1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Redirected searches

Discussion in 'Virus & Other Malware Removal' started by mada360, May 21, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. mada360

    mada360 Thread Starter

    Joined:
    May 21, 2010
    Messages:
    21
    Recently my Dad installed a malware "security" program, i succesfully removed it using rkill and malwarebytes inside of safe-mode on xp; however i still am getting redirected, so i ran Hijackthis and found a couple of suspicious entries but i'm not sure if they're the problem.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:31:05:pM, on 21/05/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Security\avg\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    C:\PROGRA~1\Security\avg\avgrsx.exe
    C:\PROGRA~1\Security\avg\avgnsx.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Hobbyist Software\Off-Helper\Off-Service.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TVersity\Media Server\MediaServer.exe
    C:\WINDOWS\system32\ufdsvc.exe
    C:\PROGRA~1\Security\avg\avgemc.exe
    C:\Program Files\Security\avg\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\PROGRA~1\Security\avg\avgtray.exe
    C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe
    C:\Documents and Settings\Julie\Application Data\Dropbox\bin\Dropbox.exe
    C:\Documents and Settings\Julie\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\Security\avg\Toolbar\IEToolbar.dll
    R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Security\avg\avgssie.dll
    O2 - BHO: (no name) - {49C5A41D-225D-4792-B656-9873522697D3} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {80bf2261-0374-43d1-a5a8-204f1ec384c6} - (no file)
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\Security\avg\Toolbar\IEToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: (no name) - {D6F5B312-EF0D-464D-A043-E6E08A35952C} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\Security\avg\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\Security\avg\avgtray.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Hobbyist Software On-Off Helper] C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper.exe /silent
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Julie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 (.NET CLR 3.5.30729)" -"http://www.nationalexpress.com/coach/index.cfm?utm_source=Google&utm_medium=ppc"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [nohanevivu] Rundll32.exe "C:\WINDOWS\system32\tumazuba.dll",s (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Julie\Application Data\Dropbox\bin\Dropbox.exe
    O4 - Global Startup: OfficeSAS.lnk = ?
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUfox000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res:///105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1215716495796
    O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.17.0.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} -
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\Security\avg\avgpp.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O20 - Winlogon Notify: rqRIbYro - C:\WINDOWS\
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\Security\avg\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\Security\avg\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
    O23 - Service: Off-Helper - Unknown owner - C:\Program Files\Hobbyist Software\Off-Helper\Off-Service.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
    O23 - Service: UFD Command Service (UFDSVC) - Generic - C:\WINDOWS\system32\ufdsvc.exe

    --
    End of file - 12679 bytes

    (The above two in bold are what i suspect is the problem because of the names, but just in case)
     
  2. SweetTech

    SweetTech Malware Specialist

    Joined:
    Dec 31, 1969
    Messages:
    1,016
    My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems. I'd be grateful if you would note the following:

    • Logs from malware removal programs (DDS is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
    • Please make sure to carefully read any instruction that I give you.
      Reading too lightly will cause you to miss important steps, which could have destructive effects.
    • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
    • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
    • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
    • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
    • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
    • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
      Because of this, you must reply within three days
      failure to reply will result in the topic being closed!
    • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message on here. ;)
    • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
      Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

    ____________________________________________________


    OTL Custom Scan

    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in

      netsvcs
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\drivers\*.sys /180
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
      • You may need two posts to fit them both in.



    NEXT:



    Scanning with GMER

    Please download GMER from one of the following locations and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zipped Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.


    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
    • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
    • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

      [​IMG]
    • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
    • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
    • Now click the Scan button. If you see a rootkit warning window, click OK.
    • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
    • Click the Copy button and paste the results into your next reply.
    • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
    -- If you encounter any problems, try running GMER in safe mode.
    -- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
    .



    NEXT:



    Please make sure you include the following items in your next post:
    1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
    2. The logs that were produced after running the OTL scans. (OTL.txt & Extras.txt)
    3. The log that was produced after running GMER
    4. An update on how your computer is currently running.​
    It would be helpful if you could answer each question in the order asked, as well as numbering your answers.
     
  3. mada360

    mada360 Thread Starter

    Joined:
    May 21, 2010
    Messages:
    21
    OTL logfile created on: 23/05/2010 10:28:25 - Run 1
    OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\John\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    447.00 Mb Total Physical Memory | 47.00 Mb Available Physical Memory | 11.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
    Paging file location(s): [Binary data over 100 bytes]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 97.66 Gb Total Space | 37.06 Gb Free Space | 37.94% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive L: | 9.52 Gb Total Space | 2.72 Gb Free Space | 28.62% Space Free | Partition Type: EXT3
    Drive O: | 41.39 Gb Total Space | 7.36 Gb Free Space | 17.78% Space Free | Partition Type: NTFS

    Computer Name: WORLEY
    Current User Name: John
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\John\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper.exe ()
    PRC - C:\Program Files\Hobbyist Software\Off-Helper\Off-Service.exe ()
    PRC - C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
    PRC - C:\Program Files\Security\avg\avgtray.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
    PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
    PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
    PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe (Microsoft Corporation)
    PRC - C:\Program Files\TVersity\Media Server\MediaServer.exe ()
    PRC - C:\Program Files\Security\avg\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Security\avg\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Security\avg\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Security\avg\avgemc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Security\avg\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
    PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
    PRC - C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
    PRC - C:\WINDOWS\system32\slserv.exe (Smart Link)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    PRC - C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
    PRC - C:\WINDOWS\system32\ufdsvc.exe (Generic)
    PRC - C:\WINDOWS\system32\PAStiSvc.exe ()


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\John\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
    MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (RoxLiveShare9) -- File not found
    SRV - (Off-Helper) -- C:\Program Files\Hobbyist Software\Off-Helper\Off-Service.exe ()
    SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
    SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
    SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
    SRV - (TVersityMediaServer) -- C:\Program Files\TVersity\Media Server\MediaServer.exe ()
    SRV - (avg8emc) -- C:\Program Files\Security\avg\avgemc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (avg8wd) -- C:\Program Files\Security\avg\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe (Carbonite, Inc. (www.carbonite.com))
    SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe (Smart Link)
    SRV - (KService) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
    SRV - (UFDSVC) -- C:\WINDOWS\system32\ufdsvc.exe (Generic)
    SRV - (Imapi Helper) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (Alex Feinman)
    SRV - (STI Simulator) -- C:\WINDOWS\system32\PAStiSvc.exe ()


    ========== Driver Services (SafeList) ==========

    DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
    DRV - (RapportKELL) -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys (Trusteer Ltd.)
    DRV - (RapportBuka) -- C:\WINDOWS\system32\drivers\RapportBuka.sys (Trusteer Ltd.)
    DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (StarOpen) -- C:\WINDOWS\system32\drivers\StarOpen.sys ()
    DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
    DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
    DRV - (LMIRfsClientNP) -- C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.)
    DRV - (Ext2Fsd) -- C:\WINDOWS\system32\drivers\ext2fsd.sys (www.ext2fsd.com)
    DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
    DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
    DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
    DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
    DRV - (tapvpn) -- C:\WINDOWS\system32\drivers\tapvpn.sys (The OpenVPN Project)
    DRV - (symsnap) -- C:\WINDOWS\system32\DRIVERS\symsnap.sys (StorageCraft)
    DRV - (X4HSX32Ex) -- C:\Program Files\Metaboli Player\X4HSX32Ex.sys (Exent Technologies Ltd.)
    DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
    DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
    DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
    DRV - (kqemu) -- C:\WINDOWS\system32\drivers\kqemu.sys ()
    DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
    DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
    DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
    DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
    DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
    DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
    DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
    DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
    DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
    DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
    DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
    DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
    DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
    DRV - (StreamSurge) StreamSurge Driver (miniport) -- C:\WINDOWS\system32\drivers\ss.sys (WikiTek Inc.)
    DRV - (P730U) -- C:\WINDOWS\system32\drivers\P730U.sys (Mobile Action Technology Inc.)
    DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\TosRfhid.sys (TOSHIBA Corporation.)
    DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\TosRfbd.sys (TOSHIBA CORPORATION)
    DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
    DRV - (tosporte) -- C:\WINDOWS\system32\drivers\Tosporte.sys (TOSHIBA Corporation)
    DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
    DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
    DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
    DRV - (P730M) -- C:\WINDOWS\system32\drivers\P730M.sys (Mobile Action Technology Inc.)
    DRV - (P730C) -- C:\WINDOWS\system32\drivers\P730C.sys (Mobile Action Technology Inc.)
    DRV - (MaRdPnp) -- C:\WINDOWS\system32\drivers\MaRdP2K.sys (Mobile Action Technology Inc.)
    DRV - (MaVctrl) -- C:\WINDOWS\system32\drivers\MaVc2K.sys (Mobile Action Technology Inc.)
    DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys (Smart Link)
    DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys (Smart Link)
    DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys (Smart Link)
    DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys (Smart Link)
    DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys (Smart Link)
    DRV - (RecAgent) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys (Smart Link)
    DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys (Smart Link)
    DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
    DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
    DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
    DRV - (Cap713x) -- C:\WINDOWS\system32\drivers\Cap713x.sys (PSH)
    DRV - (GTNDIS5) -- C:\Program Files\Belkin\F5D9050\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
    DRV - (Ca533av) -- C:\WINDOWS\system32\drivers\Ca533av.sys (Digital Camera)
    DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
    DRV - (USBCamera) -- C:\WINDOWS\system32\drivers\Bulk533.sys (USB BULK)
    DRV - (vcdrom) -- C:\WINDOWS\system32\drivers\VCdRom.sys (Microsoft Corporation)
    DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 06 55 D7 E6 F3 71 CA 01 [binary data]
    IE - HKCU\..\URLSearchHook: *{00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
    IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\Security\avg\Toolbar\IEToolbar.dll ()
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
    FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: [email protected]:1.5.1

    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\Security\avg\Firefox [2009/12/22 11:51:29 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\Security\avg\Toolbar\Firefox\avg@igeared [2010/01/15 13:27:43 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: E:\PortableApps\FirefoxPortable\App\firefox\components
    FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: E:\PortableApps\FirefoxPortable\App\firefox\plugins
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/15 22:44:24 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/11 16:32:54 | 000,000,000 | ---D | M]

    [2009/02/08 17:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Extensions
    [2009/02/08 17:50:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
    [2010/05/20 18:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\t3hlecss.default\extensions
    [2009/08/09 19:48:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\t3hlecss.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/01/17 21:09:08 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\t3hlecss.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/01/17 21:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\t3hlecss.default\extensions\[email protected]
    [2010/05/20 22:30:10 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\t3hlecss.default\searchplugins\bing.xml
    [2010/05/19 21:00:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2008/02/27 17:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll
    [2006/09/21 18:29:00 | 000,135,227 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npExentCtl.dll
    [2007/12/19 13:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
    [2010/04/01 17:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/04/01 17:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2010/04/01 17:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/04/01 17:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2009/07/26 15:45:32 | 000,318,347 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 bebo.com
    O1 - Hosts: 127.0.0.1 www.bebo.com
    O1 - Hosts: 127.0.0.1 bebo.co.uk
    O1 - Hosts: 127.0.0.1 www.bebo.co.uk
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.123topsearch.com
    O1 - Hosts: 127.0.0.1 123topsearch.com
    O1 - Hosts: 127.0.0.1 www.132.com
    O1 - Hosts: 127.0.0.1 132.com
    O1 - Hosts: 10921 more lines...
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Security\avg\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (no name) - {49C5A41D-225D-4792-B656-9873522697D3} - No CLSID value found.
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Security\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {80bf2261-0374-43d1-a5a8-204f1ec384c6} - No CLSID value found.
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\Security\avg\Toolbar\IEToolbar.dll ()
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (no name) - {D6F5B312-EF0D-464D-A043-E6E08A35952C} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\Security\avg\Toolbar\IEToolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\Security\avg\Toolbar\IEToolbar.dll ()
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\Security\avg\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
    O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
    O4 - HKLM..\Run: [Hobbyist Software On-Off Helper] C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper.exe ()
    O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk = C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Security\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1215716495796 (MUWebControl Class)
    O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.17.0.cab (Battlefield Heroes Updater)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} Reg Error: Value error. (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\Security\avg\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O20 - Winlogon\Notify\rqRIbYro: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - CLSID or File not found.
    O24 - Desktop WallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/07/10 14:12:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{d9aa1014-d27a-11dd-b0e2-005056c00008}\Shell\AutoRun\command - "" = StartPortableApps.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/07/10 14:12:00 | 000,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (17746478449557504)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/05/23 09:59:39 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
    [2010/05/21 20:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Research
    [2010/05/21 19:10:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
    [2010/05/21 19:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Photosynth
    [2010/05/20 21:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/05/18 08:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2010/05/18 08:32:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2010/05/16 17:01:34 | 000,000,000 | ---D | C] -- C:\Avenger
    [2010/05/16 11:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/05/16 11:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/05/14 17:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia
    [2010/05/14 17:11:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
    [2010/05/09 21:14:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hobbyist Software
    [2010/05/08 11:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success
    [2010/05/08 11:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\Driving Test Success - All Tests (2009-2010)
    [2010/05/02 20:57:49 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDesign.dll
    [2010/05/02 20:57:49 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudFile.dll
    [2010/05/02 20:57:49 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioInfos.dll
    [2010/05/02 20:57:49 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioVisu.dll
    [2010/05/02 20:57:49 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudPlayer.dll
    [2010/05/02 20:57:49 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioRecord.dll
    [2010/05/02 20:57:49 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDisplay.dll
    [2010/05/02 20:57:49 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\WMAFile.dll
    [2010/05/02 20:57:49 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTL32.OCX
    [2010/05/02 20:57:49 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL
    [2010/05/02 20:57:49 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msinet.OCX
    [2010/05/02 20:57:49 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
    [2010/05/02 20:57:49 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetfr.DLL
    [2010/05/02 20:57:48 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTFR.DLL
    [2010/05/02 20:57:47 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL
    [2010/05/02 20:57:47 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mscc2fr.dll
    [2010/05/02 20:57:46 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL
    [2010/05/02 20:57:45 | 000,000,000 | ---D | C] -- C:\Program Files\Free Audio Pack
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/05/23 10:45:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{87B8FE37-D887-4987-8C12-7790F9683185}.job
    [2010/05/23 10:44:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1004UA.job
    [2010/05/23 10:44:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CB794B10-EA7E-41C0-8BC5-B58A21901C34}.job
    [2010/05/23 10:43:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8892A9E9-8D6A-4753-B8AD-26B5D41F345D}.job
    [2010/05/23 10:33:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2010/05/23 10:28:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/05/23 10:20:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/05/23 10:16:41 | 000,011,329 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies
    [2010/05/23 10:14:48 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/05/23 10:14:33 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\lrzpvrig.job
    [2010/05/23 10:14:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/05/23 10:14:21 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
    [2010/05/23 09:58:21 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
    [2010/05/23 09:58:06 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\John\Desktop\qvimenmm.exe
    [2010/05/22 21:29:21 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\John\ntuser.dat
    [2010/05/22 21:29:21 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\John\ntuser.ini
    [2010/05/22 21:11:00 | 000,001,004 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1012UA.job
    [2010/05/22 21:05:01 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1008UA.job
    [2010/05/22 09:45:06 | 060,246,260 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2010/05/21 21:44:15 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1004Core.job
    [2010/05/20 21:33:01 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\John\Desktop\HijackThis.lnk
    [2010/05/19 23:05:00 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1008Core.job
    [2010/05/18 13:11:00 | 000,000,952 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1012Core.job
    [2010/05/11 21:02:06 | 000,000,600 | ---- | M] () -- C:\WINDOWS\PUTTY.RND
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/05/23 09:59:39 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\John\Desktop\qvimenmm.exe
    [2010/05/21 21:57:30 | 000,200,480 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/05/21 17:32:43 | 469,291,008 | -HS- | C] () -- C:\hiberfil.sys
    [2010/05/21 16:57:29 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\John\avgrep.txt
    [2010/05/20 21:32:59 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\John\Desktop\HijackThis.lnk
    [2010/05/11 21:02:03 | 000,000,600 | ---- | C] () -- C:\WINDOWS\PUTTY.RND
    [2010/05/02 20:57:50 | 000,116,296 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx
    [2010/05/02 20:57:45 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2010/04/27 22:16:35 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/06/09 17:38:02 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
    [2009/03/02 21:04:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
    [2009/01/23 21:17:21 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2009/01/23 21:17:21 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
    [2008/12/30 13:09:26 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\libsndfile-1.dll
    [2008/12/03 20:01:00 | 000,000,120 | -HS- | C] () -- C:\WINDOWS\System32\uuwctbkx.ini
    [2008/11/09 13:09:00 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
    [2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2008/11/06 17:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
    [2008/11/06 17:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
    [2008/11/06 17:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
    [2008/10/28 20:44:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
    [2008/10/28 20:07:39 | 000,000,086 | ---- | C] () -- C:\WINDOWS\PhoneBkExe.INI
    [2008/10/28 20:05:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MessageExe.INI
    [2008/10/18 18:55:33 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
    [2008/09/04 20:03:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2008/09/03 11:00:20 | 003,423,744 | ---- | C] () -- C:\WINDOWS\System32\libfilefmt-1.1.0.dll
    [2008/09/03 11:00:20 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\libavi-dd-1.2.0.dll
    [2008/09/03 11:00:18 | 000,706,048 | ---- | C] () -- C:\WINDOWS\System32\libmcl-3.1.1.dll
    [2008/08/18 14:41:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
    [2008/08/18 14:41:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EngineExe.INI
    [2008/08/18 14:37:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AlbumExe.INI
    [2008/08/14 12:20:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
    [2008/08/14 11:58:19 | 000,007,852 | ---- | C] () -- C:\WINDOWS\System32\mcdmsg7.dll
    [2008/08/07 10:07:03 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
    [2008/08/07 10:06:44 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
    [2008/08/02 18:03:04 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
    [2008/07/15 18:17:58 | 000,000,097 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
    [2008/07/14 19:51:35 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\F5D9050.dll
    [2008/07/14 19:51:35 | 000,000,525 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini
    [2008/07/14 17:57:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
    [2008/07/10 17:24:30 | 000,000,076 | ---- | C] () -- C:\WINDOWS\dellstat.ini
    [2008/07/10 17:24:27 | 000,000,412 | ---- | C] () -- C:\WINDOWS\lexstat.ini
    [2008/07/10 15:58:05 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
    [2008/07/10 15:58:04 | 000,000,165 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2008/07/10 15:44:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/02/08 17:03:43 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\RegisterDialog.dll
    [2007/08/15 07:27:18 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
    [2007/02/06 22:02:00 | 000,123,939 | ---- | C] () -- C:\WINDOWS\System32\drivers\kqemu.sys
    [2006/11/09 22:07:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
    [2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
    [2006/08/03 11:38:27 | 000,001,888 | ---- | C] () -- C:\WINDOWS\CA533A.INI
    [2006/08/03 11:38:19 | 000,001,325 | ---- | C] () -- C:\WINDOWS\Remove.ini
    [2006/08/02 18:07:00 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
    [2005/01/25 15:15:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL
    [2004/12/02 15:20:12 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
    [2004/09/22 10:09:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
    [2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
    [2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
    [2003/07/29 15:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll

    ========== LOP Check ==========

    [2009/06/23 19:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2008/08/18 14:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blender Foundation
    [2008/12/24 12:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
    [2008/10/13 19:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
    [2010/05/10 20:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success
    [2010/05/23 10:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hobbyist Software
    [2008/09/19 19:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IconTweaker
    [2009/09/15 17:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
    [2010/05/20 18:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
    [2008/07/12 10:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
    [2008/12/05 17:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
    [2008/07/19 20:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Metaboli Player
    [2008/10/19 13:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
    [2008/12/25 13:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
    [2009/12/11 18:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
    [2010/05/14 17:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
    [2009/10/20 19:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/12/08 21:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\.purple
    [2009/06/02 10:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\AVGTOOLBAR
    [2008/09/18 08:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\BitMeter2
    [2009/10/19 16:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\gtk-2.0
    [2009/07/19 19:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\IObit
    [2008/08/26 17:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Launchy
    [2009/02/08 17:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Participatory Culture Foundation
    [2009/01/18 12:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Research In Motion
    [2009/03/19 18:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Samsung
    [2009/01/11 15:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Skinux
    [2009/08/19 15:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Spotify
    [2009/12/14 10:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Trusteer
    [2009/03/19 18:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\uTorrent
    [2006/08/03 21:53:27 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\dfrg.job
    [2010/05/23 10:14:33 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\lrzpvrig.job
    [2010/05/23 10:45:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{87B8FE37-D887-4987-8C12-7790F9683185}.job
    [2010/05/23 10:43:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8892A9E9-8D6A-4753-B8AD-26B5D41F345D}.job
    [2010/05/23 10:44:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{CB794B10-EA7E-41C0-8BC5-B58A21901C34}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2008/10/05 10:26:47 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2008/07/10 14:12:43 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2008/12/12 19:26:48 | 000,000,210 | -HS- | M] () -- C:\boot.ini
    [2008/07/12 15:04:52 | 000,000,000 | RHS- | M] () -- C:\config.sys
    [2010/03/29 10:01:35 | 000,000,090 | ---- | M] () -- C:\error.log
    [2010/05/23 10:14:21 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
    [2008/10/28 19:47:42 | 001,782,338 | ---- | M] () -- C:\HMV9Inst.log
    [2008/07/10 14:12:43 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2007/03/04 06:09:06 | 000,182,400 | ---- | M] () -- C:\LEVIBRUSH.TTF
    [2008/07/10 14:12:43 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/07/10 14:46:50 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/05/23 10:14:20 | 2147,483,648 | -HS- | M] () -- C:\pagefile.sys
    [2008/07/19 20:24:09 | 001,195,083 | ---- | M] () -- C:\pastedpic_07192008_202407.png
    [2010/05/21 16:25:29 | 000,000,382 | ---- | M] () -- C:\rkill.log
    [2008/07/13 09:11:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2008/07/13 09:29:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
    [2008/07/13 09:11:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2008/07/13 09:29:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2008/10/15 18:29:55 | 000,007,168 | -HS- | M] () -- C:\Thumbs.db
    [2006/12/20 11:35:59 | 000,000,457 | ---- | M] () -- C:\VundoFix.txt
    [2005/07/11 10:10:54 | 000,064,884 | ---- | M] () -- C:\X360.ttf

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2008/07/10 14:55:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2008/07/10 14:55:46 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2008/07/10 14:55:46 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\drivers\*.sys /180 >
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    [2010/02/24 14:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
    [2010/02/26 17:41:14 | 000,390,528 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\system32\drivers\RapportBuka.sys
    [2009/12/31 17:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
    [2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
    < End of report >
     
  4. mada360

    mada360 Thread Starter

    Joined:
    May 21, 2010
    Messages:
    21
    OTL Extras logfile created on: 23/05/2010 10:28:25 - Run 1
    OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\John\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    447.00 Mb Total Physical Memory | 47.00 Mb Available Physical Memory | 11.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
    Paging file location(s): [Binary data over 100 bytes]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 97.66 Gb Total Space | 37.06 Gb Free Space | 37.94% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive L: | 9.52 Gb Total Space | 2.72 Gb Free Space | 28.62% Space Free | Partition Type: EXT3
    Drive O: | 41.39 Gb Total Space | 7.36 Gb Free Space | 17.78% Space Free | Partition Type: NTFS

    Computer Name: WORLEY
    Current User Name: John
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = SafariHTML] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- Reg Error: Key error.
    http [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
    "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found
    "C:\Program Files\Hobbyist Software\Off-Helper\Off-Service.exe" = C:\Program Files\Hobbyist Software\Off-Helper\Off-Service.exe:*:Enabled:Off-Helper -- ()
    "C:\Program Files\Hobbyist Software\Off-Helper\mdnsresponder.exe" = C:\Program Files\Hobbyist Software\Off-Helper\mdnsresponder.exe:*:Enabled:Off-Helper Bonjour Service -- (Apple Inc.)
    "C:\Program Files\Hobbyist Software\Off-Helper\dnssd-hobbyist.dll" = C:\Program Files\Hobbyist Software\Off-Helper\dnssd-hobbyist.dll:*:Enabled:Off-Helper Bonjour Service DLL -- (Apple Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\FlightGear\bin\win32\fgfs.exe" = C:\Program Files\FlightGear\bin\win32\fgfs.exe:*:Enabled:fgfs -- File not found
    "C:\Program Files\Security\avg\avgemc.exe" = C:\Program Files\Security\avg\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\Security\avg\avgupd.exe" = C:\Program Files\Security\avg\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE -- File not found
    "C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- (Kontiki Inc.)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:ĀµTorrent -- (BitTorrent, Inc.)
    "X:\Program Files\Ghost Recon\GhostRecon.exe" = X:\Program Files\Ghost Recon\GhostRecon.exe:*:Enabled:GhostRecon.exe -- File not found
    "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- File not found
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger -- File not found
    "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Disabled:Windows Live Messenger (Phone) -- File not found
    "C:\Westwood\SUN\PATCHGET.DAT" = C:\Westwood\SUN\PATCHGET.DAT:*:Enabled:patchgrabber -- File not found
    "C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\AfterFX.exe" = C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\AfterFX.exe:*:Enabled:Adobe After Effects CS3 -- (Adobe Systems Incorporated )
    "C:\Program Files\XBMC\XBMC.exe" = C:\Program Files\XBMC\XBMC.exe:*:Enabled:XBMC -- File not found
    "C:\Documents and Settings\Adam.WORLEY-46B190B0\My Documents\game\Nexuiz\nexuiz.exe" = C:\Documents and Settings\Adam.WORLEY-46B190B0\My Documents\game\Nexuiz\nexuiz.exe:*:Enabled:Nexuiz -- File not found
    "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
    "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" = C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe:*:Enabled:FNPLicensingService -- (Macrovision Europe Ltd.)
    "C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)
    "C:\Program Files\Verdiem\Edison\Edison.exe" = C:\Program Files\Verdiem\Edison\Edison.exe:*:Enabled:Edison -- File not found
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
    "C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:pnkBstrB -- File not found
    "C:\Program Files\GridNetworks\Gridcast\GridcastSvc.exe" = C:\Program Files\GridNetworks\Gridcast\GridcastSvc.exe:*:Enabled:GridCast -- File not found
    "C:\Program Files\TVersity\Media Server\MediaServer.exe" = C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- ()
    "C:\Documents and Settings\Julie\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Julie\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
    "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper.exe" = C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper.exe:*:Enabled:Off-Helper -- ()
    "C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe" = C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe:*:Enabled:Firefox -- File not found
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
    "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
    "C:\Program Files\Hobbyist Software\Off-Helper\Off-Service.exe" = C:\Program Files\Hobbyist Software\Off-Helper\Off-Service.exe:*:Enabled:Off-Helper -- ()
    "C:\Program Files\Hobbyist Software\Off-Helper\mdnsresponder.exe" = C:\Program Files\Hobbyist Software\Off-Helper\mdnsresponder.exe:*:Enabled:Off-Helper Bonjour Service -- (Apple Inc.)
    "C:\Program Files\Hobbyist Software\Off-Helper\dnssd-hobbyist.dll" = C:\Program Files\Hobbyist Software\Off-Helper\dnssd-hobbyist.dll:*:Enabled:Off-Helper Bonjour Service DLL -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{004685F7-9FB6-4789-812F-59ABB34A55AF}" = Adobe Setup
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
    "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{0650BB10-BCF4-400A-85EE-04097E3046C6}" = Adobe Setup
    "{06A940CD-4924-485E-8500-476C9E08A820}" = Samsung PC Studio 3
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{0B7BA3EE-D7AC-494E-999D-DA58D6D01DAC}" = LG PC Suite
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
    "{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.4
    "{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
    "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 (Beta)
    "{20140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 (Beta)
    "{20140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 (Beta)
    "{20140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 (Beta)
    "{20140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 (Beta)
    "{20140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 (Beta)
    "{20140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 (Beta)
    "{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
    "{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
    "{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
    "{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
    "{20140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 (Beta)
    "{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
    "{20140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 (Beta)
    "{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
    "{20140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
    "{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile
    "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
    "{273EAF0F-8EBB-917A-F3C2-80EF5FB0B7F7}" = SpotifyAlarm
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
    "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
    "{36DCA203-08E8-467D-92FB-C1F51EEEE9C5}" = ArcSoft VideoImpression 2
    "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
    "{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{4CBAD7DB-C645-4C75-AF36-41BAC646266A}" = MGA
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{52780C33-4BAE-498F-AAB6-E84D9C54E4B7}" = Heinemann Solutionbank Core C1
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
    "{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
    "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
    "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
    "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{78225D0F-D12C-09E4-5D6D-A64D763E8982}" = BBC iPlayer Desktop
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
    "{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
    "{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
    "{9922FE96-6803-498D-A6AD-4EB5A3B956A5}" = Belkin Wireless G Plus MIMO USB Network Adapter
    "{9C5B68E5-4ED8-4F5C-B557-813F0E4EDD85}" = Programming API (experimental)
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9DB4CEAD-407B-4E3D-96C5-CC5FFA994289}" = LG PC Suite
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
    "{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.86
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
    "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
    "{C3DAC196-8487-4E2E-94F3-9CBE361EB712}" = Microsoft Image Composite Editor
    "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
    "{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
    "{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
    "{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Technika
    "{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
    "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
    "{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
    "{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
    "{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
    "{E14D6A39-96CA-44DF-9FC7-EB17BC9E2F73}" = Photosynth 2.0110.0317.1042
    "{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
    "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
    "{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
    "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
    "{EFA4532F-F1B2-42AE-AE76-013D8A69AEE0}_is1" = MKN TaskExplorer 5
    "{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
    "{F1C9C7F7-0D56-40B2-A276-152762D39BCA}" = Adobe Setup
    "{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
    "{F597BD44-CA62-438D-9923-6E19CC99BD45}" = Samsung E720 USB-Handset Manager
    "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
    "{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
    "7-Zip" = 7-Zip 4.57
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11
    "Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
    "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
    "Adobe_3675c95c239b992d5d0ee8fce969b9e" = Adobe After Effects CS3 Third Party Content
    "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
    "Adobe_5d83aea83f5009a0d267d337e3f55fe" = Adobe After Effects CS3
    "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
    "Adobe_7328fdfcb73660ec8b11d5a3d5c6232" = Adobe Dreamweaver CS3
    "Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
    "Advanced PSD Repair v1.4" = Advanced PSD Repair v1.4
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.8
    "Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
    "Audacity_is1" = Audacity 1.2.6
    "AVG8Uninstall" = AVG Free 8.5
    "AviSynth" = AviSynth 2.5
    "BBC iPlayer Download Manager" = BBC iPlayer Download Manager
    "BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
    "Carbonite Backup" = AVG Online Backup
    "CCleaner" = CCleaner
    "com.adobe.example.SpotifyAlarm.FC7B7B9D03C4E3E799BB0585DDD8729C451AF008.1" = SpotifyAlarm
    "Crimson Editor" = Crimson Editor (remove only)
    "CutePDF Writer Installation" = CutePDF Writer 2.7
    "Defraggler" = Defraggler (remove only)
    "Digsby" = Digsby
    "Driving Test Success - All Tests_is1" = Driving Test Success - All Tests (2009-2010)
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "Ext2Fsd_is1" = Ext2Fsd 0.46
    "ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
    "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9
    "GNU Aspell_is1" = GNU Aspell 0.50-3
    "Google Updater" = Google Updater
    "GTK 2.0" = GTK+ Runtime 2.12.8 rev a (remove only)
    "HijackThis" = HijackThis 2.0.2
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
    "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Off-Helper_is1" = Off-Helper 2.00
    "Office14.SingleImage" = Microsoft Office Professional 2010
    "OpenAL" = OpenAL
    "Photo Viewer" = Photo Viewer 2.3
    "Rapport_msi" = Rapport
    "Recuva" = Recuva (remove only)
    "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
    "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
    "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
    "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
    "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
    "Seven Remix XP" = Seven Remix XP 2.0
    "Smart Defrag_is1" = Smart Defrag 1.20
    "Spotify" = Spotify
    "Trapcode Particular" = Trapcode Particular
    "TuneUpMedia" = TuneUp Companion 1.6.9
    "TVersity Codec Pack" = TVersity Codec Pack 1.2
    "TVersity Media Server" = TVersity Media Server 1.7.2.1 Beta
    "TVersity Media Server " = TVersity Media Server 1.0.0.11 RC7
    "VLC Connection Utility_is1" = VLC Connection Utility 2.60
    "VLC media player" = VideoLAN VLC media player 0.8.6h
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinGimp-2.0_is1" = Gimp 2.6.1
    "WinZip" = WinZip
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XCC Utilities" = XCC Utilities 1.46
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "uTorrent" = ĀµTorrent

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 23/05/2010 05:27:47 | Computer Name = WORLEY | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x1129f1dd.

    Error - 23/05/2010 05:33:53 | Computer Name = WORLEY | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 23/05/2010 05:33:53 | Computer Name = WORLEY | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 23/05/2010 05:33:53 | Computer Name = WORLEY | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The connection with the server was terminated abnormally

    Error - 23/05/2010 05:33:53 | Computer Name = WORLEY | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 23/05/2010 05:33:53 | Computer Name = WORLEY | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 23/05/2010 05:33:55 | Computer Name = WORLEY | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 23/05/2010 05:33:55 | Computer Name = WORLEY | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 23/05/2010 05:33:55 | Computer Name = WORLEY | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 23/05/2010 05:33:55 | Computer Name = WORLEY | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    [ System Events ]
    Error - 10/12/2008 12:11:07 | Computer Name = WORLEY-46B190B0 | Source = Service Control Manager | ID = 7023
    Description = The KService service terminated with the following error: %%2147500037

    Error - 10/12/2008 12:13:54 | Computer Name = WORLEY-46B190B0 | Source = DCOM | ID = 10010
    Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
    with DCOM within the required timeout.

    Error - 10/12/2008 12:15:56 | Computer Name = WORLEY-46B190B0 | Source = DCOM | ID = 10010
    Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
    with DCOM within the required timeout.

    Error - 10/12/2008 12:16:25 | Computer Name = WORLEY-46B190B0 | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.100.11 for the Network Card with network
    address 000FEAA0611C has been denied by the DHCP server 192.168.100.1 (The DHCP
    Server sent a DHCPNACK message).

    Error - 11/12/2008 07:20:34 | Computer Name = WORLEY-46B190B0 | Source = Service Control Manager | ID = 7000
    Description = The MGA Video Camera Device service failed to start due to the following
    error: %%1058

    Error - 11/12/2008 07:20:34 | Computer Name = WORLEY-46B190B0 | Source = Service Control Manager | ID = 7000
    Description = The LogMeIn Kernel Information Provider service failed to start due
    to the following error: %%3

    Error - 11/12/2008 07:20:34 | Computer Name = WORLEY-46B190B0 | Source = Service Control Manager | ID = 7023
    Description = The KService service terminated with the following error: %%2147500037

    Error - 11/12/2008 07:21:35 | Computer Name = WORLEY-46B190B0 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
    Service service to connect.

    Error - 11/12/2008 07:21:36 | Computer Name = WORLEY-46B190B0 | Source = Service Control Manager | ID = 7000
    Description = The IMAPI CD-Burning COM Service service failed to start due to the
    following error: %%1053

    Error - 11/12/2008 07:24:13 | Computer Name = WORLEY-46B190B0 | Source = DCOM | ID = 10010
    Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
    with DCOM within the required timeout.


    < End of report >
     
  5. mada360

    mada360 Thread Starter

    Joined:
    May 21, 2010
    Messages:
    21
    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-05-23 23:01:33
    Windows 5.1.2600 Service Pack 3
    Running: qvimenmm.exe; Driver: C:\DOCUME~1\John\LOCALS~1\Temp\uxtdqpod.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .rsrc C:\WINDOWS\system32\DRIVERS\termdd.sys entry point in ".rsrc" section [0xF7792214]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
    .text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
    .text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
    .text C:\WINDOWS\system32\svchost.exe[584] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0096000A
    .text C:\WINDOWS\Explorer.EXE[904] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
    .text C:\WINDOWS\Explorer.EXE[904] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
    .text C:\WINDOWS\Explorer.EXE[904] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

    Device \FileSystem\Cdfs \Cdfs F6CB2400
    Device -> \Driver\atapi \Device\Harddisk0\DR0 84DDECEC

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d3c321
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d3c321@00124739ca3c 0xA4 0x3E 0xB8 0x6D ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d3c321@001fe31f7a0d 0x65 0xDC 0xB4 0x3D ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d3c321@001fcd31722a 0x87 0xFA 0x04 0xF6 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d3c321@0024905032c1 0x70 0xE5 0x5C 0xF2 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d3c321 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d3c321@00124739ca3c 0xA4 0x3E 0xB8 0x6D ...
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d3c321@001fe31f7a0d 0x65 0xDC 0xB4 0x3D ...
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d3c321@001fcd31722a 0x87 0xFA 0x04 0xF6 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d3c321@0024905032c1 0x70 0xE5 0x5C 0xF2 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs avgrsstx.dll WIKI.DLL ikkqrd.dll C:\WINDOWS\system32\jovulide.dll c:\windows\system32\vajoneyo.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\system32\DRIVERS\termdd.sys suspicious modification
    File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

    ---- EOF - GMER 1.0.15 ----
     
  6. mada360

    mada360 Thread Starter

    Joined:
    May 21, 2010
    Messages:
    21
    The logs are in the order you asked above, sorry for the late reply and the smiley's in one of the logs.

    My computer is running the same as it did before and i didn't get a rootkit message during the Gmer scan; the OTL scan ran quite quick but the Gmer scan took around 6 hours, is this normal? (i ran the Gmer scan in safe mode without networking and had no other windows open)

    Just some information for you i have most of my files backed up on an external hard-drive but as you may have seen from my scans i have a partition :)O) on my hard-drive this is a basic back up of my system made using windows. I also have an ubuntu partition on my hard-drive and it is set to dual-boot.
     
  7. SweetTech

    SweetTech Malware Specialist

    Joined:
    Dec 31, 1969
    Messages:
    1,016
    Hello,

    GMER can take a couple hours to run in some cases.

    Running ComboFix
    Download ComboFix from one of the following locations:
    Link 1
    Link 2

    VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

    * IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    • Double click on ComboFix.exe & follow the prompts.

    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]


    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


    [​IMG]


    • Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

    Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
     
  8. mada360

    mada360 Thread Starter

    Joined:
    May 21, 2010
    Messages:
    21
    Would it be easier/faster to run it in safe mode?
     
  9. SweetTech

    SweetTech Malware Specialist

    Joined:
    Dec 31, 1969
    Messages:
    1,016
    Please try to run it in Normal Mode.
     
  10. mada360

    mada360 Thread Starter

    Joined:
    May 21, 2010
    Messages:
    21
    ComboFix 10-05-23.08 - Julie 24/05/2010 18:04:46.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.47 [GMT 1:00]
    Running from: c:\documents and settings\Julie\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Julie\Application Data\.#
    C:\Thumbs.db
    c:\windows\system32\RCX5A.tmp
    c:\windows\system32\uuwctbkx.ini
    c:\windows\Tasks.\lrzpvrig.job
    c:\windows\Tasks.\lrzpvrig.job . . . . failed to delete

    Infected copy of c:\windows\system32\drivers\termdd.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_FCI
    -------\Legacy_MYWEBSEARCHSERVICE


    ((((((((((((((((((((((((( Files Created from 2010-04-24 to 2010-05-24 )))))))))))))))))))))))))))))))
    .

    2010-05-21 20:57 . 2010-05-21 20:57 200480 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-05-21 19:06 . 2010-05-21 19:06 -------- d-----w- c:\program files\Microsoft Research
    2010-05-21 18:08 . 2010-05-21 18:08 -------- d-----w- c:\program files\Photosynth
    2010-05-20 20:32 . 2010-05-20 20:32 -------- d-----w- c:\program files\Trend Micro
    2010-05-14 16:16 . 2010-05-14 16:17 -------- d-----w- c:\program files\TuneUpMedia
    2010-05-14 16:16 . 2010-05-14 17:02 -------- d-----w- c:\documents and settings\Julie\Application Data\TuneUpMedia
    2010-05-14 16:11 . 2010-05-14 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUpMedia
    2010-05-09 20:14 . 2010-05-23 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Hobbyist Software
    2010-05-08 10:16 . 2010-05-10 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Driving Test Success
    2010-05-08 10:16 . 2010-05-10 19:09 -------- d-----w- c:\program files\Driving Test Success - All Tests (2009-2010)
    2010-05-05 18:57 . 2010-05-10 21:38 -------- d-----w- c:\documents and settings\Julie\Application Data\FileZilla
    2010-04-26 19:08 . 2010-04-26 19:08 -------- d-----w- c:\documents and settings\Julie\Local Settings\Application Data\Sony
    2010-04-26 19:08 . 2010-04-26 19:08 -------- d-----w- c:\documents and settings\Julie\Application Data\Sony

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-24 17:25 . 2010-01-28 16:36 -------- d-----w- c:\documents and settings\Julie\Application Data\Dropbox
    2010-05-24 17:20 . 2009-01-04 11:48 602 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
    2010-05-24 15:32 . 2010-05-24 15:32 503808 ----a-w- c:\documents and settings\Julie\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-20498535-n\msvcp71.dll
    2010-05-24 15:32 . 2010-05-24 15:32 499712 ----a-w- c:\documents and settings\Julie\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-20498535-n\jmc.dll
    2010-05-24 15:32 . 2010-05-24 15:32 348160 ----a-w- c:\documents and settings\Julie\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-20498535-n\msvcr71.dll
    2010-05-24 15:19 . 2008-07-12 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2010-05-21 19:07 . 2010-05-21 19:07 43385 ----a-r- c:\documents and settings\Julie\Application Data\Microsoft\Installer\{C3DAC196-8487-4E2E-94F3-9CBE361EB712}\_5760EA0C59009CA8D18846.exe
    2010-05-21 19:07 . 2010-05-21 19:07 43385 ----a-r- c:\documents and settings\Julie\Application Data\Microsoft\Installer\{C3DAC196-8487-4E2E-94F3-9CBE361EB712}\_21F3885A18D238E15AAE81.exe
    2010-05-21 19:07 . 2010-05-21 19:07 32579 ----a-r- c:\documents and settings\Julie\Application Data\Microsoft\Installer\{C3DAC196-8487-4E2E-94F3-9CBE361EB712}\_6FEFF9B68218417F98F549.exe
    2010-05-21 18:50 . 2008-07-12 12:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-05-20 17:32 . 2008-07-12 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
    2010-05-16 18:00 . 2006-09-01 19:25 -------- d-----w- c:\documents and settings\Julie\Application Data\uTorrent
    2010-05-15 23:25 . 2008-12-05 16:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-05-14 16:17 . 2010-02-17 14:48 -------- d-----w- c:\program files\iTunes
    2010-05-12 18:04 . 2006-08-03 14:11 -------- d-----w- c:\documents and settings\Julie\Application Data\gtk-2.0
    2010-05-11 15:17 . 2009-04-16 21:41 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 3
    2010-05-06 19:18 . 2009-10-23 19:12 -------- d-----w- c:\program files\Opera
    2010-05-02 19:57 . 2010-05-02 19:57 -------- d-----w- c:\program files\Free Audio Pack
    2010-05-02 19:57 . 2010-05-02 19:57 -------- d-----w- c:\documents and settings\Julie\Application Data\FreeAudioPack
    2010-04-29 14:39 . 2008-12-05 16:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 14:39 . 2008-12-05 16:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-27 21:16 . 2008-07-12 16:02 -------- d-----w- c:\program files\Google
    2010-04-26 19:11 . 2008-12-25 12:08 -------- d-----w- c:\program files\Sony
    2010-04-26 19:03 . 2008-08-04 18:49 -------- d-----w- c:\program files\Pidgin
    2010-04-23 21:18 . 2009-09-13 09:37 -------- d-----w- c:\program files\Digsby
    2010-04-23 20:50 . 2006-09-01 14:20 -------- d-----w- c:\documents and settings\Julie\Application Data\Audacity
    2010-04-23 20:41 . 2008-08-04 19:17 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
    2010-04-19 19:18 . 2008-08-26 13:32 -------- d-----w- c:\documents and settings\Julie\Application Data\vlc
    2010-04-19 19:15 . 2010-03-20 15:40 -------- d-----w- c:\program files\Hobbyist Software
    2010-04-17 20:50 . 2008-07-27 09:58 74408 ----a-w- c:\documents and settings\Julie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-04-15 10:42 . 2009-10-22 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-04-13 19:18 . 2010-04-13 19:18 -------- d-----w- c:\program files\BBC iPlayer Desktop
    2010-04-13 11:51 . 2008-07-12 13:12 -------- d-----w- c:\program files\AVG
    2010-04-13 11:33 . 2008-07-10 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
    2010-04-09 08:52 . 2006-07-30 09:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
    2010-04-07 18:04 . 2006-07-30 09:17 -------- d-----w- c:\program files\Kodak
    2010-04-07 17:50 . 2008-07-11 16:52 -------- d-----w- c:\program files\Yahoo!
    2010-04-07 14:20 . 2010-05-08 10:22 5728808 ----a-w- c:\documents and settings\All Users\Application Data\Driving Test Success\Downloads\DTSUpdate.exe
    2010-04-05 21:34 . 2006-08-11 14:37 -------- d-----w- c:\documents and settings\Julie\Application Data\.purple
    2010-03-30 20:12 . 2009-05-06 18:05 -------- d-----w- c:\documents and settings\Julie\Application Data\Spotify
    2010-03-29 09:03 . 2008-07-15 16:09 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-03-12 21:46 . 2009-02-26 17:36 60688 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-01 19:02 . 2009-07-20 13:15 38784 ----a-w- c:\documents and settings\Julie\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2010-02-26 16:41 . 2010-02-26 16:41 390528 ----a-w- c:\windows\system32\drivers\RapportBuka.sys
    2010-02-26 16:41 . 2010-02-26 16:41 390528 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBuka.sys
    2010-02-26 16:41 . 2010-02-26 16:41 249856 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBukaBroom.dll
    2010-02-26 16:14 . 2010-01-28 16:39 91696 ----a-w- c:\documents and settings\Julie\Application Data\Dropbox\bin\Uninstall.exe
    2010-02-26 16:07 . 2010-02-26 16:07 13264416 ----a-w- c:\documents and settings\Julie\Application Data\Dropbox\cache\Dropbox-update-0.7.110.exe
    2010-02-26 05:10 . 2010-02-26 05:10 21979992 ----a-w- c:\documents and settings\Julie\Application Data\Dropbox\bin\Dropbox.exe
    2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2008-09-09 19:07 . 2008-09-09 19:07 65590 --sha-w- c:\windows\system32\famatoge.dll.tmp
    2008-09-09 19:07 . 2008-09-09 19:07 65590 --sha-w- c:\windows\system32\mahalemo.dll.tmp
    2008-09-09 19:07 . 2008-09-09 19:07 65590 --sha-w- c:\windows\system32\wedusoha.dll.tmp
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\Security\avg\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-09-02 11:58 1107200 ----a-w- c:\program files\Security\avg\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
    2009-11-03 21:12 556432 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\Security\avg\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\Security\avg\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2008-09-30 22:25 527304 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2008-09-30 22:25 527304 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2008-09-30 22:25 527304 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Julie\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Julie\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Julie\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\documents and settings\Julie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-20 133104]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG8_TRAY"="c:\progra~1\Security\avg\avgtray.exe" [2010-03-18 2046816]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
    "Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2008-09-30 600008]
    "ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
    "Hobbyist Software On-Off Helper"="c:\program files\Hobbyist Software\Off-Helper\Off-Helper.exe" [2010-05-05 210432]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Julie\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Julie\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    OfficeSAS.lnk - c:\program files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe [2009-9-26 202648]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-08-17 08:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2008-05-28 11:32 87352 ------w- c:\windows\system32\LMIinit.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\avgrsstx.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
    backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
    2008-04-14 04:42 110592 ----a-w- c:\windows\system32\bthprops.cpl

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
    2002-03-19 16:30 45632 ------w- c:\windows\system32\TaskSwitch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
    2007-12-08 00:42 376832 ------w- c:\program files\Eraser\Eraser.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ext2 Volume Manager]
    2008-05-24 12:29 1207440 ----a-w- c:\program files\Ext2Fsd\Ext2Mgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F5D9050]
    2006-07-20 05:55 1617920 ------w- c:\program files\Belkin\F5D9050\Belkinwcui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2006-09-11 04:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2006-09-11 04:40 218032 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2006-09-11 04:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
    2008-02-27 16:56 1032376 ------w- c:\program files\Kontiki\KHost.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    2006-08-17 08:00 1116920 ------w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]
    2009-07-02 08:22 2453264 ----a-w- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2006-10-18 19:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Security\\avg\\avgemc.exe"=
    "c:\\Program Files\\Security\\avg\\avgupd.exe"=
    "c:\\Program Files\\Kontiki\\KService.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=
    "c:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Spotify\\spotify.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
    "c:\\Documents and Settings\\Julie\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "c:\\Program Files\\Hobbyist Software\\Off-Helper\\Off-Helper.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Opera\\opera.exe"=
    "c:\\Program Files\\Hobbyist Software\\Off-Helper\\Off-Service.exe"=
    "c:\\Program Files\\Hobbyist Software\\Off-Helper\\mdnsresponder.exe"=
    "c:\\Program Files\\Hobbyist Software\\Off-Helper\\dnssd-hobbyist.dll"=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/07/2008 2:13 PM 335240]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/07/2008 2:13 PM 108552]
    R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\system32\drivers\ext2fsd.sys [21/08/2008 9:42 PM 651264]
    R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [26/02/2010 5:41 PM 390528]
    R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [15/03/2010 2:47 PM 58984]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [15/03/2010 2:47 PM 116328]
    R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [19/12/2001 11:45 AM 8576]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\Security\avg\avgemc.exe [12/07/2008 2:12 PM 908056]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\Security\avg\avgwdsvc.exe [12/07/2008 2:12 PM 297752]
    R2 kqemu;kqemu driver;c:\windows\system32\drivers\kqemu.sys [06/02/2007 10:02 PM 123939]
    R2 Off-Helper;Off-Helper;c:\program files\Hobbyist Software\Off-Helper\Off-Service.exe [09/05/2010 9:14 PM 32256]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [15/03/2010 2:47 PM 779496]
    R2 X4HSX32Ex;X4HSX32Ex;c:\program files\Metaboli Player\X4HSX32Ex.sys [18/07/2008 12:18 PM 29856]
    R3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [10/06/2004 12:14 AM 502784]
    R3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\drivers\ss.sys [14/07/2008 7:51 PM 19968]
    S2 Ca533av;MGA Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [03/08/2006 11:38 AM 515803]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/04/2010 10:16 PM 136176]
    S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [26/09/2009 5:28 AM 4639136]
    S3 P730C;P730C;c:\windows\system32\drivers\P730C.sys [18/08/2008 2:16 PM 25300]
    S3 P730M;P730M;c:\windows\system32\drivers\P730M.sys [18/08/2008 2:16 PM 25300]
    S3 P730U;P730U;c:\windows\system32\drivers\P730U.sys [18/08/2008 2:16 PM 49365]
    S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\pfc027.sys --> c:\windows\system32\DRIVERS\pfc027.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-17 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2006-08-03 c:\windows\Tasks\dfrg.job
    - c:\windows\system32\dfrg.msc [2004-08-04 12:00]

    2010-05-24 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-12 20:28]

    2010-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 21:39]

    2010-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1004Core.job
    - c:\documents and settings\Julie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-20 17:40]

    2010-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1004UA.job
    - c:\documents and settings\Julie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-20 17:40]

    2010-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1012Core.job
    - c:\documents and settings\Adam.WORLEY-46B190B0\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-21 13:41]

    2010-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1012UA.job
    - c:\documents and settings\Adam.WORLEY-46B190B0\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-21 13:41]

    2010-05-24 c:\windows\Tasks\User_Feed_Synchronization-{87B8FE37-D887-4987-8C12-7790F9683185}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

    2010-05-24 c:\windows\Tasks\User_Feed_Synchronization-{8892A9E9-8D6A-4753-B8AD-26B5D41F345D}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

    2010-05-24 c:\windows\Tasks\User_Feed_Synchronization-{CB794B10-EA7E-41C0-8BC5-B58A21901C34}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - /105
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.17.0.cab
    FF - ProfilePath - c:\documents and settings\Julie\Application Data\Mozilla\Firefox\Profiles\xhadvr10.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - component: c:\documents and settings\Julie\Application Data\Mozilla\Firefox\Profiles\xhadvr10.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
    FF - component: c:\program files\Security\avg\Firefox\components\avgssff.dll
    FF - component: c:\program files\Security\avg\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\Security\avg\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\Security\avg\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\Security\avg\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
    FF - plugin: c:\documents and settings\Julie\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npExentCtl.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
    FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{49C5A41D-225D-4792-B656-9873522697D3} - (no file)
    BHO-{80bf2261-0374-43d1-a5a8-204f1ec384c6} - (no file)
    BHO-{D6F5B312-EF0D-464D-A043-E6E08A35952C} - (no file)
    Notify-rqRIbYro - (no file)
    MSConfigStartUp-CPM4f968b04 - c:\windows\system32\vajoneyo.dll
    MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    MSConfigStartUp-Lexmark 1200 Series - c:\program files\Lexmark 1200 Series\lxczbmgr.exe
    MSConfigStartUp-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
    MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
    MSConfigStartUp-VMware hqtray - c:\program files\VMware\VMware Player\hqtray.exe
    AddRemove-Mozilla Firefox (2.0.0.20) - e:\portableapps\FirefoxPortable\App\firefox\uninstall\helper.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-24 18:22
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(572)
    c:\windows\system32\LMIinit.dll
    c:\windows\system32\LMIRfsClientNP.dll

    - - - - - - - > 'explorer.exe'(1136)
    c:\windows\system32\WININET.dll
    c:\program files\Trusteer\Rapport\bin\rooksbas.dll
    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    c:\documents and settings\Julie\Application Data\Dropbox\bin\DropboxExt.13.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Roxio\Drag-to-Disc\Shellex.dll
    c:\windows\system32\DLAAPI_W.DLL
    c:\windows\system32\CDRTC.DLL
    c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\LMIRfsClientNP.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\progra~1\Security\avg\avgrsx.exe
    c:\progra~1\Security\avg\avgnsx.exe
    c:\windows\System32\PAStiSvc.exe
    c:\program files\TVersity\Media Server\MediaServer.exe
    c:\windows\system32\ufdsvc.exe
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\program files\Security\avg\avgcsrvx.exe
    c:\windows\system32\wscntfy.exe
    c:\documents and settings\Julie\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    c:\program files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2010-05-24 18:39:28 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-05-24 17:39

    Pre-Run: 39,646,416,896 bytes free
    Post-Run: 39,755,513,856 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - 3C7163FCD596B56BA1A18EA836F1F708
     
  11. mada360

    mada360 Thread Starter

    Joined:
    May 21, 2010
    Messages:
    21
    *While running combofix it detected a rootkit and rebooted my system
     
  12. SweetTech

    SweetTech Malware Specialist

    Joined:
    Dec 31, 1969
    Messages:
    1,016
    Hello,

    ComboFix Script

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
    • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

    Copy/paste the text inside the Codebox below into notepad:

    Here's how to do that:
    Click Start > Run type Notepad click OK.
    This will open an empty notepad file:

    Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

    Code:
    http://forums.techguy.org/7404412-post10.html
    Collect::
    c:\windows\system32\famatoge.dll.tmp
    c:\windows\system32\mahalemo.dll.tmp
    c:\windows\system32\wedusoha.dll.tmp
    
    Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

    Save this file to your desktop, Save this as "CFScript"


    Here's how to do that:

    1.Click File;
    2.Click Save As... Change the directory to your desktop;
    3.Change the Save as type to "All Files";
    4.Type in the file name: CFScript
    5.Click Save ...

    [​IMG]

    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you.
    • Copy and paste the contents of the log in your next reply.


    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



    NEXT:



    Malwarebytes' Anti-Malware

    I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:


    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates
    • After the update have been completed, Select the Scanner tab.
    • Select Perform quick scan, then click on Scan
    • Leave the default options as it is and click on Start Scan
    • When done, you will be prompted. Click OK, then click on Show Results
    • Checked (ticked) all items and click on Remove Selected
    • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



    NEXT:



    ESET Online Scanner
    I'd like us to scan your machine with ESET Online Scan

    Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.




    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the [​IMG] button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the [​IMG] icon on your desktop.
    4. Check [​IMG]
    5. Click the [​IMG] button.
    6. Accept any security warnings from your browser.
    7. Check [​IMG]
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push [​IMG]
    12. Push [​IMG], and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    13. Push the [​IMG] button.
    14. Push [​IMG]



    NEXT:



    OTL Custom Scan

    We need to run an OTL Custom Scan

    1. Please reopen [​IMG] on your desktop.
    2. Copy and Paste the following bolded text into the [​IMG] textbox.


      netsvcs
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\drivers\*.sys /180
    3. Push [​IMG]
    4. A report will open. Copy and Paste that report in your next reply.




    NEXT:


    Please make sure you include the following items in your next post:
    1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
    2. The log that was produced after running the ComboFix scan.
    3. The log that was produced after running the updated MalwareBytes' Anti-Malware scan.
    4. The log that was produced after running the ESET Online Virus Scanner.
    5. The log that was produced after running the OTL scan.
    6. An update on how your computer is currently running.​
    It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

    Cheers,
    SweetTech.
     
  13. mada360

    mada360 Thread Starter

    Joined:
    May 21, 2010
    Messages:
    21
    Just had a load of error messages saying that all of my start up programs couldn't run and then my pc crashed, yesterday I performed the Eset scan which nearly took 7 hours to complete, I will be posting all the results at once afterbi have performed the OTL scan.
     
  14. SweetTech

    SweetTech Malware Specialist

    Joined:
    Dec 31, 1969
    Messages:
    1,016
  15. mada360

    mada360 Thread Starter

    Joined:
    May 21, 2010
    Messages:
    21
    2)
    ComboFix 10-05-23.08 - Julie 24/05/2010 19:45:32.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.447.177 [GMT 1:00]
    Running from: c:\documents and settings\Julie\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Julie\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    file zipped: c:\windows\system32\famatoge.dll.tmp
    file zipped: c:\windows\system32\mahalemo.dll.tmp
    file zipped: c:\windows\system32\wedusoha.dll.tmp
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\famatoge.dll.tmp
    c:\windows\system32\mahalemo.dll.tmp
    c:\windows\system32\wedusoha.dll.tmp

    .
    ((((((((((((((((((((((((( Files Created from 2010-04-24 to 2010-05-24 )))))))))))))))))))))))))))))))
    .

    2010-05-24 18:10 . 2010-05-24 18:36 -------- d-----w- c:\program files\freeSSHd
    2010-05-21 20:57 . 2010-05-21 20:57 200480 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-05-21 19:06 . 2010-05-21 19:06 -------- d-----w- c:\program files\Microsoft Research
    2010-05-21 18:08 . 2010-05-21 18:08 -------- d-----w- c:\program files\Photosynth
    2010-05-20 20:32 . 2010-05-20 20:32 -------- d-----w- c:\program files\Trend Micro
    2010-05-14 16:16 . 2010-05-14 16:17 -------- d-----w- c:\program files\TuneUpMedia
    2010-05-14 16:16 . 2010-05-14 17:02 -------- d-----w- c:\documents and settings\Julie\Application Data\TuneUpMedia
    2010-05-14 16:11 . 2010-05-14 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUpMedia
    2010-05-09 20:14 . 2010-05-23 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Hobbyist Software
    2010-05-08 10:16 . 2010-05-10 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Driving Test Success
    2010-05-08 10:16 . 2010-05-10 19:09 -------- d-----w- c:\program files\Driving Test Success - All Tests (2009-2010)
    2010-05-05 18:57 . 2010-05-10 21:38 -------- d-----w- c:\documents and settings\Julie\Application Data\FileZilla
    2010-04-26 19:08 . 2010-04-26 19:08 -------- d-----w- c:\documents and settings\Julie\Local Settings\Application Data\Sony
    2010-04-26 19:08 . 2010-04-26 19:08 -------- d-----w- c:\documents and settings\Julie\Application Data\Sony

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-24 17:43 . 2010-01-28 16:36 -------- d-----w- c:\documents and settings\Julie\Application Data\Dropbox
    2010-05-24 17:20 . 2009-01-04 11:48 602 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
    2010-05-24 15:32 . 2010-05-24 15:32 503808 ----a-w- c:\documents and settings\Julie\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-20498535-n\msvcp71.dll
    2010-05-24 15:32 . 2010-05-24 15:32 499712 ----a-w- c:\documents and settings\Julie\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-20498535-n\jmc.dll
    2010-05-24 15:32 . 2010-05-24 15:32 348160 ----a-w- c:\documents and settings\Julie\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-20498535-n\msvcr71.dll
    2010-05-24 15:19 . 2008-07-12 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2010-05-21 19:07 . 2010-05-21 19:07 43385 ----a-r- c:\documents and settings\Julie\Application Data\Microsoft\Installer\{C3DAC196-8487-4E2E-94F3-9CBE361EB712}\_5760EA0C59009CA8D18846.exe
    2010-05-21 19:07 . 2010-05-21 19:07 43385 ----a-r- c:\documents and settings\Julie\Application Data\Microsoft\Installer\{C3DAC196-8487-4E2E-94F3-9CBE361EB712}\_21F3885A18D238E15AAE81.exe
    2010-05-21 19:07 . 2010-05-21 19:07 32579 ----a-r- c:\documents and settings\Julie\Application Data\Microsoft\Installer\{C3DAC196-8487-4E2E-94F3-9CBE361EB712}\_6FEFF9B68218417F98F549.exe
    2010-05-21 18:50 . 2008-07-12 12:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-05-20 17:32 . 2008-07-12 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
    2010-05-16 18:00 . 2006-09-01 19:25 -------- d-----w- c:\documents and settings\Julie\Application Data\uTorrent
    2010-05-15 23:25 . 2008-12-05 16:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-05-14 16:17 . 2010-02-17 14:48 -------- d-----w- c:\program files\iTunes
    2010-05-12 18:04 . 2006-08-03 14:11 -------- d-----w- c:\documents and settings\Julie\Application Data\gtk-2.0
    2010-05-11 15:17 . 2009-04-16 21:41 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 3
    2010-05-06 19:18 . 2009-10-23 19:12 -------- d-----w- c:\program files\Opera
    2010-05-02 19:57 . 2010-05-02 19:57 -------- d-----w- c:\program files\Free Audio Pack
    2010-05-02 19:57 . 2010-05-02 19:57 -------- d-----w- c:\documents and settings\Julie\Application Data\FreeAudioPack
    2010-04-29 14:39 . 2008-12-05 16:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 14:39 . 2008-12-05 16:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-27 21:16 . 2008-07-12 16:02 -------- d-----w- c:\program files\Google
    2010-04-26 19:11 . 2008-12-25 12:08 -------- d-----w- c:\program files\Sony
    2010-04-26 19:03 . 2008-08-04 18:49 -------- d-----w- c:\program files\Pidgin
    2010-04-23 21:18 . 2009-09-13 09:37 -------- d-----w- c:\program files\Digsby
    2010-04-23 20:50 . 2006-09-01 14:20 -------- d-----w- c:\documents and settings\Julie\Application Data\Audacity
    2010-04-23 20:41 . 2008-08-04 19:17 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
    2010-04-19 19:18 . 2008-08-26 13:32 -------- d-----w- c:\documents and settings\Julie\Application Data\vlc
    2010-04-19 19:15 . 2010-03-20 15:40 -------- d-----w- c:\program files\Hobbyist Software
    2010-04-17 20:50 . 2008-07-27 09:58 74408 ----a-w- c:\documents and settings\Julie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-04-15 10:42 . 2009-10-22 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-04-13 19:18 . 2010-04-13 19:18 -------- d-----w- c:\program files\BBC iPlayer Desktop
    2010-04-13 11:51 . 2008-07-12 13:12 -------- d-----w- c:\program files\AVG
    2010-04-13 11:33 . 2008-07-10 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
    2010-04-09 08:52 . 2006-07-30 09:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
    2010-04-07 18:04 . 2006-07-30 09:17 -------- d-----w- c:\program files\Kodak
    2010-04-07 17:50 . 2008-07-11 16:52 -------- d-----w- c:\program files\Yahoo!
    2010-04-07 14:20 . 2010-05-08 10:22 5728808 ----a-w- c:\documents and settings\All Users\Application Data\Driving Test Success\Downloads\DTSUpdate.exe
    2010-04-05 21:34 . 2006-08-11 14:37 -------- d-----w- c:\documents and settings\Julie\Application Data\.purple
    2010-03-30 20:12 . 2009-05-06 18:05 -------- d-----w- c:\documents and settings\Julie\Application Data\Spotify
    2010-03-29 09:03 . 2008-07-15 16:09 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-03-12 21:46 . 2009-02-26 17:36 60688 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-01 19:02 . 2009-07-20 13:15 38784 ----a-w- c:\documents and settings\Julie\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2010-02-26 16:41 . 2010-02-26 16:41 390528 ----a-w- c:\windows\system32\drivers\RapportBuka.sys
    2010-02-26 16:41 . 2010-02-26 16:41 390528 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBuka.sys
    2010-02-26 16:41 . 2010-02-26 16:41 249856 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBukaBroom.dll
    2010-02-26 16:14 . 2010-01-28 16:39 91696 ----a-w- c:\documents and settings\Julie\Application Data\Dropbox\bin\Uninstall.exe
    2010-02-26 16:07 . 2010-02-26 16:07 13264416 ----a-w- c:\documents and settings\Julie\Application Data\Dropbox\cache\Dropbox-update-0.7.110.exe
    2010-02-26 05:10 . 2010-02-26 05:10 21979992 ----a-w- c:\documents and settings\Julie\Application Data\Dropbox\bin\Dropbox.exe
    2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\Security\avg\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-09-02 11:58 1107200 ----a-w- c:\program files\Security\avg\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
    2009-11-03 21:12 556432 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\Security\avg\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\Security\avg\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2008-09-30 22:25 527304 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2008-09-30 22:25 527304 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2008-09-30 22:25 527304 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Julie\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Julie\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Julie\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\documents and settings\Julie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-20 133104]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG8_TRAY"="c:\progra~1\Security\avg\avgtray.exe" [2010-03-18 2046816]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
    "Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2008-09-30 600008]
    "ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
    "Hobbyist Software On-Off Helper"="c:\program files\Hobbyist Software\Off-Helper\Off-Helper.exe" [2010-05-05 210432]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Julie\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Julie\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    OfficeSAS.lnk - c:\program files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe [2009-9-26 202648]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-08-17 08:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2008-05-28 11:32 87352 ------w- c:\windows\system32\LMIinit.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\avgrsstx.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
    backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
    2008-04-14 04:42 110592 ----a-w- c:\windows\system32\bthprops.cpl

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
    2002-03-19 16:30 45632 ------w- c:\windows\system32\TaskSwitch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
    2007-12-08 00:42 376832 ------w- c:\program files\Eraser\Eraser.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ext2 Volume Manager]
    2008-05-24 12:29 1207440 ----a-w- c:\program files\Ext2Fsd\Ext2Mgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F5D9050]
    2006-07-20 05:55 1617920 ------w- c:\program files\Belkin\F5D9050\Belkinwcui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2006-09-11 04:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2006-09-11 04:40 218032 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2006-09-11 04:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
    2008-02-27 16:56 1032376 ------w- c:\program files\Kontiki\KHost.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    2006-08-17 08:00 1116920 ------w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]
    2009-07-02 08:22 2453264 ----a-w- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2006-10-18 19:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Security\\avg\\avgemc.exe"=
    "c:\\Program Files\\Security\\avg\\avgupd.exe"=
    "c:\\Program Files\\Kontiki\\KService.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=
    "c:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Spotify\\spotify.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
    "c:\\Documents and Settings\\Julie\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "c:\\Program Files\\Hobbyist Software\\Off-Helper\\Off-Helper.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Opera\\opera.exe"=
    "c:\\Program Files\\Hobbyist Software\\Off-Helper\\Off-Service.exe"=
    "c:\\Program Files\\Hobbyist Software\\Off-Helper\\mdnsresponder.exe"=
    "c:\\Program Files\\Hobbyist Software\\Off-Helper\\dnssd-hobbyist.dll"=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/07/2008 2:13 PM 335240]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/07/2008 2:13 PM 108552]
    R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\system32\drivers\ext2fsd.sys [21/08/2008 9:42 PM 651264]
    R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [26/02/2010 5:41 PM 390528]
    R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [15/03/2010 2:47 PM 58984]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [15/03/2010 2:47 PM 116328]
    R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [19/12/2001 11:45 AM 8576]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\Security\avg\avgemc.exe [12/07/2008 2:12 PM 908056]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\Security\avg\avgwdsvc.exe [12/07/2008 2:12 PM 297752]
    R2 kqemu;kqemu driver;c:\windows\system32\drivers\kqemu.sys [06/02/2007 10:02 PM 123939]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [15/03/2010 2:47 PM 779496]
    R2 X4HSX32Ex;X4HSX32Ex;c:\program files\Metaboli Player\X4HSX32Ex.sys [18/07/2008 12:18 PM 29856]
    R3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [10/06/2004 12:14 AM 502784]
    R3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\drivers\ss.sys [14/07/2008 7:51 PM 19968]
    S2 Ca533av;MGA Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [03/08/2006 11:38 AM 515803]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/04/2010 10:16 PM 136176]
    S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
    S2 Off-Helper;Off-Helper;c:\program files\Hobbyist Software\Off-Helper\Off-Service.exe [09/05/2010 9:14 PM 32256]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [26/09/2009 5:28 AM 4639136]
    S3 P730C;P730C;c:\windows\system32\drivers\P730C.sys [18/08/2008 2:16 PM 25300]
    S3 P730M;P730M;c:\windows\system32\drivers\P730M.sys [18/08/2008 2:16 PM 25300]
    S3 P730U;P730U;c:\windows\system32\drivers\P730U.sys [18/08/2008 2:16 PM 49365]
    S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\pfc027.sys --> c:\windows\system32\DRIVERS\pfc027.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-17 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2006-08-03 c:\windows\Tasks\dfrg.job
    - c:\windows\system32\dfrg.msc [2004-08-04 12:00]

    2010-05-24 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-12 20:28]

    2010-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 21:39]

    2010-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1004Core.job
    - c:\documents and settings\Julie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-20 17:40]

    2010-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1004UA.job
    - c:\documents and settings\Julie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-20 17:40]

    2010-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1012Core.job
    - c:\documents and settings\Adam.WORLEY-46B190B0\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-21 13:41]

    2010-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1012UA.job
    - c:\documents and settings\Adam.WORLEY-46B190B0\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-21 13:41]

    2010-05-24 c:\windows\Tasks\User_Feed_Synchronization-{87B8FE37-D887-4987-8C12-7790F9683185}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

    2010-05-24 c:\windows\Tasks\User_Feed_Synchronization-{8892A9E9-8D6A-4753-B8AD-26B5D41F345D}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

    2010-05-24 c:\windows\Tasks\User_Feed_Synchronization-{CB794B10-EA7E-41C0-8BC5-B58A21901C34}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - /105
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.17.0.cab
    FF - ProfilePath - c:\documents and settings\Julie\Application Data\Mozilla\Firefox\Profiles\xhadvr10.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - component: c:\documents and settings\Julie\Application Data\Mozilla\Firefox\Profiles\xhadvr10.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
    FF - component: c:\program files\Security\avg\Firefox\components\avgssff.dll
    FF - component: c:\program files\Security\avg\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\Security\avg\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\Security\avg\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\Security\avg\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
    FF - plugin: c:\documents and settings\Julie\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npExentCtl.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
    FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-24 20:00
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(572)
    c:\windows\system32\LMIinit.dll
    c:\windows\system32\LMIRfsClientNP.dll
    .
    Completion time: 2010-05-24 20:08:45
    ComboFix-quarantined-files.txt 2010-05-24 19:08
    ComboFix2.txt 2010-05-24 17:39

    Pre-Run: 39,807,184,896 bytes free
    Post-Run: 39,793,197,056 bytes free

    - - End Of File - - 3A200F4E772757F935003696BD7A01F8
    Upload was successful
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/924393