0

Hello,

Two days ago I obtained a malware infection. It was the type that would come up in a pop up "warning, your computer is infected with malware" press 'ok' to continue (I did NOT press ok)- but damage was done. It then showed an image of a download taking place- when I seen this I ended the firefox.exe process in task manager.

I have been running scans with recommended programs like Spybot S&D, Malwarebytes, Hitman Pro, TDSSKiller -(removing all files they suggested)

MalwareBytes continually shows a malware.trace on Registry key item HKEY_CURRENT_USER\Software\WinServers - It says that it removed successfully but after a while it comes back.

Here is my HijackThis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:07:09 PM, on 9/08/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - -{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O15 - Trusted Zone: *.line6.net
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/VistaMSNPUplden-au.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D613EA6E-EF9E-4D19-8E8E-954CE41F1A2D}: NameServer = 192.168.1.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13602 bytes

2
Contributors
27
Replies
28
Views
7 Years
Discussion Span
Last Post by manipulation
0

For some reason I cant edit my original post. Here are some extra scans I made.
NOTE- My computer crashed when GMER was scanning to create the GMERTwo document. So I only have the 1st one.

I have already ran Malwarebytes so many times that it only comes up with the problem I discussed in my earlier post.

Attachments
DDS (Ver_10-03-17.01) - NTFSx86  
Run by Dale at 14:30:09.97 on Mon 09/08/2010
Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_13
Microsoft Windows Vista Home Basic   6.0.6000.0.1252.61.1033.18.2039.927 [GMT 10:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)   {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *On-access scanning enabled* (Outdated)   {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! Antivirus *enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\libusbd-nt.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\vmnat.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Users\Dale\Desktop\DaniWeb\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=71&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - 
BHO: -{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No File
BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - No File
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [WebCamRT.exe] 
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [Aim6] 
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Antivirus] "c:\program files\anvi\avt.exe" -noscan
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [<NO NAME>] 
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver3\LVCOMS.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [hpqSRMon] c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe"
mRun: [SweetIM] c:\program files\macrogaming\sweetim\SweetIM.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PCMService] "c:\program files\cyberlink\powercinema\PCMService.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DPService] "c:\program files\hp\dvdplay\DPService.exe"
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire\Corel Photo Downloader.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\paltalk.lnk - c:\program files\paltalk messenger\paltalk.exe
IE: &AOL Toolbar Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {49783ED4-258D-4f9f-BE11-137C18D3E543} - c:\poker\titan poker\casino.exe
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DDE87865-83C
0

Hi and welcome to the Daniweb forums :).

==========

Please post the MBA_M log anyway.
Please do not attach your logs (unless requested). Paste them as you have done with the hijackthis log.

0

Thanks for the welcome and tips :)

Here is MalwareBytes Log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4408

Windows 6.0.6000
Internet Explorer 7.0.6000.16982

9/08/2010 3:11:21 PM
mbam-log-2010-08-09 (15-11-21).txt

Scan type: Quick scan
Objects scanned: 149811
Time elapsed: 9 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\WinServers (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.AntiVirus) ->

Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


^Now there are these two that keep reappearing.^


Here is my DDS

DDS (Ver_10-03-17.01) - NTFSx86
Run by Dale at 14:30:09.97 on Mon 09/08/2010
Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.61.1033.18.2039.927 [GMT 10:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! Antivirus *enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\libusbd-nt.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\vmnat.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Users\Dale\Desktop\DaniWeb\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=71&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: -{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No File
BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - No File
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [WebCamRT.exe]
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [Aim6]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Antivirus] "c:\program files\anvi\avt.exe" -noscan
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [<NO NAME>]
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver3\LVCOMS.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [hpqSRMon] c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe"
mRun: [SweetIM] c:\program files\macrogaming\sweetim\SweetIM.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PCMService] "c:\program files\cyberlink\powercinema\PCMService.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DPService] "c:\program files\hp\dvdplay\DPService.exe"
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire\Corel Photo Downloader.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\paltalk.lnk - c:\program files\paltalk messenger\paltalk.exe
IE: &AOL Toolbar Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {49783ED4-258D-4f9f-BE11-137C18D3E543} - c:\poker\titan poker\casino.exe
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: line6.net
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.mail.live.com/mail/w1/resources/VistaMSNPUplden-au.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {D613EA6E-EF9E-4D19-8E8E-954CE41F1A2D} = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\dale\appdata\roaming\mozilla\firefox\profiles\epssrz6y.default\
FF - prefs.js: browser.search.selectedEngine - BearShare Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\dale\appdata\roaming\mozilla\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-8-8 312912]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-8 165456]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-13 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-13 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-13 243024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-8 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-8-8 50256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-8 40384]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2010-3-3 14976]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-8-9 1153368]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-3-26 54960]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-8 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-8 40384]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-5-3 33792]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2007-4-10 596480]
S3 L6UX2;Service - Line 6 UX2;c:\windows\system32\drivers\L6UX2.sys [2010-3-24 571008]

=============== Created Last 30 ================

2010-08-09 01:44:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-09 01:44:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-09 01:44:18 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-08 15:13:47 0 d-----w- c:\windows\system32\Lang
2010-08-08 14:29:08 266448009 ----a-w- c:\windows\MEMORY.DMP
2010-08-08 14:06:56 98816 ----a-w- c:\windows\sed.exe
2010-08-08 14:06:56 77312 ----a-w- c:\windows\MBR.exe
2010-08-08 14:06:56 256512 ----a-w- c:\windows\PEV.exe
2010-08-08 14:06:56 161792 ----a-w- c:\windows\SWREG.exe
2010-08-08 14:06:45 0 d-s---w- C:\ComboFix
2010-08-08 02:46:50 2396859 ----a-w- C:\MGtools.exe
2010-08-08 01:46:00 134464 ----a-w- c:\windows\system32\LnkProtect.dll
2010-08-08 01:43:27 875296 ----a-w- c:\users\dale\jxpiinstall-rv.exe
2010-08-08 01:31:57 312912 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-08-08 01:31:55 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-08 01:31:48 38848 ----a-w- c:\windows\avastSS.scr
2010-08-08 01:31:41 0 d-----w- c:\programdata\Alwil Software
2010-08-08 01:20:16 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-07 03:11:36 0 d-----w- c:\users\dale\appdata\roaming\QuickScan
2010-08-07 02:46:33 0 d-----w- c:\program files\CCleaner
2010-08-07 02:31:25 64 ----a-w- c:\windows\wininit.ini
2010-08-07 02:03:16 496 ----a-w- c:\windows\system32\.crusader
2010-08-07 01:45:31 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-07 01:42:47 0 d-----w- c:\programdata\Hitman Pro
2010-08-07 01:42:42 0 d-----w- c:\program files\Hitman Pro 3.5
2010-08-01 11:35:17 379927 ----a-w- c:\users\dale\pedobear_stephanie_sex.gif
2010-07-24 13:18:24 144777 ----a-w- c:\users\dale\render.nike.com.jpg
2010-07-23 14:14:51 35328 ----a-w- c:\users\dale\Info From AmazonXD on LUCID DREAMING.doc
2010-07-20 13:48:12 1530421 ----a-w- c:\users\dale\secretary owned.gif
2010-07-20 13:48:04 1946591 ----a-w- c:\users\dale\pie time.gif
2010-07-20 13:47:57 2016320 ----a-w- c:\users\dale\take tehe stairs.gif
2010-07-20 13:47:48 1487163 ----a-w- c:\users\dale\hot dancing.gif
2010-07-20 13:47:40 861242 ----a-w- c:\users\dale\wow they are junping.gif
2010-07-20 13:45:52 1060328 ----a-w- c:\users\dale\sit ups have never looked so good.gif
2010-07-20 13:45:25 1904992 ----a-w- c:\users\dale\stage fail gif.gif
2010-07-19 02:53:44 61872 ----a-w- c:\windows\system32\HSlide32.OCX
2010-07-19 02:53:44 61360 ----a-w- c:\windows\system32\VSLIDE32.OCX
2010-07-19 02:53:44 200704 ----a-w- c:\windows\system32\Threed32.ocx
2010-07-19 02:53:43 89600 ----a-w- c:\windows\system32\GRID32.OCX
2010-07-19 02:53:43 78848 ----a-w- c:\windows\system32\MSOUTL32.OCX
2010-07-19 02:53:43 68520 ----a-w- c:\windows\system32\MIDIIO32.OCX
2010-07-19 02:53:43 59304 ----a-w- c:\windows\system32\MIDIFL32.OCX
2010-07-19 02:53:41 60 ----a-w- c:\users\dale\CUSTDATA.INI
2010-07-19 02:53:41 0 d-----w- c:\program files\Chord Buster
2010-07-16 23:52:55 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 14:21:22 279552 ----a-w- c:\users\dale\GOLDFISH BRAND Curry.doc

==================== Find3M ====================

2010-08-08 15:13:46 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-08 15:13:46 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-08-08 15:13:36 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-03 04:59:30 4182 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-07-28 04:45:29 31662 ----a-w- c:\users\dale\appdata\roaming\wklnhst.dat
2010-07-16 23:52:56 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 23:52:03 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-27 00:58:02 50792 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-06-27 00:54:06 966213 ----a-w- c:\users\dale\tdsskiller.zip
2008-12-12 23:14:09 174 --sha-w- c:\program files\desktop.ini
2008-10-19 01:00:05 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-10-20 07:46:42 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-10-20 07:46:42 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-10-20 07:46:42 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-06-08 11:19:14 22 --sha-w- c:\windows\sminst\HPCD.sys
2007-11-03 13:10:52 88 --sh--r- c:\windows\system32\E2246F4A91.sys
2009-10-10 04:43:21 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009101020091011\index.dat

============= FINISH: 14:30:38.06 ===============


Here is my Attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 19/04/2007 6:21:36 AM
System Uptime: 8/09/2010 2:02:35 PM (-720 hours ago)

Motherboard: ECS | | Livermore
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | CPU 1 | 3200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 143 GiB total, 9.462 GiB free.
D: is FIXED (NTFS) - 6 GiB total, 0.871 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
S: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: Realtek High Definition Audio
Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_103C2A57&REV_1000\4&249EB704&0&0001
Manufacturer: Realtek
Name: Realtek High Definition Audio
PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_103C2A57&REV_1000\4&249EB704&0&0001
Service: IntcAzAudAddService

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
7-Zip 4.44 beta
Acoustica Beatcraft
Acoustica CD/DVD Label Maker
Acoustica Effects Pack
Adobe Audition 3.0
Adobe Captivate 3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.4
Adobe Shockwave Player
AIM 6
AnalogX DXMan
Antares Autotune VST RTAS TDM v5.08
Antares Filter VST DX v1.01
Any Video Converter 2.0.8
AnyDVD
AnyReader
AoA Audio Extractor
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 6
Ashampoo Burning Studio 8.02
ASIO4ALL
µTorrent
AusLogics Disk Defrag
AusLogics System Information
avast! Pro Antivirus
AVG Free 9.0
BitTorrent 5.0.9
Bonjour
BufferChm
C5300
Celemony Melodyne Plugin VST RTAS v1.0
ConvertXtoDVD 3.3.4.106e
Cool Edit Pro 2.1
Corel Paint Shop Pro Photo XI
Corel Snapfire
Deep Fritz 11
Destination Component
DeviceDiscovery
DVD Decrypter (Remove Only)
DVD Play
DVD Shrink 3.2
DVDFab 6.2.0.5 (11/11/2009)
Enhanced Multimedia Keyboard Solution
EphPod
ffdshow [rev 1723] [2007-12-24]
Google Earth
GPBaseService2
GSpot Codec Information Appliance
Guitar Chord Buster Pro 4.4.2
Guitar Pro 5.2
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Connections (remove only)
HP Customer Experience Enhancements
HP Customer Participation Program 12.0
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Imaging Device Functions 12.0
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart C5300 All-In-One Driver Software 12.0 Rel .4
HP Photosmart Essential 3.5
HP Picasso Media Center Add-In
HP Smart Web Printing
HP Solution Center 12.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Hyperprism 2.5.0
IK Multimedia Amplitube DX/VST/RTAS v2.0
ImgBurn
Intel(R) Graphics Media Accelerator Driver
iTunes
iZotope iDrum
iZotope iDrum Factory Content
iZotope Ozone 4
iZotope RX
iZotope Spectron
iZotope Trash
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
LibUSB-Win32-0.1.10.1
LightScribe 1.4.142.1
Line 6 Uninstaller
Logitech Audio Echo Cancellation Component
Logitech Legacy USB Camera Driver Package
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Video Enumerator
Magic ISO Maker v5.5 (build 0276)
Malwarebytes' Anti-Malware
MarketResearch
Melodyne 3.1
Melodyne plugin
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio Professional 2003
Microsoft Office Word MUI (English) 2007
Microsoft Software Inventory Analyzer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XML Parser
Mozilla Firefox (3.0.19)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 5.0
MVision
Nero 8
neroxml
OLYMPUS Master 2
OLYMPUS muvee theaterPack
OVT Scanner
Pacific Poker
PaltalkScene
PartyPoker
PeerGuardian 2.0
PFConfig 1.0.232
PKR
PokerStars
Power Tab Editor 1.7
PowerCinema
Project64 1.6
PS_AIO_04_C5300_Software_Min
Python 2.4.3
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Replay Video Capture
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Scan
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Visio 2007 (KB947590)
Shop for HP Supplies
SmartWebPrinting
Soft Data Fax Modem with SmartCP
SolutionCenter
Sonalksis Plug-Ins for Windows 2.00
Sonnox Oxford Inflator Native VST v1.5.1
Sonnox Oxford Limiter Native VST v1.1.1
Sonnox Oxford R3 Dynamics Native VST v1.3.1
Sonnox Oxford R3 EQ Native VST v1.6.1
Sonnox Oxford Reverb Native VST v1.0
Sonnox Oxford TransMod Native VST v1.3.1
Spybot - Search & Destroy
Status
Steinberg Cubase SX v1.0.6.78
Steinberg Voice Designer v1.03
Steinberg VoiceMachine v1.0
STOIK Video Converter 2
TC Native Bundle v3.1
Titan Poker
Toolbox
TrayApp
Ultra Video Splitter 5.2.1126
Uninstall DreamSuite Bonus
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb971933)
VCRedistSetup
VLC media player 1.0.5
VMware Workstation
Waves Diamond Bundle v5.0
Waves GTR 3
Waves Masters
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinRAR archiver
WinZip 11.2
Xilisoft DVD Creator
Xilisoft Video Converter Ultimate
Xilisoft Video Editor
Yahoo! Install Manager

==== Event Viewer Messages From Past Week ========

9/08/2010 2:03:02 PM, Error: EventLog [6008] - The previous system shutdown at 2:01:56 PM on 9/08/2010 was unexpected.
9/08/2010 12:42:19 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{D613EA6E-EF9E-4D19-8E8E-954CE41F1A2D} because another computer on the network has the same name. The server could not start.
9/08/2010 12:30:23 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer KASEY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D613EA6E-EF9E-4D19-8E8E-954CE41F1A2D. The master browser is stopping or an election is being forced.
9/08/2010 12:29:11 AM, Error: EventLog [6008] - The previous system shutdown at 12:26:23 AM on 9/08/2010 was unexpected.
9/08/2010 12:11:15 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/08/2010 12:10:50 AM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
9/08/2010 10:12:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NMIndexingService with arguments "" in order to run the server: {E8933C4B-2C90-4A04-A677-E958D9509F1A}
9/08/2010 1:06:33 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi AvgLdx86 AvgMfx86 ElbyCDIO SABKUTIL spldr Wanarpv6
8/08/2010 9:04:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SABKUTIL
8/08/2010 9:04:53 PM, Error: Service Control Manager [7000] - The Logitech LVPr2Mon Driver service failed to start due to the following error: The parameter is incorrect.
8/08/2010 11:31:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/08/2010 11:19:47 AM, Error: VDS Dynamic Provider 2.0 [10] - The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505
75436011
75436011
7/08/2010 9:33:52 AM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/08/2010 9:22:10 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: Not enough storage is available to complete this operation.
7/08/2010 9:22:10 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: Not enough storage is available to complete this operation.
7/08/2010 8:59:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
7/08/2010 8:56:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX DfsC ElbyCDIO NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6 ws2ifsl
7/08/2010 8:56:48 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/08/2010 8:56:48 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/08/2010 8:56:48 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
7/08/2010 8:56:48 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/08/2010 8:56:48 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/08/2010 8:56:48 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/08/2010 8:56:48 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/08/2010 8:56:48 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/08/2010 8:56:48 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
7/08/2010 8:56:48 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/08/2010 8:56:48 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/08/2010 8:56:48 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/08/2010 8:56:48 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/08/2010 8:56:48 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/08/2010 8:56:48 PM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/08/2010 8:56:48 PM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/08/2010 7:42:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/08/2010 6:27:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wcncsvc with arguments "" in order to run the server: {375FF000-DD27-11D9-8F9C-0002B3988E81}
7/08/2010 6:27:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
7/08/2010 6:27:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
7/08/2010 6:27:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 ElbyCDIO spldr Wanarpv6
7/08/2010 6:27:01 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/08/2010 6:14:14 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/08/2010 5:52:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/08/2010 5:52:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/08/2010 5:51:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/08/2010 5:51:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/08/2010 5:51:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/08/2010 5:51:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/08/2010 5:51:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
7/08/2010 5:51:42 PM, Error: LSM [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
7/08/2010 4:16:49 PM, Error: Service Control Manager [7034] - The LVCOMSer service terminated unexpectedly. It has done this 1 time(s).
7/08/2010 4:16:48 PM, Error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
7/08/2010 12:08:04 PM, Error: Service Control Manager [7024] - The Hitman Pro 3.5 Crusader (Boot) service terminated with service-specific error 0 (0x0).
7/08/2010 1:32:12 PM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
6/08/2010 3:10:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load:
6/08/2010 3:07:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avg9wd service.
6/08/2010 11:40:39 AM, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the UPnP Device Host service which failed to start because of the following error: The dependency service or group failed to start.
6/08/2010 11:39:16 AM, Error: Print [19] - The print spooler failed to share printer Send To OneNote 2007 with shared resource name Send To OneNote 2007. Error 2114. The printer cannot be used by others on the network.
6/08/2010 11:39:16 AM, Error: Print [19] - The print spooler failed to share printer Microsoft Office Document Image Writer with shared resource name Microsoft Office Document Image Writer. Error 2114. The printer cannot be used by others on the network.
6/08/2010 11:39:16 AM, Error: Print [19] - The print spooler failed to share printer HP Photosmart C5300 series with shared resource name HP Photosmart C5300 series. Error 2114. The printer cannot be used by others on the network.
6/08/2010 11:39:16 AM, Error: Print [19] - The print spooler failed to share printer Brother DCP-115C USB with shared resource name Brother DCP-115C USB. Error 2114. The printer cannot be used by others on the network.
2/08/2010 8:49:39 AM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/08/2010 11:45:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

==== End Of File ===========================


Here is my GMEROne

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-09 13:50:52
Windows 6.0.6000
Running: llwwnitu.exe; Driver: C:\Users\Dale\AppData\Local\Temp\kwtdypow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x90E74B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 VMkbd.sys

---- EOF - GMER 1.0.15 ----

Edited by manipulation: n/a

0

^Now there are these two that keep reappearing.^

Probably because of either Spybot S&D or another anti-spyware real-time scanner you have running.
The entries are probably getting re-instated.
Disable your internet connection, then disable all your anti-spyware stuff and run MBA_M again.

==

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
0

Probably because of either Spybot S&D or another anti-spyware real-time scanner you have running.
The entries are probably getting re-instated.
Disable your internet connection, then disable all your anti-spyware stuff and run MBA_M again.

After reboot MBAM scan comes up clean :)

OTL

OTL logfile created on: 9/08/2010 6:42:48 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Dale\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143.10 Gb Total Space | 9.50 Gb Free Space | 6.64% Space Free | Partition Type: NTFS
Drive D: | 5.94 Gb Total Space | 0.87 Gb Free Space | 14.66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 484.73 Mb Total Space | 332.75 Mb Free Space | 68.65% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MATT-PC
Current User Name: Dale
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/09 17:35:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Dale\Desktop\OTL.exe
PRC - [2010/07/17 09:52:57 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/17 09:52:55 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/17 09:52:55 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/17 09:52:52 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/17 09:52:03 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/17 09:52:00 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/29 06:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/03/26 22:05:22 | 000,096,816 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
PRC - [2009/03/26 22:04:42 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2009/03/26 22:04:22 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2009/03/26 22:04:16 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2008/10/29 16:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/16 20:11:26 | 000,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/10/16 20:11:26 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2008/10/16 19:23:30 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/10/16 19:15:38 | 000,344,064 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
PRC - [2007/12/13 19:10:56 | 001,688,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/10/25 15:37:32 | 002,178,832 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2007/10/25 15:33:22 | 000,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/10/25 15:32:58 | 000,407,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007/10/19 12:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/07/17 13:05:16 | 000,064,000 | ---- | M] (ArcSoft) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2007/04/06 00:14:59 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/02/15 20:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2007/01/19 00:46:00 | 004,349,952 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/29 07:09:40 | 000,118,880 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
PRC - [2006/11/29 07:09:38 | 000,266,338 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
PRC - [2006/11/29 07:09:06 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerCinema\PCMService.exe
PRC - [2006/11/29 07:08:52 | 001,073,152 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2006/09/28 23:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusbd-nt.exe


========== Modules (SafeList) ==========

MOD - [2010/08/09 17:35:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Dale\Desktop\OTL.exe
MOD - [2006/11/02 19:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006/11/02 19:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/07/17 09:52:52 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/29 06:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/29 06:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/29 06:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/05/22 17:16:37 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/26 22:04:42 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/03/26 22:04:22 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/03/26 22:04:16 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2008/12/01 10:49:02 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008/10/16 19:29:40 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/10/16 19:24:24 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/10/19 12:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/10/19 12:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/19 12:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/06/09 09:03:18 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/29 07:09:40 | 000,118,880 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/11/29 07:09:38 | 000,266,338 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/11/29 07:08:52 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\Windows\System32\libusbd-nt.exe -- (libusbd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dale\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/07/17 09:52:56 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/17 09:52:03 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/29 06:39:38 | 000,312,912 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/06/29 06:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/29 06:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/29 06:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/29 06:32:56 | 000,050,256 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/06/29 06:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/03 09:13:44 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/24 07:19:04 | 000,571,008 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L6UX2.sys -- (L6UX2)
DRV - [2009/03/26 22:05:36 | 000,054,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2009/03/26 22:05:36 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009/03/26 22:05:34 | 000,857,520 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2009/03/26 22:05:34 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2009/03/26 22:05:32 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009/03/26 16:31:12 | 000,031,280 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009/03/26 16:31:12 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2008/12/01 10:47:08 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2008/11/13 05:57:24 | 000,103,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2008/07/21 22:11:58 | 000,024,392 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:04:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/19 12:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/11 17:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/10/11 17:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/06/02 13:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2007/04/10 10:08:46 | 000,596,480 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ov550i.sys -- (APL531)
DRV - [2007/01/19 04:56:00 | 001,729,632 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/01/15 14:28:20 | 000,070,144 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/29 07:39:52 | 001,476,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 19:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 19:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 19:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 19:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 19:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 19:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 19:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 19:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 19:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 19:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 19:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 19:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 19:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 19:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 19:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 19:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 19:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 19:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 19:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 19:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 19:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 19:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 19:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 19:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 19:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 19:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 19:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 19:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 19:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 19:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 19:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 19:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 19:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 18:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 18:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 18:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 18:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 18:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 18:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 17:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 17:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2005/12/13 02:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/10/20 15:00:04 | 000,243,328 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RT2500.sys -- (RT2500)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2005/01/31 09:20:04 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005/01/31 09:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2001/07/13 12:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SBKUPNT.SYS -- (SBKUPNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=71&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.selectedEngine: "BearShare Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: firefox@red-cog.com:2.6
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..keyword.URL: "http://search.bearshare.com/web?src=ffb&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/21 08:48:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/09/07 14:02:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/03 10:37:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/03 15:30:17 | 000,000,000 | ---D | M]

[2009/02/13 12:13:07 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\mozilla\Extensions
[2010/08/09 12:09:08 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\mozilla\Firefox\Profiles\epssrz6y.default\extensions
[2010/06/27 13:55:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dale\AppData\Roaming\mozilla\Firefox\Profiles\epssrz6y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/07 21:19:47 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Dale\AppData\Roaming\mozilla\Firefox\Profiles\epssrz6y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/01/28 11:33:29 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Dale\AppData\Roaming\mozilla\Firefox\Profiles\epssrz6y.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2009/12/31 12:02:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dale\AppData\Roaming\mozilla\Firefox\Profiles\epssrz6y.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/06/27 12:33:56 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\mozilla\Firefox\Profiles\epssrz6y.default\extensions\firefox@red-cog.com
[2009/12/31 12:02:06 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\mozilla\Firefox\Profiles\epssrz6y.default\extensions\SkipScreen@SkipScreen
[2010/04/12 14:01:54 | 000,002,476 | ---- | M] () -- C:\Users\Dale\AppData\Roaming\Mozilla\FireFox\Profiles\epssrz6y.default\searchplugins\BearShareWebSearch.xml
[2010/08/08 11:43:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/08/16 10:05:00 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/04/12 14:01:54 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml

O1 HOSTS File: ([2010/08/07 16:00:19 | 000,000,021 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - -{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [DPService] C:\Program Files\HP\DVDPlay\DPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [WebCamRT.exe] File not found
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.mail.live.com/mail/w1/resources/VistaMSNPUplden-au.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/06 00:16:29 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

0

========== Files/Folders - Created Within 90 Days ==========

[2010/08/09 17:35:40 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Dale\Desktop\OTL.exe
[2010/08/09 13:34:05 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\DaniWeb
[2010/08/09 12:01:15 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\RootkitBuster_2.80.1077
[2010/08/09 11:44:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/09 11:44:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/09 11:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/09 11:43:43 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Dale\Desktop\mbam-setup-1.46.exe
[2010/08/09 11:28:37 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Dale\Desktop\spybotsd162.exe
[2010/08/09 01:13:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2010/08/09 00:26:25 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\temp
[2010/08/09 00:06:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/08/09 00:06:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/08/09 00:06:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/08/09 00:06:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/08/09 00:06:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/09 00:06:45 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/08/09 00:03:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/08 11:46:00 | 000,134,464 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\LnkProtect.dll
[2010/08/08 11:43:27 | 000,875,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Dale\jxpiinstall-rv.exe
[2010/08/08 11:31:58 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/08/08 11:31:58 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/08/08 11:31:57 | 000,312,912 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2010/08/08 11:31:57 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/08/08 11:31:57 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/08/08 11:31:55 | 000,050,256 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/08/08 11:31:48 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/08/08 11:31:47 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/08/08 11:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/08/08 11:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/08 11:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/08/07 20:57:47 | 001,196,368 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dale\Desktop\TDSSKiller.exe
[2010/08/07 20:57:47 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\tdsskiller
[2010/08/07 13:11:36 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\QuickScan
[2010/08/07 12:59:28 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Dale\Desktop\TFC.exe
[2010/08/07 12:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/08/07 11:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/08/07 11:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/08/07 11:40:30 | 006,289,216 | ---- | C] (SurfRight B.V.) -- C:\Users\Dale\Desktop\HitmanPro35.exe
[2010/08/06 13:13:09 | 073,473,320 | ---- | C] ( ) -- C:\Users\Dale\Desktop\setup_9.0.0.722_05.08.2010_15-32.exe
[2010/08/03 13:38:52 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\federer
[2010/07/27 23:20:56 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\GRAND FINAL
[2010/07/19 12:53:44 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\Threed32.ocx
[2010/07/19 12:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\Chord Buster
[2010/07/17 09:52:55 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/07/01 18:23:56 | 000,000,000 | ---D | C] -- C:\ProgramData\38E4
[2010/07/01 18:22:05 | 000,000,000 | ---D | C] -- C:\Users\Dale\Documents\BearShare
[2010/07/01 18:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\BearShare Applications
[2010/07/01 18:19:43 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\PackageAware
[2010/06/28 13:38:10 | 000,000,000 | ---D | C] -- C:\Users\Dale\Documents\fedichini
[2010/06/28 13:19:46 | 000,000,000 | ---D | C] -- C:\Users\Dale\Documents\fed
[2010/06/27 11:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/06/27 10:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/06/26 08:50:07 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\Malwarebytes
[2010/06/26 08:49:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/07 14:22:22 | 000,000,000 | ---D | C] -- C:\Users\Dale\cadogan
[2010/06/01 10:54:28 | 000,000,000 | ---D | C] -- C:\Users\Dale\GTR presets
[2010/05/26 13:05:43 | 000,000,000 | ---D | C] -- C:\Users\Dale\2010-05 (May)
[2010/05/20 16:33:46 | 000,000,000 | ---D | C] -- C:\Users\Dale\KC
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Dale\Desktop\*.tmp files -> C:\Users\Dale\Desktop\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/09 18:42:58 | 009,175,040 | -HS- | M] () -- C:\Users\Dale\ntuser.dat
[2010/08/09 18:31:01 | 000,721,096 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/09 18:31:01 | 000,625,590 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/09 18:31:01 | 000,109,332 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/09 18:24:15 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/09 18:24:15 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/09 18:24:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/09 18:24:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/09 18:24:04 | 2138,431,488 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/09 18:22:21 | 002,941,822 | -H-- | M] () -- C:\Users\Dale\AppData\Local\IconCache.db
[2010/08/09 17:35:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Dale\Desktop\OTL.exe
[2010/08/09 15:11:13 | 000,001,006 | ---- | M] () -- C:\Users\Dale\Desktop\mbam-log-2010-08-09 (15-11-02)NEWEST
[2010/08/09 14:55:31 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/09 14:32:05 | 000,000,000 | ---- | M] () -- C:\Users\Dale\AppData\Local\prvlcl.dat
[2010/08/09 13:34:48 | 000,293,376 | ---- | M] () -- C:\Users\Dale\Desktop\llwwnitu.exe
[2010/08/09 12:00:52 | 001,074,232 | ---- | M] () -- C:\Users\Dale\Desktop\RootkitBuster_2.80.1077.zip
[2010/08/09 11:17:23 | 063,098,205 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/09 01:14:32 | 000,005,892 | ---- | M] () -- C:\Users\Dale\AppData\Local\d3d9caps.dat
[2010/08/09 00:29:37 | 266,448,009 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/08 21:05:08 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\Logitech QuickCam.lnk
[2010/08/08 20:38:07 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\Hitman Pro 3.5 Boot Task.job
[2010/08/08 13:00:59 | 003,816,812 | R--- | M] () -- C:\Users\Dale\Desktop\ComboFix.exe
[2010/08/08 12:55:15 | 000,199,168 | ---- | M] () -- C:\Users\Dale\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/08 12:48:59 | 000,000,945 | ---- | M] () -- C:\Users\Dale\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/08 12:27:52 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/08/08 11:46:25 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/08/08 11:46:00 | 000,134,464 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\LnkProtect.dll
[2010/08/08 11:31:55 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/08/08 09:13:02 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Dale\Desktop\spybotsd162.exe
[2010/08/08 09:05:12 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Dale\Desktop\mbam-setup-1.46.exe
[2010/08/07 20:52:34 | 001,130,629 | ---- | M] () -- C:\Users\Dale\Desktop\tdsskiller.zip
[2010/08/07 20:38:08 | 000,511,268 | ---- | M] () -- C:\Users\Dale\Documents\cc_20100807_2037.reg
[2010/08/07 18:44:56 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/08/07 16:00:19 | 000,000,021 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/07 13:34:03 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/08/07 12:59:54 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Dale\Desktop\TFC.exe
[2010/08/07 12:34:24 | 000,000,496 | ---- | M] () -- C:\Windows\System32\.crusader
[2010/08/07 12:31:25 | 000,000,064 | ---- | M] () -- C:\Windows\wininit.ini
[2010/08/07 11:44:43 | 006,289,216 | ---- | M] (SurfRight B.V.) -- C:\Users\Dale\Desktop\HitmanPro35.exe
[2010/08/06 13:38:36 | 073,473,320 | ---- | M] ( ) -- C:\Users\Dale\Desktop\setup_9.0.0.722_05.08.2010_15-32.exe
[2010/08/04 15:07:42 | 001,196,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dale\Desktop\TDSSKiller.exe
[2010/08/03 14:59:30 | 000,004,182 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/08/01 21:35:18 | 000,379,927 | ---- | M] () -- C:\Users\Dale\pedobear_stephanie_sex.gif
[2010/07/30 10:08:10 | 003,408,874 | ---- | M] () -- C:\Users\Dale\Desktop\bobby flynn- animal.mp3
[2010/07/28 14:45:29 | 000,031,662 | ---- | M] () -- C:\Users\Dale\AppData\Roaming\wklnhst.dat
[2010/07/28 14:43:10 | 000,026,234 | ---- | M] () -- C:\Users\Dale\Desktop\CHEETHAM, Matthew.rtf
[2010/07/28 14:42:51 | 000,034,304 | ---- | M] () -- C:\Users\Dale\Desktop\CHEETHAM, Matthew.doc
[2010/07/28 14:35:03 | 000,020,992 | ---- | M] () -- C:\Users\Dale\Documents\Matthew Cheetham Resume 2010-1.wps
[2010/07/26 19:39:43 | 004,213,005 | ---- | M] () -- C:\Users\Dale\Desktop\Ryan Adams - Cry On Demand.mp3
[2010/07/24 23:18:25 | 000,144,777 | ---- | M] () -- C:\Users\Dale\render.nike.com.jpg
[2010/07/24 00:14:52 | 000,035,328 | ---- | M] () -- C:\Users\Dale\Info From AmazonXD on LUCID DREAMING.doc
[2010/07/21 14:24:40 | 002,396,859 | ---- | M] () -- C:\MGtools.exe
[2010/07/20 23:51:57 | 002,016,320 | ---- | M] () -- C:\Users\Dale\take tehe stairs.gif
[2010/07/20 23:50:24 | 001,946,591 | ---- | M] () -- C:\Users\Dale\pie time.gif
[2010/07/20 23:50:09 | 001,530,421 | ---- | M] () -- C:\Users\Dale\secretary owned.gif
[2010/07/20 23:49:45 | 001,487,163 | ---- | M] () -- C:\Users\Dale\hot dancing.gif
[2010/07/20 23:48:45 | 000,861,242 | ---- | M] () -- C:\Users\Dale\wow they are junping.gif
[2010/07/20 23:46:34 | 001,904,992 | ---- | M] () -- C:\Users\Dale\stage fail gif.gif
[2010/07/20 23:46:05 | 001,060,328 | ---- | M] () -- C:\Users\Dale\sit ups have never looked so good.gif
[2010/07/19 23:24:16 | 000,000,671 | ---- | M] () -- C:\Users\Dale\AppData\Roaming\vso_ts_preview.xml
[2010/07/19 12:53:41 | 000,000,060 | ---- | M] () -- C:\Users\Dale\CUSTDATA.INI
[2010/07/17 09:52:56 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/07/17 09:52:55 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/07/17 09:52:03 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/07/17 00:21:52 | 000,279,552 | ---- | M] () -- C:\Users\Dale\GOLDFISH BRAND Curry.doc
[2010/07/08 09:56:51 | 000,025,600 | ---- | M] () -- C:\Users\Dale\Matthew_Cheetham_cover_letterKGrange.doc
[2010/07/03 17:06:41 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/02 17:49:45 | 000,024,064 | ---- | M] () -- C:\Users\Dale\MW2 shotgun.doc
[2010/07/02 08:56:24 | 000,029,184 | ---- | M] () -- C:\Users\Dale\Mark Chapter 12 Verses 41 to 44.doc
[2010/06/29 06:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/06/29 06:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/06/29 06:39:38 | 000,312,912 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2010/06/29 06:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/06/29 06:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/06/29 06:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/06/29 06:32:56 | 000,050,256 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/06/29 06:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/06/27 14:58:06 | 000,131,248 | ---- | M] () -- C:\Users\Dale\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/27 12:57:53 | 000,464,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/27 10:54:06 | 000,966,213 | ---- | M] () -- C:\Users\Dale\tdsskiller.zip
[2010/06/23 20:03:27 | 000,025,600 | ---- | M] () -- C:\Users\Dale\Desktop\Matthew_Cheetham_cover_letter.doc
[2010/06/16 22:56:23 | 000,024,576 | ---- | M] () -- C:\Users\Dale\Federer.doc
[2010/06/07 13:10:20 | 000,001,818 | ---- | M] () -- C:\Users\Dale\Desktop\POD Farm 2.lnk
[2010/06/03 09:13:44 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/05/27 14:07:54 | 000,019,968 | ---- | M] () -- C:\Users\Dale\This won me a TV.doc
[2010/05/25 00:07:16 | 007,230,274 | ---- | M] () -- C:\Users\Dale\Desktop\11 - félperc - L.I.F.E.mp3
[2010/05/19 22:47:33 | 000,029,696 | ---- | M] () -- C:\Users\Dale\Yellow curry.doc
[2010/05/19 21:40:34 | 000,009,287 | -HS- | M] () -- C:\Users\Dale\Desktop\Folder.jpg
[2010/05/19 21:40:34 | 000,002,449 | -HS- | M] () -- C:\Users\Dale\Desktop\AlbumArtSmall.jpg
[2010/05/18 13:38:11 | 000,000,162 | -H-- | M] () -- C:\Users\Dale\Desktop\~$CARD2.doc
[2010/05/13 13:43:25 | 000,000,520 | ---- | M] () -- C:\TPAIN IMPERSONATE.cpart
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Dale\Desktop\*.tmp files -> C:\Users\Dale\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/09 15:11:13 | 000,001,006 | ---- | C] () -- C:\Users\Dale\Desktop\mbam-log-2010-08-09 (15-11-02)NEWEST
[2010/08/09 13:34:44 | 000,293,376 | ---- | C] () -- C:\Users\Dale\Desktop\llwwnitu.exe
[2010/08/09 12:00:49 | 001,074,232 | ---- | C] () -- C:\Users\Dale\Desktop\RootkitBuster_2.80.1077.zip
[2010/08/09 11:44:22 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/09 11:08:56 | 2138,431,488 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/09 00:29:08 | 266,448,009 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/09 00:06:56 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/09 00:06:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/09 00:06:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/09 00:06:56 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/09 00:06:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/08 13:00:58 | 003,816,812 | R--- | C] () -- C:\Users\Dale\Desktop\ComboFix.exe
[2010/08/08 12:46:50 | 002,396,859 | ---- | C] () -- C:\MGtools.exe
[2010/08/08 11:45:25 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\Hitman Pro 3.5 Boot Task.job
[2010/08/07 20:57:39 | 001,130,629 | ---- | C] () -- C:\Users\Dale\Desktop\tdsskiller.zip
[2010/08/07 20:37:36 | 000,511,268 | ---- | C] () -- C:\Users\Dale\Documents\cc_20100807_2037.reg
[2010/08/07 18:44:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/07 12:31:25 | 000,000,064 | ---- | C] () -- C:\Windows\wininit.ini
[2010/08/07 12:03:16 | 000,000,496 | ---- | C] () -- C:\Windows\System32\.crusader
[2010/08/07 11:45:31 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/08/01 21:35:17 | 000,379,927 | ---- | C] () -- C:\Users\Dale\pedobear_stephanie_sex.gif
[2010/07/30 10:08:09 | 003,408,874 | ---- | C] () -- C:\Users\Dale\Desktop\bobby flynn- animal.mp3
[2010/07/28 14:43:10 | 000,026,234 | ---- | C] () -- C:\Users\Dale\Desktop\CHEETHAM, Matthew.rtf
[2010/07/28 14:35:03 | 000,020,992 | ---- | C] () -- C:\Users\Dale\Documents\Matthew Cheetham Resume 2010-1.wps
[2010/07/26 19:31:47 | 004,213,005 | ---- | C] () -- C:\Users\Dale\Desktop\Ryan Adams - Cry On Demand.mp3
[2010/07/26 00:53:22 | 000,001,308 | ---- | C] () -- C:\Users\Dale\shoe size- my name is earl.txt
[2010/07/24 23:18:24 | 000,144,777 | ---- | C] () -- C:\Users\Dale\render.nike.com.jpg
[2010/07/24 16:04:19 | 000,000,423 | ---- | C] () -- C:\Users\Dale\UTUBE.txt
[2010/07/24 00:14:51 | 000,035,328 | ---- | C] () -- C:\Users\Dale\Info From AmazonXD on LUCID DREAMING.doc
[2010/07/22 23:37:12 | 000,000,097 | ---- | C] () -- C:\Users\Dale\IMDB.txt
[2010/07/20 23:48:12 | 001,530,421 | ---- | C] () -- C:\Users\Dale\secretary owned.gif
[2010/07/20 23:48:04 | 001,946,591 | ---- | C] () -- C:\Users\Dale\pie time.gif
[2010/07/20 23:47:57 | 002,016,320 | ---- | C] () -- C:\Users\Dale\take tehe stairs.gif
[2010/07/20 23:47:48 | 001,487,163 | ---- | C] () -- C:\Users\Dale\hot dancing.gif
[2010/07/20 23:47:40 | 000,861,242 | ---- | C] () -- C:\Users\Dale\wow they are junping.gif
[2010/07/20 23:45:52 | 001,060,328 | ---- | C] () -- C:\Users\Dale\sit ups have never looked so good.gif
[2010/07/20 23:45:25 | 001,904,992 | ---- | C] () -- C:\Users\Dale\stage fail gif.gif
[2010/07/19 12:53:44 | 000,061,872 | ---- | C] () -- C:\Windows\System32\HSlide32.OCX
[2010/07/19 12:53:44 | 000,061,360 | ---- | C] () -- C:\Windows\System32\VSLIDE32.OCX
[2010/07/19 12:53:43 | 000,068,520 | ---- | C] () -- C:\Windows\System32\MIDIIO32.OCX
[2010/07/19 12:53:43 | 000,059,304 | ---- | C] () -- C:\Windows\System32\MIDIFL32.OCX
[2010/07/19 12:53:41 | 000,000,060 | ---- | C] () -- C:\Users\Dale\CUSTDATA.INI
[2010/07/17 00:21:22 | 000,279,552 | ---- | C] () -- C:\Users\Dale\GOLDFISH BRAND Curry.doc
[2010/07/13 11:14:52 | 000,011,867 | ---- | C] () -- C:\Users\Dale\In the skin tab.txt
[2010/07/11 15:52:17 | 000,001,081 | ---- | C] () -- C:\Users\Dale\good p GET.txt
[2010/07/08 09:56:51 | 000,025,600 | ---- | C] () -- C:\Users\Dale\Matthew_Cheetham_cover_letterKGrange.doc
[2010/07/02 17:49:44 | 000,024,064 | ---- | C] () -- C:\Users\Dale\MW2 shotgun.doc
[2010/07/02 08:55:42 | 000,029,184 | ---- | C] () -- C:\Users\Dale\Mark Chapter 12 Verses 41 to 44.doc
[2010/06/27 11:31:08 | 001,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010/06/27 10:53:49 | 000,966,213 | ---- | C] () -- C:\Users\Dale\tdsskiller.zip
[2010/06/16 22:56:23 | 000,024,576 | ---- | C] () -- C:\Users\Dale\Federer.doc
[2010/06/11 00:53:08 | 000,000,028 | ---- | C] () -- C:\Users\Dale\spanish.txt
[2010/06/10 13:13:52 | 000,000,386 | ---- | C] () -- C:\Users\Dale\Nadal federer wimbledon.txt
[2010/06/07 13:10:20 | 000,001,818 | ---- | C] () -- C:\Users\Dale\Desktop\POD Farm 2.lnk
[2010/05/31 13:59:16 | 000,000,419 | ---- | C] () -- C:\Users\Dale\fedbestclass.txt
[2010/05/28 11:50:16 | 000,000,363 | ---- | C] () -- C:\Users\Dale\gellar.txt
[2010/05/27 18:54:42 | 000,000,147 | ---- | C] () -- C:\Users\Dale\My entry for 3D tv.txt
[2010/05/27 14:07:54 | 000,019,968 | ---- | C] () -- C:\Users\Dale\This won me a TV.doc
[2010/05/25 00:05:26 | 007,230,274 | ---- | C] () -- C:\Users\Dale\Desktop\11 - félperc - L.I.F.E.mp3
[2010/05/19 22:47:33 | 000,029,696 | ---- | C] () -- C:\Users\Dale\Yellow curry.doc
[2010/05/18 13:38:11 | 000,000,162 | -H-- | C] () -- C:\Users\Dale\Desktop\~$CARD2.doc
[2010/05/13 13:43:25 | 000,000,520 | ---- | C] () -- C:\TPAIN IMPERSONATE.cpart
[2010/03/28 12:45:46 | 000,000,516 | ---- | C] () -- C:\Windows\IfoEdit.INI
[2010/03/03 09:19:55 | 000,014,976 | ---- | C] () -- C:\Windows\System32\drivers\SBKUPNT.SYS
[2010/03/03 09:19:45 | 000,002,799 | ---- | C] () -- C:\Windows\SKLANG.INI
[2009/11/25 16:18:02 | 000,055,856 | ---- | C] () -- C:\Windows\System32\vnetinst.dll
[2009/09/20 12:36:35 | 000,002,756 | ---- | C] () -- C:\Windows\System32\ssolefw.dll
[2009/09/20 12:36:35 | 000,002,756 | ---- | C] () -- C:\Windows\System32\sslibtth.dll
[2009/09/20 12:36:35 | 000,002,756 | ---- | C] () -- C:\Windows\System32\sslibram.dll
[2009/09/20 12:36:35 | 000,002,756 | ---- | C] () -- C:\Windows\System32\sslibmmn.dll
[2009/09/20 12:36:35 | 000,002,756 | ---- | C] () -- C:\Windows\System32\solekuy.dll
[2009/09/20 12:36:35 | 000,002,756 | ---- | C] () -- C:\Windows\System32\solegeh.dll
[2009/09/20 12:36:35 | 000,002,756 | ---- | C] () -- C:\Windows\System32\slibeh.dll
[2009/06/12 21:28:30 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2009/06/12 21:28:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2009/05/03 17:04:50 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
[2009/04/25 14:51:35 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/03/05 15:45:06 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2009/03/05 15:45:06 | 000,662,016 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/03/05 15:45:06 | 000,520,192 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009/03/05 15:45:06 | 000,404,992 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/03/05 15:45:06 | 000,397,312 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009/03/05 15:45:06 | 000,204,800 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009/03/05 15:45:06 | 000,188,416 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2009/03/05 15:45:06 | 000,167,936 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009/03/05 15:45:06 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009/03/05 15:45:06 | 000,135,168 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009/03/05 15:45:06 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2009/03/05 15:45:06 | 000,102,912 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009/03/05 15:45:06 | 000,054,784 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009/03/05 15:45:06 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009/03/05 15:45:06 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009/03/05 15:45:06 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/03/05 15:45:06 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/06/18 20:51:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll
[2008/04/03 19:01:53 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/11/03 22:57:55 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\E2246F4A91.sys
[2007/11/03 22:57:54 | 000,004,182 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2007/10/11 17:59:24 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007/08/24 18:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/08/01 16:12:05 | 000,000,241 | ---- | C] () -- C:\Windows\QSync.INI
[2007/07/19 14:57:11 | 000,421,888 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2007/07/19 14:57:11 | 000,225,280 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll
[2007/07/19 14:57:11 | 000,077,824 | ---- | C] () -- C:\Windows\System32\vorbisfile.dll
[2007/04/06 00:37:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll
[2007/04/05 23:54:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/04/05 23:54:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2007/04/05 23:54:05 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2007/04/05 23:46:17 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/04/05 23:46:17 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/06 11:49:42 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007/02/14 09:52:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/11 16:00:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/08/11 16:00:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/01/31 07:37:58 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1996/02/24 07:34:48 | 000,014,629 | ---- | C] () -- C:\Windows\System32\Declw.dll
[1996/02/23 05:09:20 | 000,032,256 | ---- | C] () -- C:\Windows\System32\Decln.dll

========== LOP Check ==========

[2010/02/13 15:31:47 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Ableton
[2008/04/02 12:53:53 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\acccore
[2009/09/01 08:21:41 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Acoustica
[2008/09/12 15:27:27 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Antares
[2009/01/11 12:34:23 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Ashampoo
[2009/02/16 14:31:34 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Auslogics
[2009/06/08 15:24:05 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\BitTorrent
[2009/06/20 13:19:52 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\ChessBase
[2009/05/10 10:49:58 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\DAEMON Tools
[2009/05/10 10:50:46 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\DAEMON Tools Lite
[2009/05/10 10:49:58 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\DAEMON Tools Pro
[2009/09/12 17:12:31 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\GrabPro
[2008/07/30 12:24:06 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\ImgBurn
[2007/06/15 16:05:09 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\ISTool
[2009/02/17 19:01:49 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\iZotope
[2008/04/20 15:11:29 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\LimeWire
[2007/06/12 23:19:39 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\LimeWireTurbo
[2010/06/07 13:19:32 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Line 6
[2009/10/10 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Locktime
[2009/04/06 23:10:42 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Opera
[2010/08/08 14:13:59 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Orbit
[2008/09/12 15:44:27 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\PACE Anti-Piracy
[2009/04/09 18:42:05 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\PacificPoker
[2009/04/07 16:14:52 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Paltalk
[2010/08/07 16:32:12 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\QuickScan
[2009/04/23 11:47:46 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Red Chair Software
[2008/09/14 22:34:34 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\SIR
[2007/09/30 14:18:31 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Slide
[2009/04/18 12:18:15 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\SlimBrowser
[2009/02/17 14:40:54 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Steinberg
[2007/08/30 13:15:58 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\STOIK
[2007/06/11 13:17:59 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Template
[2010/08/07 09:31:42 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\uTorrent
[2010/07/19 23:24:17 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Vso
[2009/12/05 15:00:15 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Waves
[2009/12/05 15:08:59 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Waves Preferences
[2007/06/09 00:28:06 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\WinBatch
[2009/03/18 13:58:26 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Xilisoft Corporation
[2010/08/08 20:38:07 | 000,000,290 | ---- | M] () -- C:\Windows\Tasks\Hitman Pro 3.5 Boot Task.job
[2010/08/09 18:23:10 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========


<
>

< %SYSTEMDRIVE%\*.exe >
[2010/07/21 14:24:40 | 002,396,859 | ---- | M] () -- C:\MGtools.exe


< MD5 for: AGP440.SYS >
[2008/01/19 17:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006/11/02 19:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 19:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/19 17:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 19:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/14 07:19:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2008/02/14 07:19:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/14 07:19:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/14 07:19:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 19:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 19:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 17:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 19:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 19:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 19:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006/11/02 19:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 17:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 19:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 19:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 17:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 17:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 19:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006/11/02 19:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2006/11/02 19:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2007/07/12 09:04:34 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\System32\config\*.sav >
[2006/11/02 20:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 20:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 20:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 20:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 20:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< CREATERESTOREPO >

========== Alternate Data Streams ==========

@Alternate Data Stream - 1304 bytes -> C:\ProgramData\Microsoft:VqmCDdPndtnqNWERYNkf6sv
@Alternate Data Stream - 1250 bytes -> C:\ProgramData\Microsoft:9qLlRs5fR8aj6IdfmHfAs
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 1169 bytes -> C:\Users\Dale\AppData\Local\nKxmHARVYLAOZK:YzD1uTPShC1MJZl0VoA80YcN
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:44DAF2F1
< End of report >

0

Extras

OTL Extras logfile created on: 9/08/2010 6:42:48 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Dale\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143.10 Gb Total Space | 9.50 Gb Free Space | 6.64% Space Free | Partition Type: NTFS
Drive D: | 5.94 Gb Total Space | 0.87 Gb Free Space | 14.66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 484.73 Mb Total Space | 332.75 Mb Free Space | 68.65% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MATT-PC
Current User Name: Dale
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC NEW\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC NEW\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{172061C7-BCBE-478A-9242-D3573C0B4367}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{17C8E3A4-267A-4FAA-AB0B-72B0B2BB93BE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{237FDA0D-C320-49FF-93A5-4F17B51ED4CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3396A314-6971-45BD-A031-832BB9FE5996}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3401B0F5-56BA-4458-B448-C7E3BB1FA05F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{35BF7757-CB2F-40DC-A276-1127FB0ABE01}" = lport=139 | protocol=6 | dir=in | app=system |
"{36897E51-7C04-49AB-BBF3-437C647772F4}" = lport=445 | protocol=6 | dir=in | app=system |
"{41C859BD-612F-47BC-ADFF-E45990B57B61}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{45D00F59-2A25-4477-A514-93E81E413302}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48017904-D8AE-4AE2-A791-B59425A3A9FD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4EDA50F1-5E0D-4231-AB18-8525702523CC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{543A3E90-E884-40B8-B79B-9073FD0D19E7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5F5896F0-4DA0-42AF-BFC7-D57347840500}" = lport=137 | protocol=17 | dir=in | app=system |
"{6B957DA2-DF44-4558-ADB7-D1EDB4EEB5B9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72EE078E-7EFF-4313-98E6-AFCB6041433C}" = rport=138 | protocol=17 | dir=out | app=system |
"{84345493-D110-4B5C-AA0B-79EAFEC95ABE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{844B4EB6-C13C-4B18-A0F7-CCE8A7AB5095}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A5BD522E-B71A-4CA1-B36E-40D4BE3E3460}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BE5C6680-7B12-47DC-B860-1AB134361E86}" = rport=139 | protocol=6 | dir=out | app=system |
"{CE2AB1BF-9182-4106-9319-BBFA6A463BE4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE49E8F2-D690-48CD-B023-C994734A4158}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E0383317-5746-4563-B7C2-68E9F0294BBD}" = rport=137 | protocol=17 | dir=out | app=system |
"{E3D87077-7EA7-49F5-B7AB-161401F9EFD7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E70557C6-AAC0-41F7-BD32-FBD7192CCC3A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EE1BA702-3A8B-4729-8D48-BC2638379E3B}" = lport=138 | protocol=17 | dir=in | app=system |
"{F48AADDC-CA1C-4C4C-80F5-3034DCEA7B00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F80E7F72-9B7F-4CBF-A136-2B69F254542F}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000E90C7-0CA3-4F1D-941E-15D99616A086}" = protocol=6 | dir=in | app=c:\matts\mgc\u-torrent\utorrent.exe |
"{0298E2B3-7A07-41B4-AAEE-E96089B4E3A9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{03C017B9-D5EB-4F7A-B2DB-3BDE1BA87978}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{03D6B7D2-6AFA-4B3A-B328-1B6E632C6464}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqkygrp.exe |
"{066D0493-9A84-428C-A67D-581CF9B9924E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0A90E3AB-3BEC-4C0C-81E8-6602ED8F293D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0DC2886D-0470-4755-9D5D-2D4685925DF4}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hposid01.exe |
"{10AC4164-44C6-4F76-9647-885B8A7E9579}" = protocol=17 | dir=in | app=c:\program files\peerguardian2\pg2.exe |
"{18F9F5CD-B7EC-44FE-9858-4D6341C3E39C}" = protocol=6 | dir=in | app=l:\matts\vmware\vmware-authd.exe |
"{1AA4AFBF-5ECB-4DF7-BF88-38EBAFEAADEC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1FDF0329-8C07-4BDE-8CEF-18446C7C9B3C}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{2089B674-09F6-438C-B6FF-EF32A895D9D6}" = dir=in | app=c:\program files\hp connections\6811507\program\hp connections |
"{2779ECC6-E3A7-43D4-8125-C8C9A7E30E19}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2934CA57-2328-4B86-80BA-9C52A8D86E0E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{29A06A99-D70B-49DD-B545-85C635EC0B79}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2F9FC440-4538-4E06-8BDD-95AFF599D751}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqste08.exe |
"{31E54E8C-5F02-4E7E-96ED-F6FDE99B70BF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3380CE97-5F16-4813-A0A3-74603DE9094A}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqgplgtupl.exe |
"{34F5D73E-704C-47CD-BCB5-92E82F3AB25B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{3B0328A0-1635-4DEB-BAE7-7979ADA5FBBA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4750C9B3-6620-495C-A98B-EC648651F27C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{480AC1F3-3013-407D-A26F-C212E3D54066}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{48F27055-5585-4CF9-9E45-1A1F313733C0}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{4954570A-49F8-47EB-87EE-44985157347A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{506E0AC7-1D93-4602-A79B-A125941861CD}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{543DDA15-44C5-4947-BE91-913C32E4EDEB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5920035E-156A-4A45-98AE-99306FA2CC4B}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{5A6BAFF3-BC10-41E4-9D92-9EC64CEE4CC2}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe |
"{5AA3F17B-2424-4D7B-86DA-092DCE9BA3EA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5AC14D89-C992-482A-83FC-59C88BEF6A8C}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{5AFFC5F0-510B-41B6-A2DF-6D50DD62100E}" = protocol=17 | dir=in | app=c:\program files\tversity\media server\mediaserver.exe |
"{5EC7C443-375B-4013-B37E-E6A6E7F1B764}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{679F5DCB-7D8F-44AD-A2DD-3BA2A11111C8}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6E4F400D-7516-4859-AF96-20524CBE67E3}" = protocol=6 | dir=in | app=c:\program files\peerguardian2\pg2.exe |
"{6FD92A3A-274A-4B20-AFFE-54D736F0B003}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{71260ED0-EBE1-4303-B563-C021B93CD635}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqpsapp.exe |
"{7BBF4F05-1804-43A6-A00E-B0F438E2AD4A}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{7CF10DAD-F306-4FEE-831F-02596439FAAA}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |
"{7FC79148-B8D8-4441-A13F-AAEDDEFAF2F7}" = protocol=6 | dir=in | app=c:\program files\tversity\media server\mediaserver.exe |
"{849C4647-E2CF-416B-B23B-2C963D890BAC}" = protocol=6 | dir=out | app=system |
"{8AFD5C60-656E-4215-935C-393503332510}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8D044527-1F37-4D8C-8F0A-7C6BBEDC6A99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8DEAC883-1796-4CD2-80DF-D8582DD567F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E1DDB80-3D03-4838-BC9A-C5E7C7F48AA6}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{903C3650-B3F0-4542-9686-EE7C3BF432CF}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{95CB7030-EC3B-468B-A00E-B5A693BB7FA3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9762EF39-CA28-4947-9D5C-7A092E7B9618}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9771E8DE-62C2-4422-A06C-7B340FF96EE0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{97D50C12-EE2B-43FE-9450-11B43F69D2D3}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{9A74C852-37E2-45E2-95DA-EB28555A18BF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9AB20CFF-1CA5-4465-AD51-41B05EC96BA0}" = protocol=6 | dir=in | app=c:\users\dale\appdata\local\temp\7zsd142.tmp\symnrt.exe |
"{9B6C4072-A08D-428A-8739-09EC095784C0}" = protocol=17 | dir=in | app=c:\matts\mgc\u-torrent\utorrent.exe |
"{AA7EEE7D-2B81-4643-B5F9-A015194AD5EC}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{AFA7801B-5355-40C4-A66F-F08279231863}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{AFADFD39-985D-4679-85EA-784FF2C249C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B396C45C-A9AD-4C82-A368-737F53461142}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B5F38AF3-6C18-448B-85E5-6A2DEAB01C82}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{B662351A-753E-4C50-AE43-456E5D71953C}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{BA11778E-3024-4918-955C-3B7C7379EA91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BD8783AD-D297-4808-9EA8-DAB2FDA93B6A}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{BFD45F93-2015-4A7F-B4F6-E68327C30347}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C061A81E-CA2C-40C7-BA5B-8F9EE72FA4E3}" = protocol=17 | dir=in | app=l:\matts\vmware\vmware-authd.exe |
"{C23B90E0-6320-4EE8-9F20-BD43B615F73C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C40FC6FC-AD96-4B98-864C-C9F5445DFEF5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D7821ABC-0378-4250-AE3D-6416CE31FD0D}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{DA7D791D-0EAF-4E20-8201-D28B3B2821A2}" = protocol=17 | dir=in | app=c:\users\dale\appdata\local\temp\7zsd142.tmp\symnrt.exe |
"{DBAB5BCF-2EF9-4A65-8BDB-4B3B9B4B4362}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqsudi.exe |
"{E309EF60-24B2-427F-8A7F-7233898147D5}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpoews01.exe |
"{E3427255-74CF-4275-A966-BF07441AA891}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpfccopy.exe |
"{E72E319E-4077-437A-ADDA-0BDBE652AE3B}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{E76D0907-2903-4078-9E37-7D79925FFA91}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{E7CF3888-47D6-4D5A-998F-FF16763DC625}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpiscnapp.exe |
"{EF2F7124-957E-4E86-906F-B56A5A50B778}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |
"{F0754686-37B5-4E0C-B031-5C658083885B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F81F2459-050E-4345-A4EB-10993F3E03CE}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqgpc01.exe |
"{FDACD31B-5665-4923-99F1-943B8E1905D0}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqpse.exe |
"{FE3C1AF0-C103-44AD-8488-EDF84D96924F}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{0C256333-940E-4F6E-BFE3-8923914C3871}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{145EF2E0-3CE0-48B3-915A-D7313A5B8DBB}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{2A094A02-220D-40A5-B614-35F41911273B}C:\matts\mgc\u-torrent\utorrent.exe" = protocol=6 | dir=in | app=c:\matts\mgc\u-torrent\utorrent.exe |
"TCP Query User{308F664A-D738-4106-AC5D-683858900CB4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{43C62C42-5E54-4D24-A440-F3FDDB27DD17}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{5FECB2CC-7D9C-4B8E-9A5D-4C2DEF971016}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{B2167612-3007-4428-960F-87AF9B9C869F}C:\matts\mgc\u-torrent\utorrent.exe" = protocol=6 | dir=in | app=c:\matts\mgc\u-torrent\utorrent.exe |
"TCP Query User{E06452B2-6C7A-4296-8BB6-624D598374C4}C:\users\dale\downloads\1st ones to get with new connection\keygen.convertxtodvd.3.0.0.7.exe" = protocol=6 | dir=in | app=c:\users\dale\downloads\1st ones to get with new connection\keygen.convertxtodvd.3.0.0.7.exe |
"TCP Query User{E8A7B471-DD1F-46F9-A5E4-B57E7CB08359}C:\program files\paltalk messenger\paltalk.exe" = protocol=6 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"TCP Query User{FC749675-17AD-4534-A2C5-851C14C8CAE3}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{15CC7073-F872-4860-8DAC-59B699C2F07E}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{33865FDD-B50E-4D73-8D7D-BB4BAC2F5519}C:\program files\paltalk messenger\paltalk.exe" = protocol=17 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"UDP Query User{6D766B80-2DD9-48D0-BED0-E78AA41E3FC3}C:\matts\mgc\u-torrent\utorrent.exe" = protocol=17 | dir=in | app=c:\matts\mgc\u-torrent\utorrent.exe |
"UDP Query User{870C9869-9389-4B4A-BC60-E7A034A43C7A}C:\matts\mgc\u-torrent\utorrent.exe" = protocol=17 | dir=in | app=c:\matts\mgc\u-torrent\utorrent.exe |
"UDP Query User{87CE4630-AF83-4CB6-8830-5E01CB02B202}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{9501C54D-4A58-497E-B7CD-E80FA7AF917E}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{BEFFFBBD-D4CA-41CD-A9C0-DA457132E0F2}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{CB0E0714-CCA5-4A18-B6D1-5F0A95F385AA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{EBA725C6-768A-4E95-90ED-916DFDDE5013}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{FA73F03D-8A10-4913-91BA-4805DC423C72}C:\users\dale\downloads\1st ones to get with new connection\keygen.convertxtodvd.3.0.0.7.exe" = protocol=17 | dir=in | app=c:\users\dale\downloads\1st ones to get with new connection\keygen.convertxtodvd.3.0.0.7.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0322F845-FC35-4735-98FC-A89A39A9A2CD}" = Deep Fritz 11
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{063E409E-3D7C-4A4A-95AB-2F124B9224B3}" = ArcSoft PhotoImpression 6
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0812B697-3B0A-4392-B975-E415FC16C71E}" = HP Photosmart C5300 All-In-One Driver Software 12.0 Rel .4
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0EE4030A-8FD4-4798-A21D-17E525B1F7CF}" = Corel Snapfire
"{1090D33C-8885-4E7D-893C-5A83092F6E8A}" = Microsoft Software Inventory Analyzer
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 13
"{28D634BC-0320-40BD-B0E0-C7E3DD9392CA}" = Melodyne plugin
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2E7B6B00-5ECD-49A1-8FD4-4B647C5D8027}" = Adobe Captivate 3
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3AA1CB3C-F146-4340-AF8C-E97845A22629}" = C5300
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = DVD Play
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{54C7CFA4-9DDD-40c7-A58F-AF0E7916848C}" = HPPhotoGadget
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FCCD531-1B38-4A94-924C-127F722F1033}" = Nero 8
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.4.106e
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77CA976C-403C-47E2-940B-733ECAB6F62B}" = muvee autoProducer 5.0
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C4CC25-EEFA-4E9F-A428-E1764266442E}" = PS_AIO_04_C5300_Software_Min
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8C49987B-689E-469D-86AE-8E325A038701}" = Melodyne plugin
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9D623E1A-30E1-4E55-BD80-5C1359DB120B}" = Melodyne 3.1
"{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}" = Melodyne 3.1
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A746CE98-A755-4AD7-B4B8-346DC74CDECD}" = OVT Scanner
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8DF8593-F619-47DE-AD27-BCABF233433A}" = STOIK Video Converter 2
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AEB8F226-C238-4636-A289-E540B725B5BB}_is1" = AnyReader
"{AF5A39FE-51FB-4BA3-B399-2D1F0C65D617}_is1" = AusLogics System Information
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CBC85F2E-1981-4C55-9418-908D08D2C6E8}" = OLYMPUS Master 2
"{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DDDE47E5-C711-4D17-9FA6-E3D7C340192A}" = OLYMPUS muvee theaterPack
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}" = Roxio MyDVD Basic v9
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{F9F63821-64B4-4BA9-A811-970C8F6DF016}" = Deep Fritz 11
"7-Zip" = 7-Zip 4.44 beta
"Acoustica Beatcraft" = Acoustica Beatcraft
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"Acoustica Effects Pack" = Acoustica Effects Pack
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_6" = AIM 6
"AnalogX DXMan" = AnalogX DXMan
"Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08
"Antares Filter VST DX v1.01" = Antares Filter VST DX v1.01
"Any Video Converter_is1" = Any Video Converter 2.0.8
"AnyDVD" = AnyDVD
"Ashampoo Burning Studio 8_is1" = Ashampoo Burning Studio 8.02
"ASIO4ALL" = ASIO4ALL
"avast5" = avast! Pro Antivirus
"AVG9Uninstall" = AVG Free 9.0
"BitTorrent" = BitTorrent 5.0.9
"Celemony Melodyne Plugin_is1" = Celemony Melodyne Plugin VST RTAS v1.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"DreamSuite Bonus" = Uninstall DreamSuite Bonus
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.2.0.5 (11/11/2009)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EphPod" = EphPod
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"GSpot" = GSpot Codec Information Appliance
"Guitar Chord Buster Pro 4.4.2" = Guitar Chord Buster Pro 4.4.2
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOOVClient-6811507 Uninstaller" = HP Connections (remove only)
"Hyperprism 2.5.0" = Hyperprism 2.5.0
"IK Multimedia Amplitube DX/VST/RTAS v2.0" = IK Multimedia Amplitube DX/VST/RTAS v2.0
"ImgBurn" = ImgBurn
"iZotope iDrum Factory Content_is1" = iZotope iDrum Factory Content
"iZotope iDrum_is1" = iZotope iDrum
"iZotope Ozone 4_is1" = iZotope Ozone 4
"iZotope RX_is1" = iZotope RX
"iZotope Spectron_is1" = iZotope Spectron
"iZotope Trash_is1" = iZotope Trash
"legacyqcam_10.50" = Logitech Legacy USB Camera Driver Package
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Line 6 Uninstaller" = Line 6 Uninstaller
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"Pacific Poker" = Pacific Poker
"PalTalk8.2" = PaltalkScene
"PartyPoker" = PartyPoker
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PeerGuardian_is1" = PeerGuardian 2.0
"PFConfig" = PFConfig 1.0.232
"PKR" = PKR
"PokerStars" = PokerStars
"RealPlayer 6.0" = RealPlayer
"Replay Video Capture3.0" = Replay Video Capture
"Shop for HP Supplies" = Shop for HP Supplies
"Sonalksis Plug-Ins for Windows_is1" = Sonalksis Plug-Ins for Windows 2.00
"Sonnox Oxford Inflator Native VST_is1" = Sonnox Oxford Inflator Native VST v1.5.1
"Sonnox Oxford Limiter Native VST_is1" = Sonnox Oxford Limiter Native VST v1.1.1
"Sonnox Oxford R3 Dynamics Native VST_is1" = Sonnox Oxford R3 Dynamics Native VST v1.3.1
"Sonnox Oxford R3 EQ Native VST_is1" = Sonnox Oxford R3 EQ Native VST v1.6.1
"Sonnox Oxford Reverb Native VST_is1" = Sonnox Oxford Reverb Native VST v1.0
"Sonnox Oxford TransMod Native VST_is1" = Sonnox Oxford TransMod Native VST v1.3.1
"Steinberg Cubase SX v1.0.6.78" = Steinberg Cubase SX v1.0.6.78
"Steinberg Voice Designer v1.03" = Steinberg Voice Designer v1.03
"Steinberg VoiceMachine v1.0" = Steinberg VoiceMachine v1.0
"TC Native Bundle v3.1" = TC Native Bundle v3.1
"Titan Poker" = Titan Poker
"Ultra Video Splitter_is1" = Ultra Video Splitter 5.2.1126
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"Waves Diamond Bundle v5.0" = Waves Diamond Bundle v5.0
"Waves GTR 3" = Waves GTR 3
"Waves Masters" = Waves Masters
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xilisoft DVD Creator" = Xilisoft DVD Creator
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
"Xilisoft Video Editor" = Xilisoft Video Editor
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

0

I can almost guarantee that you got something through your use of P2P programs. just a FYI :).

Please download JavaRa

If you get this message:
Problems with the download? Please use this direct link or try another mirror.

Select the Direct link download unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

Next, open JavaRa.exe again, and select Search For Updates.

Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version. Look for JDK 6 Update 21 (JDK or JRE). On the right select this one Download JRE..

In Vista and Windows 7 run the tool as Administrator.

==

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1
Link 2

Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt
Please post the contents of that document in your next reply.

==

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Files
    
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
    IE - HKCU\..\URLSearchHook: {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - Reg Error: Key error. File not found
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - -{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\Run: [Aim6] File not found
    O4 - HKCU..\Run: [WebCamRT.exe] File not found
    :Commands
    [emptyflash]
    [emptytemp]
    [resethosts]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post log from this run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

============

Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.

C:\Users\Dale\Desktop\llwwnitu.exe

0

JavaRa
JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Aug 09 20:16:58 2010

Found and removed: C:\Program Files\Java\jre1.6.0_01

Found and removed: C:\Program Files\Java\jre1.6.0_02

Found and removed: C:\Users\Dale\AppData\LocalLow\Sun\Java\jre1.6.0_12

Found and removed: C:\Users\Dale\AppData\LocalLow\Sun\Java\jre1.6.0_13

Found and removed: C:\Users\Dale\AppData\LocalLow\Sun\Java\jre1.6.0_15

Found and removed: C:\Users\Dale\AppData\LocalLow\Sun\Java\jre1.6.0_17

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

Found and removed: SOFTWARE\Classes\JavaPlugin.160_13

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_13

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_13

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: Software\Classes\JavaPlugin.160_02

Found and removed: Software\Classes\JavaPlugin.160_13

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_13

Found and removed: Software\JavaSoft\Java2D\1.6.0_01

Found and removed: Software\JavaSoft\Java2D\1.6.0_02

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_13

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\

0

Security Check- Checkup

Results of screen317's Security Check version 0.99.5
Windows Vista (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Pro Antivirus
AVG Free 9.0
Antivirus out of date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 21
Adobe Flash Player 10.0.32.18
Adobe Reader 8.1.4
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Alwil Software Avast5 AvastSvc.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

0

I tried to run the OTL fix. As soon as I clicked fix I got BSODeath. Saying that Windows is being shut down to prevent damage.

Here is the Windows message I received on reboot.

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6000.2.0.0.768.2
Locale ID: 3081

Additional information about the problem:
BCCode: f4
BCP1: 00000006
BCP2: 8665E4A8
BCP3: 8665E89C
BCP4: 826AA700
OS Version: 6_0_6000
Service Pack: 0_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini080910-02.dmp
C:\Users\Dale\AppData\Local\temp\WER-88733-0.sysdata.xml
C:\Users\Dale\AppData\Local\temp\WER7A9B.tmp.version.txt

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409


In your fix text I just noticed that there are dots e.g. age_URL = hp.com/svs/rdr?TY...ion&pf=desktop

Are they meant to be there?

Edited by manipulation: n/a

0

Those dots were exactly as copied from your log. The line has been truncated by the forum software. It should still have worked though.
Can you try to run the fix in safe mode.

Also, you are running two anti-virus programs. Bad idea. Uninstall the one you don't want and update the one you keep.

Update to the latest Adobe also.

Windows security updates need to be installed, including the service pack.

0

I forgot to add in my last reply that after the reboot my desktop is full with Album Art images. There is a file on the desktop named desktop.ini.

Im uninstalling avast now. Then ill try the fix. Ill post the virus check of that file as well

0

Ok. The Fix successfully ran in safe mode. I have rebooted back to normal mode. The Album art problem is gone. That is no problem now.

Here is the OTL Fix log

All processes killed
========== FILES ==========
File\Folder :OTL not found.
Invalid Switch: rdr?TY...ion&pf=desktop
File\Folder IE - HKCU\..\URLSearchHook: {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - Reg Error: Key error. File not found not found.
File\Folder IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found not found.
File\Folder O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. not found.
File\Folder O2 - BHO: (no name) - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - No CLSID value found. not found.
File\Folder O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. not found.
File\Folder O2 - BHO: (no name) - -{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No CLSID value found. not found.
File\Folder O3 - HKLM\..\Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - No CLSID value found. not found.
File\Folder O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No CLSID value found. not found.
File\Folder O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. not found.
File\Folder O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found. not found.
File\Folder O4 - HKLM..\Run: [] File not found not found.
File\Folder O4 - HKCU..\Run: [Aim6] File not found not found.
File\Folder O4 - HKCU..\Run: [WebCamRT.exe] File not found not found.
File\Folder :Commands not found.
File\Folder [emptyflash] not found.
File\Folder [emptytemp] not found.
File\Folder [resethosts] not found.
File\Folder [Reboot] not found.
Invalid Switch: rdr?TY...ion&pf=desktop IE - HKCU\..\URLSearchHook: {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - -{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O3 - HKCU\..\To
File\Folder olbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKCU..\Run: [Aim6] File not found O4 - HKCU..\Run: [WebCamRT.exe] File not found :Commands [emptyflash] [emptytemp] [resethosts] [Reboot] not found.

OTL by OldTimer - Version 3.2.9.1 log created on 08092010_211611

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Edited by manipulation: n/a

0

NEW OTL
OTL logfile created on: 9/08/2010 9:26:07 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Dale\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143.10 Gb Total Space | 9.00 Gb Free Space | 6.29% Space Free | Partition Type: NTFS
Drive D: | 5.94 Gb Total Space | 0.87 Gb Free Space | 14.66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 484.73 Mb Total Space | 332.75 Mb Free Space | 68.65% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MATT-PC
Current User Name: Dale
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/09 17:35:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Dale\Desktop\OTL.exe
PRC - [2010/07/17 09:52:57 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/17 09:52:55 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/17 09:52:55 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/17 09:52:52 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/17 09:52:03 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/17 09:52:00 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/29 06:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/03 15:30:14 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/03/26 22:05:22 | 000,096,816 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
PRC - [2009/03/26 22:04:42 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2009/03/26 22:04:22 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2009/03/26 22:04:16 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2008/10/29 16:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/16 20:11:26 | 000,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/10/16 20:11:26 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2008/10/16 19:23:30 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/10/16 19:15:38 | 000,344,064 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
PRC - [2007/12/13 19:10:56 | 001,688,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/10/25 15:37:32 | 002,178,832 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2007/10/25 15:33:22 | 000,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/10/25 15:32:58 | 000,407,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007/10/19 12:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/07/17 13:05:16 | 000,064,000 | ---- | M] (ArcSoft) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2007/04/06 00:14:59 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/02/15 20:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2007/01/19 00:46:00 | 004,349,952 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/29 07:09:40 | 000,118,880 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
PRC - [2006/11/29 07:09:38 | 000,266,338 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
PRC - [2006/11/29 07:09:06 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerCinema\PCMService.exe
PRC - [2006/11/29 07:08:52 | 001,073,152 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2006/09/28 23:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/08/04 10:00:00 | 000,462,336 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
PRC - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusbd-nt.exe


========== Modules (SafeList) ==========

MOD - [2010/08/09 17:35:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Dale\Desktop\OTL.exe
MOD - [2006/11/02 19:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006/11/02 19:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/07/17 09:52:52 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/29 06:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/29 06:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/29 06:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Disabled | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/05/22 17:16:37 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/26 22:04:42 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/03/26 22:04:22 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/03/26 22:04:16 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2008/12/01 10:49:02 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008/10/16 19:29:40 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/10/16 19:24:24 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/10/19 12:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/10/19 12:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/19 12:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/06/09 09:03:18 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/29 07:09:40 | 000,118,880 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/11/29 07:09:38 | 000,266,338 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/11/29 07:08:52 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\Windows\System32\libusbd-nt.exe -- (libusbd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dale\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | Unknown | Running] -- -- (aswSP)
DRV - File not found [File_System | Unknown | Running] -- -- (aswMonFlt)
DRV - File not found [File_System | Unknown | Running] -- -- (aswFsBlk)
DRV - [2010/07/17 09:52:56 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/17 09:52:03 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/29 06:39:38 | 000,312,912 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/06/29 06:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/29 06:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/03 09:13:44 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/24 07:19:04 | 000,571,008 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L6UX2.sys -- (L6UX2)
DRV - [2009/03/26 22:05:36 | 000,054,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2009/03/26 22:05:36 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009/03/26 22:05:34 | 000,857,520 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2009/03/26 22:05:34 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2009/03/26 22:05:32 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009/03/26 16:31:12 | 000,031,280 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009/03/26 16:31:12 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2008/12/01 10:47:08 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2008/11/13 05:57:24 | 000,103,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2008/07/21 22:11:58 | 000,024,392 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:04:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/19 12:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/11 17:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/10/11 17:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/06/02 13:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2007/04/10 10:08:46 | 000,596,480 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ov550i.sys -- (APL531)
DRV - [2007/01/19 04:56:00 | 001,729,632 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/01/15 14:28:20 | 000,070,144 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/29 07:39:52 | 001,476,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 19:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 19:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 19:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 19:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 19:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 19:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 19:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 19:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 19:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 19:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 19:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 19:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 19:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 19:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 19:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 19:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 19:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 19:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 19:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 19:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 19:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 19:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 19:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 19:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 19:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 19:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 19:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 19:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 19:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 19:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 19:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 19:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 19:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 18:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 18:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 18:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 18:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 18:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 18:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 17:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 17:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2005/12/13 02:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/10/20 15:00:04 | 000,243,328 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RT2500.sys -- (RT2500)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2005/01/31 09:20:04 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005/01/31 09:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2001/07/13 12:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SBKUPNT.SYS -- (SBKUPNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=71&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.selectedEngine: "BearShare Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: firefox@red-cog.com:2.6
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://search.bearshare.com/web?src=ffb&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/21 08:48:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/09/07 14:02:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/03 10:37:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/09 20:28:17 | 000,000,000 | ---D | M]

[2009/02/13 12:13:07 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\mozilla\Extensions
[2010/08/09 20:37:54 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\mozilla\Firefox\Profiles\epssrz6y.default\extensions
[2010/06/27 13:55:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dale\AppData\Roaming\mozilla\Firefox\Profiles\epssrz6y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/07 21:19:47 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Dale\AppData\Roaming\mozilla\Firefox\Profiles\epssrz6y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/01/28 11:33:29 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Dale\AppData\Roaming\mozilla\Firefox\Profiles\epssrz6y.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2009/12/31 12:02:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dale\AppData\Roaming\mozilla\Firefox\Profiles\epssrz6y.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/06/27 12:33:56 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\mozilla\Firefox\Profiles\epssrz6y.default\extensions\firefox@red-cog.com
[2009/12/31 12:02:06 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\mozilla\Firefox\Profiles\epssrz6y.default\extensions\SkipScreen@SkipScreen
[2010/04/12 14:01:54 | 000,002,476 | ---- | M] () -- C:\Users\Dale\AppData\Roaming\Mozilla\FireFox\Profiles\epssrz6y.default\searchplugins\BearShareWebSearch.xml
[2010/08/09 20:28:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/09 20:28:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2007/08/16 10:05:00 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/08/09 20:27:28 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/12 14:01:54 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml

O1 HOSTS File: ([2010/08/07 16:00:19 | 000,000,021 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - -{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [DPService] C:\Program Files\HP\DVDPlay\DPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [WebCamRT.exe] File not found
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.mail.live.com/mail/w1/resources/VistaMSNPUplden-au.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/06 00:16:29 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/08/09 21:16:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/09 21:13:40 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\Adobe
[2010/08/09 20:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/08/09 20:17:56 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\Javara log
[2010/08/09 20:15:03 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\JavaRa
[2010/08/09 17:35:40 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Dale\Desktop\OTL.exe
[2010/08/09 13:34:05 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\DaniWeb
[2010/08/09 12:01:15 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\RootkitBuster_2.80.1077
[2010/08/09 11:44:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/09 11:44:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/09 11:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/09 11:43:43 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Dale\Desktop\mbam-setup-1.46.exe
[2010/08/09 11:28:37 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Dale\Desktop\spybotsd162.exe
[2010/08/09 01:13:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2010/08/09 00:26:25 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\temp
[2010/08/09 00:06:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/08/09 00:06:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/08/09 00:06:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/08/09 00:06:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/08/09 00:06:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/09 00:06:45 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/08/09 00:03:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/08 11:46:00 | 000,134,464 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\LnkProtect.dll
[2010/08/08 11:43:27 | 000,875,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Dale\jxpiinstall-rv.exe
[2010/08/08 11:31:57 | 000,312,912 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2010/08/08 11:31:57 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/08/08 11:31:57 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/08/08 11:31:48 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/08/08 11:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/08/08 11:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/08 11:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/08/07 20:57:47 | 001,196,368 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dale\Desktop\TDSSKiller.exe
[2010/08/07 20:57:47 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\tdsskiller
[2010/08/07 13:11:36 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\QuickScan
[2010/08/07 12:59:28 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Dale\Desktop\TFC.exe
[2010/08/07 12:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/08/07 11:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/08/07 11:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/08/07 11:40:30 | 006,289,216 | ---- | C] (SurfRight B.V.) -- C:\Users\Dale\Desktop\HitmanPro35.exe
[2010/08/06 13:13:09 | 073,473,320 | ---- | C] ( ) -- C:\Users\Dale\Desktop\setup_9.0.0.722_05.08.2010_15-32.exe
[2010/08/03 13:38:52 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\federer
[2010/07/27 23:20:56 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\GRAND FINAL
[2010/07/19 12:53:44 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\Threed32.ocx
[2010/07/19 12:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\Chord Buster
[2010/07/17 09:52:55 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/07/01 18:23:56 | 000,000,000 | ---D | C] -- C:\ProgramData\38E4
[2010/07/01 18:22:05 | 000,000,000 | ---D | C] -- C:\Users\Dale\Documents\BearShare
[2010/07/01 18:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\BearShare Applications
[2010/07/01 18:19:43 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\PackageAware
[2010/06/28 13:38:10 | 000,000,000 | ---D | C] -- C:\Users\Dale\Documents\fedichini
[2010/06/28 13:19:46 | 000,000,000 | ---D | C] -- C:\Users\Dale\Documents\fed
[2010/06/27 11:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/06/27 10:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/06/26 08:50:07 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\Malwarebytes
[2010/06/26 08:49:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/07 14:22:22 | 000,000,000 | ---D | C] -- C:\Users\Dale\cadogan
[2010/06/01 10:54:28 | 000,000,000 | ---D | C] -- C:\Users\Dale\GTR presets
[2010/05/26 13:05:43 | 000,000,000 | ---D | C] -- C:\Users\Dale\2010-05 (May)
[2010/05/20 16:33:46 | 000,000,000 | ---D | C] -- C:\Users\Dale\KC
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Dale\Desktop\*.tmp files -> C:\Users\Dale\Desktop\*.tmp -> ]

0

NEW OTL
OTL logfile created on: 9/08/2010 9:26:07 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Dale\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143.10 Gb Total Space | 9.00 Gb Free Space | 6.29% Space Free | Partition Type: NTFS
Drive D: | 5.94 Gb Total Space | 0.87 Gb Free Space | 14.66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 484.73 Mb Total Space | 332.75 Mb Free Space | 68.65% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MATT-PC
Current User Name: Dale
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/09 17:35:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Dale\Desktop\OTL.exe
PRC - [2010/07/17 09:52:57 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/17 09:52:55 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/17 09:52:55 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/17 09:52:52 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/17 09:52:03 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/17 09:52:00 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/29 06:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/03 15:30:14 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/03/26 22:05:22 | 000,096,816 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
PRC - [2009/03/26 22:04:42 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2009/03/26 22:04:22 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2009/03/26 22:04:16 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2008/10/29 16:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/16 20:11:26 | 000,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/10/16 20:11:26 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2008/10/16 19:23:30 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/10/16 19:15:38 | 000,344,064 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
PRC - [2007/12/13 19:10:56 | 001,688,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/10/25 15:37:32 | 002,178,832 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2007/10/25 15:33:22 | 000,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/10/25 15:32:58 | 000,407,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007/10/19 12:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/07/17 13:05:16 | 000,064,000 | ---- | M] (ArcSoft) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2007/04/06 00:14:59 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/02/15 20:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2007/01/19 00:46:00 | 004,349,952 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/29 07:09:40 | 000,118,880 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
PRC - [2006/11/29 07:09:38 | 000,266,338 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
PRC - [2006/11/29 07:09:06 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerCinema\PCMService.exe
PRC - [2006/11/29 07:08:52 | 001,073,152 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2006/09/28 23:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/08/04 10:00:00 | 000,462,336 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
PRC - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusbd-nt.exe


========== Modules (SafeList) ==========

MOD - [2010/08/09 17:35:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Dale\Desktop\OTL.exe
MOD - [2006/11/02 19:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006/11/02 19:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/07/17 09:52:52 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/29 06:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/29 06:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/29 06:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Disabled | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/05/22 17:16:37 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/26 22:04:42 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/03/26 22:04:22 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/03/26 22:04:16 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2008/12/01 10:49:02 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008/10/16 19:29:40 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/10/16 19:24:24 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/10/19 12:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/10/19 12:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/19 12:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/06/09 09:03:18 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/29 07:09:40 | 000,118,880 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/11/29 07:09:38 | 000,266,338 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/11/29 07:08:52 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\Windows\System32\libusbd-nt.exe -- (libusbd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dale\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | Unknown | Running] -- -- (aswSP)
DRV - File not found [File_System | Unknown | Running] -- -- (aswMonFlt)
DRV - File not found [File_System | Unknown | Running] -- -- (aswFsBlk)
DRV - [2010/07/17 09:52:56 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/17 09:52:03 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/29 06:39:38 | 000,312,912 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/06/29 06:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/29 06:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/03 09:13:44 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/24 07:19:04 | 000,571,008 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L6UX2.sys -- (L6UX2)
DRV - [2009/03/26 22:05:36 | 000,054,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2009/03/26 22:05:36 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009/03/26 22:05:34 | 000,857,520 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2009/03/26 22:05:34 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2009/03/26 22:05:32 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009/03/26 16:31:12 | 000,031,280 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009/03/26 16:31:12 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2008/12/01 10:47:08 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2008/11/13 05:57:24 | 000,103,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2008/07/21 22:11:58 | 000,024,392 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:04:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/19 12:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/11 17:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/10/11 17:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/06/02 13:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2007/04/10 10:08:46 | 000,596,480 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ov550i.sys -- (APL531)
DRV - [2007/01/19 04:56:00 | 001,729,632 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/01/15 14:28:20 | 000,070,144 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/29 07:39:52 | 001,476,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 19:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 19:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 19:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 19:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 19:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 19:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 19:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 19:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 19:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 19:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 19:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 19:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 19:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 19:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 19:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 19:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 19:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 19:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 19:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 19:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 19:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 19:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 19:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 19:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 19:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 19:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 19:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 19:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 19:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 19:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 19:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 19:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 19:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 18:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 18:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 18:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 18:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 18:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 18:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 17:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 17:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2005/12/13 02:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/10/20 15:00:04 | 000,243,328 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RT2500.sys -- (RT2500)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2005/01/31 09:20:04 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005/01/31 09:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2001/07/13 12:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SBKUPNT.SYS -- (SBKUPNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=71&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.selectedEngine: "BearShare Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: firefox@red-cog.com:2.6
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://search.bearshare.com/web?src=ffb&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/21 08:48:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/09/07 14:02:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/03 10:37:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/09 20:28:17 | 000,000,000 | ---D | M]

[2009/02/13 12:13:07 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\mozilla\Extensions
[2010/08/09 20:37:54 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\mozilla\Firefox\Profiles\epssrz6y.default\extensions
[2010/06/27 13:55:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dale\AppData\Roaming\mozilla\Firefox\Profiles\epssrz6y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/07 21:19:47 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Dale\AppData\Roaming\mozilla\Firefox\Profiles\epssrz6y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/01/28 11:33:29 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Dale\AppData\Roaming\mozilla\Firefox\Profiles\epssrz6y.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2009/12/31 12:02:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dale\AppData\Roaming\mozilla\Firefox\Profiles\epssrz6y.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/06/27 12:33:56 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\mozilla\Firefox\Profiles\epssrz6y.default\extensions\firefox@red-cog.com
[2009/12/31 12:02:06 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\mozilla\Firefox\Profiles\epssrz6y.default\extensions\SkipScreen@SkipScreen
[2010/04/12 14:01:54 | 000,002,476 | ---- | M] () -- C:\Users\Dale\AppData\Roaming\Mozilla\FireFox\Profiles\epssrz6y.default\searchplugins\BearShareWebSearch.xml
[2010/08/09 20:28:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/09 20:28:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2007/08/16 10:05:00 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/08/09 20:27:28 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/12 14:01:54 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml

O1 HOSTS File: ([2010/08/07 16:00:19 | 000,000,021 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - -{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [DPService] C:\Program Files\HP\DVDPlay\DPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [WebCamRT.exe] File not found
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.mail.live.com/mail/w1/resources/VistaMSNPUplden-au.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/06 00:16:29 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/08/09 21:16:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/09 21:13:40 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\Adobe
[2010/08/09 20:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/08/09 20:17:56 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\Javara log
[2010/08/09 20:15:03 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\JavaRa
[2010/08/09 17:35:40 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Dale\Desktop\OTL.exe
[2010/08/09 13:34:05 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\DaniWeb
[2010/08/09 12:01:15 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\RootkitBuster_2.80.1077
[2010/08/09 11:44:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/09 11:44:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/09 11:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/09 11:43:43 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Dale\Desktop\mbam-setup-1.46.exe
[2010/08/09 11:28:37 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Dale\Desktop\spybotsd162.exe
[2010/08/09 01:13:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2010/08/09 00:26:25 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\temp
[2010/08/09 00:06:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/08/09 00:06:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/08/09 00:06:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/08/09 00:06:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/08/09 00:06:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/09 00:06:45 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/08/09 00:03:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/08 11:46:00 | 000,134,464 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\LnkProtect.dll
[2010/08/08 11:43:27 | 000,875,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Dale\jxpiinstall-rv.exe
[2010/08/08 11:31:57 | 000,312,912 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2010/08/08 11:31:57 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/08/08 11:31:57 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/08/08 11:31:48 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/08/08 11:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/08/08 11:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/08 11:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/08/07 20:57:47 | 001,196,368 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dale\Desktop\TDSSKiller.exe
[2010/08/07 20:57:47 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\tdsskiller
[2010/08/07 13:11:36 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\QuickScan
[2010/08/07 12:59:28 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Dale\Desktop\TFC.exe
[2010/08/07 12:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/08/07 11:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/08/07 11:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/08/07 11:40:30 | 006,289,216 | ---- | C] (SurfRight B.V.) -- C:\Users\Dale\Desktop\HitmanPro35.exe
[2010/08/06 13:13:09 | 073,473,320 | ---- | C] ( ) -- C:\Users\Dale\Desktop\setup_9.0.0.722_05.08.2010_15-32.exe
[2010/08/03 13:38:52 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\federer
[2010/07/27 23:20:56 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\GRAND FINAL
[2010/07/19 12:53:44 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\Threed32.ocx
[2010/07/19 12:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\Chord Buster
[2010/07/17 09:52:55 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/07/01 18:23:56 | 000,000,000 | ---D | C] -- C:\ProgramData\38E4
[2010/07/01 18:22:05 | 000,000,000 | ---D | C] -- C:\Users\Dale\Documents\BearShare
[2010/07/01 18:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\BearShare Applications
[2010/07/01 18:19:43 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\PackageAware
[2010/06/28 13:38:10 | 000,000,000 | ---D | C] -- C:\Users\Dale\Documents\fedichini
[2010/06/28 13:19:46 | 000,000,000 | ---D | C] -- C:\Users\Dale\Documents\fed
[2010/06/27 11:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/06/27 10:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/06/26 08:50:07 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\Malwarebytes
[2010/06/26 08:49:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/07 14:22:22 | 000,000,000 | ---D | C] -- C:\Users\Dale\cadogan
[2010/06/01 10:54:28 | 000,000,000 | ---D | C] -- C:\Users\Dale\GTR presets
[2010/05/26 13:05:43 | 000,000,000 | ---D | C] -- C:\Users\Dale\2010-05 (May)
[2010/05/20 16:33:46 | 000,000,000 | ---D | C] -- C:\Users\Dale\KC
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Dale\Desktop\*.tmp files -> C:\Users\Dale\Desktop\*.tmp -> ]

0

========== Files - Modified Within 90 Days ==========

[2010/08/09 21:26:09 | 009,175,040 | -HS- | M] () -- C:\Users\Dale\ntuser.dat
[2010/08/09 21:23:49 | 000,721,096 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/09 21:23:49 | 000,625,590 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/09 21:23:49 | 000,109,332 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/09 21:17:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/09 21:17:15 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/09 21:17:15 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/09 21:17:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/09 21:17:05 | 2138,431,488 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/09 21:03:12 | 002,948,261 | -H-- | M] () -- C:\Users\Dale\AppData\Local\IconCache.db
[2010/08/09 21:00:12 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/08/09 20:34:53 | 250,736,361 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/09 20:26:53 | 000,869,051 | ---- | M] () -- C:\Users\Dale\Desktop\SecurityCheck.exe
[2010/08/09 20:14:43 | 000,156,129 | ---- | M] () -- C:\Users\Dale\Desktop\JavaRa.zip
[2010/08/09 19:47:58 | 000,000,000 | ---- | M] () -- C:\Users\Dale\AppData\Local\prvlcl.dat
[2010/08/09 17:35:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Dale\Desktop\OTL.exe
[2010/08/09 15:11:13 | 000,001,006 | ---- | M] () -- C:\Users\Dale\Desktop\mbam-log-2010-08-09 (15-11-02)NEWEST
[2010/08/09 14:55:31 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/09 13:34:48 | 000,293,376 | ---- | M] () -- C:\Users\Dale\Desktop\llwwnitu.exe
[2010/08/09 12:00:52 | 001,074,232 | ---- | M] () -- C:\Users\Dale\Desktop\RootkitBuster_2.80.1077.zip
[2010/08/09 11:17:23 | 063,098,205 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/09 01:14:32 | 000,005,892 | ---- | M] () -- C:\Users\Dale\AppData\Local\d3d9caps.dat
[2010/08/08 21:05:08 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\Logitech QuickCam.lnk
[2010/08/08 20:38:07 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\Hitman Pro 3.5 Boot Task.job
[2010/08/08 13:00:59 | 003,816,812 | R--- | M] () -- C:\Users\Dale\Desktop\ComboFix.exe
[2010/08/08 12:55:15 | 000,199,168 | ---- | M] () -- C:\Users\Dale\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/08 12:48:59 | 000,000,945 | ---- | M] () -- C:\Users\Dale\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/08 12:27:52 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/08/08 11:46:25 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/08/08 11:46:00 | 000,134,464 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\LnkProtect.dll
[2010/08/08 09:13:02 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Dale\Desktop\spybotsd162.exe
[2010/08/08 09:05:12 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Dale\Desktop\mbam-setup-1.46.exe
[2010/08/07 20:52:34 | 001,130,629 | ---- | M] () -- C:\Users\Dale\Desktop\tdsskiller.zip
[2010/08/07 20:38:08 | 000,511,268 | ---- | M] () -- C:\Users\Dale\Documents\cc_20100807_2037.reg
[2010/08/07 18:44:56 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/08/07 16:00:19 | 000,000,021 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/07 13:34:03 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/08/07 12:59:54 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Dale\Desktop\TFC.exe
[2010/08/07 12:34:24 | 000,000,496 | ---- | M] () -- C:\Windows\System32\.crusader
[2010/08/07 12:31:25 | 000,000,064 | ---- | M] () -- C:\Windows\wininit.ini
[2010/08/07 11:44:43 | 006,289,216 | ---- | M] (SurfRight B.V.) -- C:\Users\Dale\Desktop\HitmanPro35.exe
[2010/08/06 13:38:36 | 073,473,320 | ---- | M] ( ) -- C:\Users\Dale\Desktop\setup_9.0.0.722_05.08.2010_15-32.exe
[2010/08/04 15:07:42 | 001,196,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dale\Desktop\TDSSKiller.exe
[2010/08/03 14:59:30 | 000,004,182 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/08/01 21:35:18 | 000,379,927 | ---- | M] () -- C:\Users\Dale\pedobear_stephanie_sex.gif
[2010/07/30 10:08:10 | 003,408,874 | ---- | M] () -- C:\Users\Dale\Desktop\bobby flynn- animal.mp3
[2010/07/28 14:45:29 | 000,031,662 | ---- | M] () -- C:\Users\Dale\AppData\Roaming\wklnhst.dat
[2010/07/28 14:43:10 | 000,026,234 | ---- | M] () -- C:\Users\Dale\Desktop\CHEETHAM, Matthew.rtf
[2010/07/28 14:42:51 | 000,034,304 | ---- | M] () -- C:\Users\Dale\Desktop\CHEETHAM, Matthew.doc
[2010/07/28 14:35:03 | 000,020,992 | ---- | M] () -- C:\Users\Dale\Documents\Matthew Cheetham Resume 2010-1.wps
[2010/07/26 19:39:43 | 004,213,005 | ---- | M] () -- C:\Users\Dale\Desktop\Ryan Adams - Cry On Demand.mp3
[2010/07/24 23:18:25 | 000,144,777 | ---- | M] () -- C:\Users\Dale\render.nike.com.jpg
[2010/07/24 00:14:52 | 000,035,328 | ---- | M] () -- C:\Users\Dale\Info From AmazonXD on LUCID DREAMING.doc
[2010/07/21 14:24:40 | 002,396,859 | ---- | M] () -- C:\MGtools.exe
[2010/07/20 23:51:57 | 002,016,320 | ---- | M] () -- C:\Users\Dale\take tehe stairs.gif
[2010/07/20 23:50:24 | 001,946,591 | ---- | M] () -- C:\Users\Dale\pie time.gif
[2010/07/20 23:50:09 | 001,530,421 | ---- | M] () -- C:\Users\Dale\secretary owned.gif
[2010/07/20 23:49:45 | 001,487,163 | ---- | M] () -- C:\Users\Dale\hot dancing.gif
[2010/07/20 23:48:45 | 000,861,242 | ---- | M] () -- C:\Users\Dale\wow they are junping.gif
[2010/07/20 23:46:34 | 001,904,992 | ---- | M] () -- C:\Users\Dale\stage fail gif.gif
[2010/07/20 23:46:05 | 001,060,328 | ---- | M] () -- C:\Users\Dale\sit ups have never looked so good.gif
[2010/07/19 23:24:16 | 000,000,671 | ---- | M] () -- C:\Users\Dale\AppData\Roaming\vso_ts_preview.xml
[2010/07/19 12:53:41 | 000,000,060 | ---- | M] () -- C:\Users\Dale\CUSTDATA.INI
[2010/07/17 09:52:56 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/07/17 09:52:55 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/07/17 09:52:03 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/07/17 00:21:52 | 000,279,552 | ---- | M] () -- C:\Users\Dale\GOLDFISH BRAND Curry.doc
[2010/07/08 09:56:51 | 000,025,600 | ---- | M] () -- C:\Users\Dale\Matthew_Cheetham_cover_letterKGrange.doc
[2010/07/03 17:06:41 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/02 17:49:45 | 000,024,064 | ---- | M] () -- C:\Users\Dale\MW2 shotgun.doc
[2010/07/02 08:56:24 | 000,029,184 | ---- | M] () -- C:\Users\Dale\Mark Chapter 12 Verses 41 to 44.doc
[2010/06/29 06:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/06/29 06:39:38 | 000,312,912 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2010/06/29 06:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/06/29 06:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/06/27 14:58:06 | 000,131,248 | ---- | M] () -- C:\Users\Dale\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/27 12:57:53 | 000,464,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/27 10:54:06 | 000,966,213 | ---- | M] () -- C:\Users\Dale\tdsskiller.zip
[2010/06/23 20:03:27 | 000,025,600 | ---- | M] () -- C:\Users\Dale\Desktop\Matthew_Cheetham_cover_letter.doc
[2010/06/16 22:56:23 | 000,024,576 | ---- | M] () -- C:\Users\Dale\Federer.doc
[2010/06/07 13:10:20 | 000,001,818 | ---- | M] () -- C:\Users\Dale\Desktop\POD Farm 2.lnk
[2010/06/03 09:13:44 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/05/27 14:07:54 | 000,019,968 | ---- | M] () -- C:\Users\Dale\This won me a TV.doc
[2010/05/25 00:07:16 | 007,230,274 | ---- | M] () -- C:\Users\Dale\Desktop\11 - félperc - L.I.F.E.mp3
[2010/05/19 22:47:33 | 000,029,696 | ---- | M] () -- C:\Users\Dale\Yellow curry.doc
[2010/05/19 21:40:34 | 000,009,287 | -HS- | M] () -- C:\Users\Dale\Desktop\Folder.jpg
[2010/05/19 21:40:34 | 000,002,449 | -HS- | M] () -- C:\Users\Dale\Desktop\AlbumArtSmall.jpg
[2010/05/18 13:38:11 | 000,000,162 | -H-- | M] () -- C:\Users\Dale\Desktop\~$CARD2.doc
[2010/05/13 13:43:25 | 000,000,520 | ---- | M] () -- C:\TPAIN IMPERSONATE.cpart
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Dale\Desktop\*.tmp files -> C:\Users\Dale\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/09 21:17:05 | 2138,431,488 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/09 20:26:46 | 000,869,051 | ---- | C] () -- C:\Users\Dale\Desktop\SecurityCheck.exe
[2010/08/09 20:14:43 | 000,156,129 | ---- | C] () -- C:\Users\Dale\Desktop\JavaRa.zip
[2010/08/09 15:11:13 | 000,001,006 | ---- | C] () -- C:\Users\Dale\Desktop\mbam-log-2010-08-09 (15-11-02)NEWEST
[2010/08/09 13:34:44 | 000,293,376 | ---- | C] () -- C:\Users\Dale\Desktop\llwwnitu.exe
[2010/08/09 12:00:49 | 001,074,232 | ---- | C] () -- C:\Users\Dale\Desktop\RootkitBuster_2.80.1077.zip
[2010/08/09 11:44:22 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/09 00:29:08 | 250,736,361 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/09 00:06:56 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/09 00:06:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/09 00:06:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/09 00:06:56 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/09 00:06:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/08 13:00:58 | 003,816,812 | R--- | C] () -- C:\Users\Dale\Desktop\ComboFix.exe
[2010/08/08 12:46:50 | 002,396,859 | ---- | C] () -- C:\MGtools.exe
[2010/08/08 11:45:25 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\Hitman Pro 3.5 Boot Task.job
[2010/08/07 20:57:39 | 001,130,629 | ---- | C] () -- C:\Users\Dale\Desktop\tdsskiller.zip
[2010/08/07 20:37:36 | 000,511,268 | ---- | C] () -- C:\Users\Dale\Documents\cc_20100807_2037.reg
[2010/08/07 18:44:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/07 12:31:25 | 000,000,064 | ---- | C] () -- C:\Windows\wininit.ini
[2010/08/07 12:03:16 | 000,000,496 | ---- | C] () -- C:\Windows\System32\.crusader
[2010/08/07 11:45:31 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/08/01 21:35:17 | 000,379,927 | ---- | C] () -- C:\Users\Dale\pedobear_stephanie_sex.gif
[2010/07/30 10:08:09 | 003,408,874 | ---- | C] () -- C:\Users\Dale\Desktop\bobby flynn- animal.mp3
[2010/07/28 14:43:10 | 000,026,234 | ---- | C] () -- C:\Users\Dale\Desktop\CHEETHAM, Matthew.rtf
[2010/07/28 14:35:03 | 000,020,992 | ---- | C] () -- C:\Users\Dale\Documents\Matthew Cheetham Resume 2010-1.wps
[2010/07/26 19:31:47 | 004,213,005 | ---- | C] () -- C:\Users\Dale\Desktop\Ryan Adams - Cry On Demand.mp3
[2010/07/26 00:53:22 | 000,001,308 | ---- | C] () -- C:\Users\Dale\shoe size- my name is earl.txt
[2010/07/24 23:18:24 | 000,144,777 | ---- | C] () -- C:\Users\Dale\render.nike.com.jpg
[2010/07/24 16:04:19 | 000,000,423 | ---- | C] () -- C:\Users\Dale\UTUBE.txt
[2010/07/24 00:14:51 | 000,035,328 | ---- | C] () -- C:\Users\Dale\Info From AmazonXD on LUCID DREAMING.doc
[2010/07/22 23:37:12 | 000,000,097 | ---- | C] () -- C:\Users\Dale\IMDB.txt
[2010/07/20 23:48:12 | 001,530,421 | ---- | C] () -- C:\Users\Dale\secretary owned.gif
[2010/07/20 23:48:04 | 001,946,591 | ---- | C] () -- C:\Users\Dale\pie time.gif
[2010/07/20 23:47:57 | 002,016,320 | ---- | C] () -- C:\Users\Dale\take tehe stairs.gif
[2010/07/20 23:47:48 | 001,487,163 | ---- | C] () -- C:\Users\Dale\hot dancing.gif
[2010/07/20 23:47:40 | 000,861,242 | ---- | C] () -- C:\Users\Dale\wow they are junping.gif
[2010/07/20 23:45:52 | 001,060,328 | ---- | C] () -- C:\Users\Dale\sit ups have never looked so good.gif
[2010/07/20 23:45:25 | 001,904,992 | ---- | C] () -- C:\Users\Dale\stage fail gif.gif
[2010/07/19 12:53:44 | 000,061,872 | ---- | C] () -- C:\Windows\System32\HSlide32.OCX
[2010/07/19 12:53:44 | 000,061,360 | ---- | C] () -- C:\Windows\System32\VSLIDE32.OCX
[2010/07/19 12:53:43 | 000,068,520 | ---- | C] () -- C:\Windows\System32\MIDIIO32.OCX
[2010/07/19 12:53:43 | 000,059,304 | ---- | C] () -- C:\Windows\System32\MIDIFL32.OCX
[2010/07/19 12:53:41 | 000,000,060 | ---- | C] () -- C:\Users\Dale\CUSTDATA.INI
[2010/07/17 00:21:22 | 000,279,552 | ---- | C] () -- C:\Users\Dale\GOLDFISH BRAND Curry.doc
[2010/07/13 11:14:52 | 000,011,867 | ---- | C] () -- C:\Users\Dale\In the skin tab.txt
[2010/07/11 15:52:17 | 000,001,081 | ---- | C] () -- C:\Users\Dale\good p GET.txt
[2010/07/08 09:56:51 | 000,025,600 | ---- | C] () -- C:\Users\Dale\Matthew_Cheetham_cover_letterKGrange.doc
[2010/07/02 17:49:44 | 000,024,064 | ---- | C] () -- C:\Users\Dale\MW2 shotgun.doc
[2010/07/02 08:55:42 | 000,029,184 | ---- | C] () -- C:\Users\Dale\Mark Chapter 12 Verses 41 to 44.doc
[2010/06/27 11:31:08 | 001,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010/06/27 10:53:49 | 000,966,213 | ---- | C] () -- C:\Users\Dale\tdsskiller.zip
[2010/06/16 22:56:23 | 000,024,576 | ---- | C] () -- C:\Users\Dale\Federer.doc
[2010/06/11 00:53:08 | 000,000,028 | ---- | C] () -- C:\Users\Dale\spanish.txt
[2010/06/10 13:13:52 | 000,000,386 | ---- | C] () -- C:\Users\Dale\Nadal federer wimbledon.txt
[2010/06/07 13:10:20 | 000,001,818 | ---- | C] () -- C:\Users\Dale\Desktop\POD Farm 2.lnk
[2010/05/31 13:59:16 | 000,000,419 | ---- | C] () -- C:\Users\Dale\fedbestclass.txt
[2010/05/28 11:50:16 | 000,000,363 | ---- | C] () -- C:\Users\Dale\gellar.txt
[2010/05/27 18:54:42 | 000,000,147 | ---- | C] () -- C:\Users\Dale\My entry for 3D tv.txt
[2010/05/27 14:07:54 | 000,019,968 | ---- | C] () -- C:\Users\Dale\This won me a TV.doc
[2010/05/25 00:05:26 | 007,230,274 | ---- | C] () -- C:\Users\Dale\Desktop\11 - félperc - L.I.F.E.mp3
[2010/05/19 22:47:33 | 000,029,696 | ---- | C] () -- C:\Users\Dale\Yellow curry.doc
[2010/05/18 13:38:11 | 000,000,162 | -H-- | C] () -- C:\Users\Dale\Desktop\~$CARD2.doc
[2010/05/13 13:43:25 | 000,000,520 | ---- | C] () -- C:\TPAIN IMPERSONATE.cpart
[2010/03/28 12:45:46 | 000,000,516 | ---- | C] () -- C:\Windows\IfoEdit.INI
[2010/03/03 09:19:55 | 000,014,976 | ---- | C] () -- C:\Windows\System32\drivers\SBKUPNT.SYS
[2010/03/03 09:19:45 | 000,002,799 | ---- | C] () -- C:\Windows\SKLANG.INI
[2009/11/25 16:18:02 | 000,055,856 | ---- | C] () -- C:\Windows\System32\vnetinst.dll
[2009/09/20 12:36:35 | 000,002,756 | ---- | C] () -- C:\Windows\System32\ssolefw.dll
[2009/09/20 12:36:35 | 000,002,756 | ---- | C] () -- C:\Windows\System32\sslibtth.dll
[2009/09/20 12:36:35 | 000,002,756 | ---- | C] () -- C:\Windows\System32\sslibram.dll
[2009/09/20 12:36:35 | 000,002,756 | ---- | C] () -- C:\Windows\System32\sslibmmn.dll
[2009/09/20 12:36:35 | 000,002,756 | ---- | C] () -- C:\Windows\System32\solekuy.dll
[2009/09/20 12:36:35 | 000,002,756 | ---- | C] () -- C:\Windows\System32\solegeh.dll
[2009/09/20 12:36:35 | 000,002,756 | ---- | C] () -- C:\Windows\System32\slibeh.dll
[2009/06/12 21:28:30 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2009/06/12 21:28:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2009/05/03 17:04:50 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
[2009/04/25 14:51:35 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/03/05 15:45:06 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2009/03/05 15:45:06 | 000,662,016 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/03/05 15:45:06 | 000,520,192 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009/03/05 15:45:06 | 000,404,992 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/03/05 15:45:06 | 000,397,312 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009/03/05 15:45:06 | 000,204,800 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009/03/05 15:45:06 | 000,188,416 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2009/03/05 15:45:06 | 000,167,936 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009/03/05 15:45:06 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009/03/05 15:45:06 | 000,135,168 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009/03/05 15:45:06 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2009/03/05 15:45:06 | 000,102,912 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009/03/05 15:45:06 | 000,054,784 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009/03/05 15:45:06 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009/03/05 15:45:06 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009/03/05 15:45:06 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/03/05 15:45:06 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/06/18 20:51:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll
[2008/04/03 19:01:53 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/11/03 22:57:55 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\E2246F4A91.sys
[2007/11/03 22:57:54 | 000,004,182 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2007/10/11 17:59:24 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007/08/24 18:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/08/01 16:12:05 | 000,000,241 | ---- | C] () -- C:\Windows\QSync.INI
[2007/07/19 14:57:11 | 000,421,888 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2007/07/19 14:57:11 | 000,225,280 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll
[2007/07/19 14:57:11 | 000,077,824 | ---- | C] () -- C:\Windows\System32\vorbisfile.dll
[2007/04/06 00:37:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll
[2007/04/05 23:54:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/04/05 23:54:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2007/04/05 23:54:05 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2007/04/05 23:46:17 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/04/05 23:46:17 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/06 11:49:42 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007/02/14 09:52:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/11 16:00:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/08/11 16:00:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/01/31 07:37:58 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1996/02/24 07:34:48 | 000,014,629 | ---- | C] () -- C:\Windows\System32\Declw.dll
[1996/02/23 05:09:20 | 000,032,256 | ---- | C] () -- C:\Windows\System32\Decln.dll

========== LOP Check ==========

[2010/02/13 15:31:47 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Ableton
[2008/04/02 12:53:53 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\acccore
[2009/09/01 08:21:41 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Acoustica
[2008/09/12 15:27:27 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Antares
[2009/01/11 12:34:23 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Ashampoo
[2009/02/16 14:31:34 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Auslogics
[2009/06/08 15:24:05 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\BitTorrent
[2009/06/20 13:19:52 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\ChessBase
[2009/05/10 10:49:58 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\DAEMON Tools
[2009/05/10 10:50:46 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\DAEMON Tools Lite
[2009/05/10 10:49:58 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\DAEMON Tools Pro
[2009/09/12 17:12:31 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\GrabPro
[2008/07/30 12:24:06 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\ImgBurn
[2007/06/15 16:05:09 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\ISTool
[2009/02/17 19:01:49 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\iZotope
[2008/04/20 15:11:29 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\LimeWire
[2007/06/12 23:19:39 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\LimeWireTurbo
[2010/06/07 13:19:32 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Line 6
[2009/10/10 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Locktime
[2009/04/06 23:10:42 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Opera
[2010/08/08 14:13:59 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Orbit
[2008/09/12 15:44:27 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\PACE Anti-Piracy
[2009/04/09 18:42:05 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\PacificPoker
[2009/04/07 16:14:52 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Paltalk
[2010/08/07 16:32:12 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\QuickScan
[2009/04/23 11:47:46 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Red Chair Software
[2008/09/14 22:34:34 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\SIR
[2007/09/30 14:18:31 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Slide
[2009/04/18 12:18:15 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\SlimBrowser
[2009/02/17 14:40:54 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Steinberg
[2007/08/30 13:15:58 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\STOIK
[2007/06/11 13:17:59 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Template
[2010/08/07 09:31:42 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\uTorrent
[2010/07/19 23:24:17 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Vso
[2009/12/05 15:00:15 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Waves
[2009/12/05 15:08:59 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Waves Preferences
[2007/06/09 00:28:06 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\WinBatch
[2009/03/18 13:58:26 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Xilisoft Corporation
[2010/08/08 20:38:07 | 000,000,290 | ---- | M] () -- C:\Windows\Tasks\Hitman Pro 3.5 Boot Task.job
[2010/08/09 21:09:01 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 1304 bytes -> C:\ProgramData\Microsoft:VqmCDdPndtnqNWERYNkf6sv
@Alternate Data Stream - 1250 bytes -> C:\ProgramData\Microsoft:9qLlRs5fR8aj6IdfmHfAs
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 1169 bytes -> C:\Users\Dale\AppData\Local\nKxmHARVYLAOZK:YzD1uTPShC1MJZl0VoA80YcN
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:44DAF2F1
< End of report >

0

The file you wanted me to virus check is the random name that is created for 'GMER' the rootkit remover software.

0

I have done the other things you said- Remove One Anti-virus program, Update to service pack 2 and download IExplorer8 and Adobe Reader 9.

I decided to run MBAM again and it seems that-
HKEY_CURRENT_USER\Software\WinServers (Malware.Trace)

Has come back.

0

The file you wanted me to virus check is the random name that is created for 'GMER' the rootkit remover software.

I thought thats what it was. Just needed to check.

Delete any copies of combofix you might have on your pc.

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply.
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

0

I got BSOD while it was running. I didn't catch where it was up to when it happened.

0

Ok, I ran it in safe mode.

Im not sure what info is important so ill tell some stuff that happened when It was scanning.

-1st message "the system can not find message text from 0x8 in the message file or system.
-Access denied Administrative Rights are needed. (I ran combofix as admin though)
-Stage 38- Access denied Admin permissions are needed
-It ran through every stage (50)

-C:\Windows\System32\wininit.exe successfully restored.
-Pc auto restarted (no BSOD)
-Upon restart combofix says that it is generating report. After it completed if i tried to click on anything on my pc an error said "Illegal operation attempted on a registry key that has been marked for deletion"
- I restarted pc

I found these logs

Catchme

File "C:\ComboFix\MT_wininit.exe.tmp" added successfully

combofix.txt

ComboFix 10-08-09.02 - Dale 10/08/2010 13:03:54.3.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.61.1033.18.2039.1579 [GMT 10:00]
Running from: C:\Users\Dale\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

-- Previous Run --

Infected copy of C:\Windows\System32\wininit.exe was found and disinfected
Restored copy from - C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

-- Previous Run --

Infected copy of C:\Windows\System32\wininit.exe was found and disinfected
Restored copy from - C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

--------

Infected copy of C:\Windows\System32\wininit.exe was found and disinfected
Restored copy from - C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

-- Previous Run --

Infected copy of C:\Windows\System32\wininit.exe was found and disinfected
Restored copy from - C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

-- Previous Run --

Infected copy of C:\Windows\System32\wininit.exe was found and disinfected
Restored copy from - C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

--------

Infected copy of C:\Windows\System32\wininit.exe was found and disinfected
Restored copy from - C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

--------

C:\Windows\System32\wininit.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

--------

Infected copy of C:\Windows\System32\wininit.exe was found and disinfected
Restored copy from - C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

.

Edited by manipulation: n/a

0

Hopefully that last disinfection worked.

Can you attempt to run it in normal mode now and we will see where we go from there.

0

It is only on the screen for maybe 2 seconds telling me that the PC is shutting down to prevent damage. Is it worth me trying again to be more specific of when it is happening?

Edited by manipulation: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.