought that I had removed it completely. I guess not!
     
  20. Broni

    Broni Malware Annihilator Posts: 52,910   +344

    How is computer doing?

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
      FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
      FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found
      O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - No CLSID value found.
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - No CLSID value found.
      O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
      O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - File not found
      O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - File not found
      O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - File not found
      O15 - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
      O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/...oUploader5.cab (Reg Error: Key error.)
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (Reg Error: Key error.)
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/S.../bin/cabsa.cab (Reg Error: Key error.)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
      [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      [2011/06/21 21:11:06 | 000,001,400 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6grn36wgdoay08
      [2011/06/21 21:11:05 | 000,001,400 | -HS- | C] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\6grn36wgdoay08
      [2007/01/28 18:24:00 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\5B0180F91E.sys
      [2007/01/26 20:31:30 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\1EF980015B.sys
      [2006/10/25 20:26:31 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\EADF0FF5ED.sys
      [2006/10/19 14:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
      @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
      @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21
      [2010/10/30 22:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\bearsharemediabartb
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  21. rockyrob

    rockyrob TS Rookie Topic Starter Posts: 21

    Computer is behaving itself, which is all good! :) Thanks!
    I'll crack on with your request and will revert.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,910   +344

    OK :)............
     
  23. rockyrob

    rockyrob TS Rookie Topic Starter Posts: 21

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ deleted successfully.
    C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A368E80-174F-4872-96B5-0B27DDD11DB2}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UpdReg deleted successfully.
    C:\WINDOWS\Updreg.EXE moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}\ not found.
    Registry key HKEY_USERS\S-1-5-21-1721640027-2127551328-3980725348-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
    Starting removal of ActiveX control {0CCA191D-13A6-4E29-B746-314DEE697D83}
    C:\WINDOWS\Downloaded Program Files\PhotoUploader5.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ not found.
    Starting removal of ActiveX control {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
    C:\WINDOWS\Downloaded Program Files\MsnPUpld.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ not found.
    Starting removal of ActiveX control {644E432F-49D3-41A1-8DD5-E099162EEEC5}
    C:\WINDOWS\Downloaded Program Files\CabSA.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {A3256902-51FA-45A0-8A97-FC1143C169D9}
    C:\WINDOWS\Downloaded Program Files\DiagWebControl.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A3256902-51FA-45A0-8A97-FC1143C169D9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3256902-51FA-45A0-8A97-FC1143C169D9}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A3256902-51FA-45A0-8A97-FC1143C169D9}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3256902-51FA-45A0-8A97-FC1143C169D9}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
    C:\WINDOWS\System32\SET1B8.tmp deleted successfully.
    C:\WINDOWS\System32\SET368.tmp deleted successfully.
    C:\WINDOWS\msdownld.tmp folder deleted successfully.
    C:\Documents and Settings\All Users\Application Data\6grn36wgdoay08 moved successfully.
    C:\Documents and Settings\Robin\Local Settings\Application Data\6grn36wgdoay08 moved successfully.
    C:\WINDOWS\system32\5B0180F91E.sys moved successfully.
    C:\WINDOWS\system32\1EF980015B.sys moved successfully.
    C:\WINDOWS\system32\EADF0FF5ED.sys moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21 deleted successfully.
    C:\Documents and Settings\Jill\Application Data\bearsharemediabartb folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 56468 bytes

    User: Jill
    ->Temp folder emptied: 84620613 bytes
    ->Temporary Internet Files folder emptied: 38254792 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 110046424 bytes
    ->Flash cache emptied: 11714 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 98438 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Robin
    ->Temp folder emptied: 19282763 bytes
    ->Temporary Internet Files folder emptied: 8763939 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 44220087 bytes
    ->Google Chrome cache emptied: 422016602 bytes
    ->Flash cache emptied: 59565 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 109186 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 694.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Jill
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: Robin
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.26.1 log created on 08072011_194925

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  24. rockyrob

    rockyrob TS Rookie Topic Starter Posts: 21

    Security Check results...

    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    AVG 2011
    ESET Online Scanner v3
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 15
    Java(TM) 7
    Out of date Java installed!
    Adobe Flash Player 10.3.181.26
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    ``````````End of Log````````````
     
  25. Broni

    Broni Malware Annihilator Posts: 52,910   +344

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ...and Eset...
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...