Lavasoft Support Forums > System infected with Proof Defender(Reopened)

Full Version: System infected with Proof Defender(Reopened)

Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs

Annalie

Sep 22 2009, 09:43 PM

My system has been infected with Proof Defender which corrupts my MS Outlook setup. Because I am running Windows XP SP1 I am unable to run an Ad-Aware scan. Here are the logs from Hijack This - could you please help me to get rid of Proof Defender so that I can upgrade to SP2 and SP3?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:22 PM, on 2009/09/22
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\System32\BtUsrBdg.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4EEC7DC-3402-4F75-83AC-43EA187F7BD4}: NameServer = 196.43.34.190,196.43.46.190
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EngineServer - Unknown owner - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McShield - Unknown owner - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe (file missing)

--
End of file - 7886 bytes

Rorschach112

Sep 23 2009, 07:49 PM

hi

Please run the MGA Diagnostic Tool and post back the report it shall produce:

Download MGADiag to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.

Annalie

Sep 23 2009, 10:27 PM

Hi!

I have run MGADiag - herewith the log.

Many thanks!

Diagnostic Report (1.9.0011.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: N/A
Windows Product Key: *****-*****-2D4Y9-BJG7V-KQKQ8
Windows Product Key Hash: ZNSPC9sVAAQiXBRkS6LK21S214Q=
Windows Product ID: 55277-OEM-2154547-27043
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010300.1.0.hom
ID: {414647C3-8F23-4D9A-8E00-1827348677D5}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.3.265.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_70AFE6BE-656-80070057_E2AD56EA-815-80070057

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{414647C3-8F23-4D9A-8E00-1827348677D5}</UGUID><Version>1.9.0011.0</Version><OS>5.1.2600.2.00010300.1.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-KQKQ8</PKey><PID>55277-OEM-2154547-27043</PID><PIDType>3</PIDType><SID>S-1-5-21-1801674531-1770027372-725345543</SID><SYSTEM><Manufacturer>NVIDIA</Manufacturer><Model>AWRDACPI</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="3"/><Date>20031107******.******+***</Date></BIOS><HWID>D5A0395F0184A05F</HWID><UserLCID>1C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>South Africa Standard Time(GMT+02:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData> <Software><Office><Result>100</Result><Products><Product GUID="{91110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>4F5B3949D3B6770</Val><Hash>1Dr3ZWs0J0RNsARR6wmiI7is3Eo=</Hash><Pid>70145-OEM-5795207-75747</Pid><PidType>5</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: no
Marker string from BIOS: N/A
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

Rorschach112

Sep 24 2009, 03:36 PM

hi

Download Rooter.exe to your desktop

Then doubleclick it to start the tool
A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here

Download CKScanner from here

Important : Save it to your desktop.

Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify that the file is saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Annalie

Sep 24 2009, 10:03 PM

Herewith the report from the scan by Rooter.
*******

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 1
[32_bits] - x86 Family 6 Model 10 Stepping 0, AuthenticAMD
.
Error OpenService (wscsvc) : 1060
[SharedAccess] RUNNING (state:4)
.
Internet Explorer 6.0.2800.1106
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:76 Go - Free:31 Go )
D:\ [CD_Rom]
.
Scan : 22:52.04
Path : C:\Program Files\Lavasoft\Rooter.exe
User : Annalie ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (772)
______ \??\C:\WINDOWS\system32\csrss.exe (820)
______ \??\C:\WINDOWS\system32\winlogon.exe (844)
______ C:\WINDOWS\system32\services.exe (888)
______ C:\WINDOWS\system32\lsass.exe (900)
______ C:\WINDOWS\System32\Ati2evxx.exe (1048)
______ C:\WINDOWS\system32\svchost.exe (1076)
______ C:\WINDOWS\System32\svchost.exe (1204)
______ C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (1232)
______ C:\WINDOWS\System32\svchost.exe (1588)
______ C:\WINDOWS\System32\svchost.exe (1620)
______ C:\WINDOWS\system32\spoolsv.exe (1808)
______ C:\WINDOWS\System32\alg.exe (448)
______ C:\Program Files\Java\jre6\bin\jqs.exe (496)
______ C:\WINDOWS\System32\svchost.exe (672)
______ C:\WINDOWS\system32\Ati2evxx.exe (172)
______ C:\WINDOWS\Explorer.EXE (336)
______ C:\WINDOWS\SOUNDMAN.EXE (1600)
______ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (600)
______ C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (620)
______ C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe (824)
______ C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (1644)
______ C:\WINDOWS\System32\BtUsrBdg.exe (752)
______ C:\Program Files\QuickTime\qttask.exe (1776)
______ C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe (484)
______ C:\Program Files\Java\jre6\bin\jusched.exe (1748)
______ C:\WINDOWS\System32\wuauclt.exe (1464)
______ C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE (1512)
______ C:\WINDOWS\System32\ctfmon.exe (2076)
______ C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (2112)
______ C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe (2176)
______ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (2268)
______ C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (2328)
______ C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe (2392)
______ C:\Program Files\Mozilla Firefox\firefox.exe (3408)
______ C:\Program Files\Lavasoft\Rooter.exe (3948)
Hidden C:\Documents and Settings\Annalie\Application Data\Gmail\exiap6415386.exe (1976)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:82335020544)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 22:52.23
.
C:\Rooter$\Rooter_1.txt - (24/09/2009 | 22:52.23)

********

Herewith the report from CKScanner.

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----

Thanks for your help!

Rorschach112

Sep 25 2009, 01:24 AM

why haven't you updated to Service Pack 2 ?

Please download OTM

Save it to your desktop.
Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

CODE
:Processes

:Services

:Reg

:Files
C:\WINDOWS\Tasks\At*.job

:Commands
[purity]
[emptytemp]
[Reboot]
Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Annalie

Sep 25 2009, 09:58 AM

Hi!

Pure slackness, really, not installing SP2. Was warned not to do this until I have sorted out the current problem.
Herewith the log from running OTM.

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\Tasks\At1.job moved successfully.
C:\WINDOWS\Tasks\At10.job moved successfully.
C:\WINDOWS\Tasks\At11.job moved successfully.
C:\WINDOWS\Tasks\At12.job moved successfully.
C:\WINDOWS\Tasks\At13.job moved successfully.
C:\WINDOWS\Tasks\At14.job moved successfully.
C:\WINDOWS\Tasks\At15.job moved successfully.
C:\WINDOWS\Tasks\At16.job moved successfully.
C:\WINDOWS\Tasks\At17.job moved successfully.
C:\WINDOWS\Tasks\At18.job moved successfully.
C:\WINDOWS\Tasks\At19.job moved successfully.
C:\WINDOWS\Tasks\At2.job moved successfully.
C:\WINDOWS\Tasks\At20.job moved successfully.
C:\WINDOWS\Tasks\At21.job moved successfully.
C:\WINDOWS\Tasks\At22.job moved successfully.
C:\WINDOWS\Tasks\At23.job moved successfully.
C:\WINDOWS\Tasks\At24.job moved successfully.
C:\WINDOWS\Tasks\At25.job moved successfully.
C:\WINDOWS\Tasks\At26.job moved successfully.
C:\WINDOWS\Tasks\At27.job moved successfully.
C:\WINDOWS\Tasks\At28.job moved successfully.
C:\WINDOWS\Tasks\At29.job moved successfully.
C:\WINDOWS\Tasks\At3.job moved successfully.
C:\WINDOWS\Tasks\At30.job moved successfully.
C:\WINDOWS\Tasks\At31.job moved successfully.
C:\WINDOWS\Tasks\At32.job moved successfully.
C:\WINDOWS\Tasks\At33.job moved successfully.
C:\WINDOWS\Tasks\At34.job moved successfully.
C:\WINDOWS\Tasks\At35.job moved successfully.
C:\WINDOWS\Tasks\At36.job moved successfully.
C:\WINDOWS\Tasks\At37.job moved successfully.
C:\WINDOWS\Tasks\At38.job moved successfully.
C:\WINDOWS\Tasks\At39.job moved successfully.
C:\WINDOWS\Tasks\At4.job moved successfully.
C:\WINDOWS\Tasks\At40.job moved successfully.
C:\WINDOWS\Tasks\At41.job moved successfully.
C:\WINDOWS\Tasks\At42.job moved successfully.
C:\WINDOWS\Tasks\At43.job moved successfully.
C:\WINDOWS\Tasks\At44.job moved successfully.
C:\WINDOWS\Tasks\At45.job moved successfully.
C:\WINDOWS\Tasks\At46.job moved successfully.
C:\WINDOWS\Tasks\At47.job moved successfully.
C:\WINDOWS\Tasks\At48.job moved successfully.
C:\WINDOWS\Tasks\At5.job moved successfully.
C:\WINDOWS\Tasks\At6.job moved successfully.
C:\WINDOWS\Tasks\At7.job moved successfully.
C:\WINDOWS\Tasks\At8.job moved successfully.
C:\WINDOWS\Tasks\At9.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Annalie
->Temp folder emptied: 314714816 bytes
->Temporary Internet Files folder emptied: 62286947 bytes
->Java cache emptied: 56157187 bytes
->FireFox cache emptied: 113839428 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Guest 2009
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Katy

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Matthew

User: McAfeeMVSUser
->Temp folder emptied: 20515434 bytes
->Temporary Internet Files folder emptied: 1292023 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: Peter

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\LastGood.Tmp\System32\DRIVERS folder deleted successfully.
C:\WINDOWS\LastGood.Tmp\System32 folder deleted successfully.
C:\WINDOWS\LastGood.Tmp\INF folder deleted successfully.
C:\WINDOWS\LastGood.Tmp folder deleted successfully.
%systemroot% .tmp files removed: 1234658 bytes
%systemroot%\System32 .tmp files removed: 1107985 bytes
Windows Temp folder emptied: 28047142 bytes
RecycleBin emptied: 12636284 bytes

Total Files Cleaned = 583.65 mb

OTM by OldTimer - Version 3.0.0.6 log created on 09252009_104647

Files moved on Reboot...

Registry entries deleted on Reboot...

Rorschach112

Sep 25 2009, 02:47 PM

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%systemroot%\System32\antiwpa.dll
%systemroot%\SYSTEM32\wpa.dll
%systemroot%\setup\scripts\biestart.exe
%systemroot%\system32\drivers\royal.sys
%systemroot%\system32\oobe\AntiWPA_Crypt.dll
%TEMP%\antiwpa_crypt.dll
%TEMP%\antiwpa.dll /s
%PROGRAMFILES%\antiwpa.dll /s
%systemroot%\system32\crypt.dll
%TEMP%\crypt.dll
%SYSTEMDRIVE%\*.
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
%systemroot%\system32\drivers\*.dat
%PROGRAMFILES%\*.*
%PROGRAMFILES%\*.exe
%DESKTOP%\*.exe
%USERNAME%\*.exe
%USERPROFILE%\*.exe
%ALLUSERSPROFILE%\*.exe
%SYSTEMDRIVE%\*.exe
%SYSTEMROOT%\*.exe
%systemroot%\system32\drivers\*.exe
%systemroot%\system\*.exe
%systemroot%\AppPatch\*.exe
%systemroot%\Cache\*.exe
%systemroot%\Downloaded Program Files\*.exe
%systemroot%\Fonts\*.exe
%systemroot%\Help\*.exe
%APPDATA%\*.exe
%APPDATA%\Google\*.exe
%systemroot%\system32\inf\*.exe
%APPDATA%\Opera\Opera\profile\widgets\*.exe
%PROGRAMFILES%\Opera\program\plugins\*.exe
%APPDATA%\Opera\Opera\profile\toolbar\*.exe
%systemroot%\Web\*.exe
%systemroot%\Wbem\*.exe
%systemroot%\twain_32\*.exe
%systemroot%\WinSxS\*.exe
%systemroot%\Sun\*.exe
%systemroot%\srchasst\*.exe
%systemroot%\Shellnew\*.exe
%systemroot%\Security\*.exe
%systemroot%\Resources\*.exe
%systemroot%\Repair\*.exe
%systemroot%\Registration\*.exe
%systemroot%\RegisteredPackages\*.exe
%systemroot%\pss\*.exe
%systemroot%\Provisioning\*.exe
%systemroot%\PIF\*.exe
%systemroot%\PeerNet\*.exe
%systemroot%\PcTel\*.exe
%systemroot%\Offline Web Pages\*.exe
%systemroot%\network diagnostic\*.exe
%systemroot%\mui\*.exe
%systemroot%\msapps\*.exe
%systemroot%\msagent\*.exe
%systemroot%\minidump\*.exe
%systemroot%\media\*.exe
%systemroot%\Help\*.exe
%systemroot%\ie7\*.exe
%systemroot%\ie7updates\*.exe
%systemroot%\ime\*.exe
%systemroot%\installer\*.exe
%systemroot%\internet logs\*.exe
%systemroot%\Cursors\*.exe
%systemroot%\Config\*.exe
%systemroot%\internet logs\*.exe
%systemroot%\Assembly\*.exe
%systemroot%\internet logs\*.exe
%systemroot%\AppPatch\*.exe
%systemroot%\l2schemas\*.exe
%systemroot%\Debug\*.exe
%systemroot%\ehome\*.exe
%systemroot%\Connection Wizard\*.exe
%systemroot%\system32\1025\*.exe
%systemroot%\system32\1028\*.exe
%systemroot%\system32\1031\*.exe
%systemroot%\system32\1033\*.exe
%systemroot%\system32\1037\*.exe
%systemroot%\system32\1041\*.exe
%systemroot%\system32\1042\*.exe
%systemroot%\system32\1054\*.exe
%systemroot%\system32\2052\*.exe
%systemroot%\system32\3076\*.exe
%systemroot%\system32\appmgmt\*.exe
%systemroot%\system32\bits\*.exe
%systemroot%\system32\catroot\*.exe
%systemroot%\system32\catroot2\*.exe
%systemroot%\system32\com\*.exe
%systemroot%\system32\config\*.exe
%systemroot%\system32\dhcp\*.exe
%systemroot%\system32\DirectX\*.exe
%systemroot%\system32\drvstore\*.exe
%systemroot%\system32\en\*.exe
%systemroot%\system32\en-us\*.exe
%systemroot%\system32\export\*.exe
%systemroot%\system32\GroupPolicy\*.exe
%systemroot%\system32\ias\*.exe
%systemroot%\system32\icsxml\*.exe
%systemroot%\system32\ime\*.exe
%systemroot%\system32\inetsrv\*.exe
%systemroot%\system32\LogFiles\*.exe
%systemroot%\system32\Macromed\*.exe
%systemroot%\system32\Microsoft\*.exe
%systemroot%\system32\Msdtc\*.exe
%systemroot%\system32\Mui\*.exe
%systemroot%\system32\npp\*.exe
%systemroot%\system32\NtMsData\*.exe
%systemroot%\system32\oobe\*.exe
%systemroot%\system32\PreInstall\*.exe
%systemroot%\system32\ras\*.exe
%systemroot%\system32\ReInstallBackups\*.exe
%systemroot%\system32\Restore\*.exe
%systemroot%\system32\Scripting\*.exe
%systemroot%\system32\Setup\*.exe
%systemroot%\system32\ShellExt\*.exe
%systemroot%\system32\SoftwareDistribution\*.exe
%systemroot%\system32\URTTEmp\*.exe
%systemroot%\system32\USMT\*.exe
%systemroot%\system32\Wbem\*.exe
%systemroot%\system32\Wins\*.exe
%systemroot%\system32\Xircom\*.exe
%systemroot%\system32\XPSViewer\*.exe
%COMMONPROGRAMFILES%\*.exe
%APPDATA%\*.*
%TEMP%\*.*
set /c
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Annalie

Sep 25 2009, 05:12 PM

Hi!

Herewith the results from OTL.Txt.

***********************

OTL logfile created on: 2009/09/25 06:10:13 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Annalie\Desktop
Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

511.48 Mb Total Physical Memory | 262.99 Mb Available Physical Memory | 51.42% Memory free
1.22 Gb Paging File | 0.94 Gb Available in Paging File | 76.84% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 32.34 Gb Free Space | 42.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-STUDY
Current User Name: Annalie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\Ati2evxx.exe ()
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\System32\Ati2evxx.exe ()
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.)
PRC - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
PRC - C:\WINDOWS\System32\BtUsrBdg.exe (Extended Systems, Inc.)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe ()
PRC - C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe (Nokia Corporation)
PRC - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe (Nokia.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Annalie\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe ()
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\System32\ati2sgag.exe ()
SRV - (btwdins [Auto | Running]) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EngineServer [Auto | Stopped]) -- File not found
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (McShield [On_Demand | Stopped]) -- File not found
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (uploadmgr [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (WmdmPmSp [Auto | Running]) -- C:\WINDOWS\System32\mspmspsv.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ALCXSENS [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (basic2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys (Conexant)
DRV - (BsStor [Boot | Running]) -- C:\WINDOWS\System32\drivers\BsStor.sys (B.H.A Co.,Ltd.)
DRV - (BtAudio [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\btaudio.sys (Broadcom Corporation.)
DRV - (BTCOMM [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Btcomm.sys (Extended Systems Inc.)
DRV - (BTDriver [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\btport.sys (Broadcom Corporation.)
DRV - (BTKRNBDG [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\btkrnbdg.sys (Extended Systems, Inc.)
DRV - (BTKRNL [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWDNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\btwhid.sys (Broadcom Corporation.)
DRV - (cdrbsvsd [System | Running]) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys (B.H.A Corporation)
DRV - (EIO [Auto | Running]) -- C:\WINDOWS\System32\drivers\EIO.sys (ASUSTeK Computer Inc.)
DRV - (Fallback [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys (Conexant)
DRV - (Fsks [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys (Conexant)
DRV - (hsf_msft [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys (Conexant)
DRV - (K56 [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys (Conexant)
DRV - (Lbd [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (MASPINT [Auto | Running]) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)
DRV - (MfeAVFK [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\MfeAVFK.sys (McAfee, Inc.)
DRV - (MfeBOPK [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\MfeBOPK.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (MfeRKDK [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\MfeRKDK.sys (McAfee, Inc.)
DRV - (mfetdik [System | Running]) -- C:\WINDOWS\System32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (Ndisusb [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\genelan.sys (Genesys Logic)
DRV - (nvatabus [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\nvatabus.sys (NVIDIA Corporation)
DRV - (NVENET [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NVENET.sys (NVIDIA Corporation)
DRV - (nv_agp [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (NwlnkIpx [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys (Microsoft Corporation)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Rksample [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys (Conexant)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (sdcplh [System | Running]) -- C:\WINDOWS\System32\drivers\sdcplh.sys (Macrovision Europe Ltd)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisidex [Boot | Running]) -- C:\WINDOWS\system32\drivers\sisidex.sys (Windows ® 2000 DDK provider)
DRV - (sisperf [Boot | Running]) -- C:\WINDOWS\system32\drivers\sisperf.sys (Silicon Integrated Systems Corp.)
DRV - (SoftFax [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys (Conexant)
DRV - (sonypvs1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sonypvs1.sys (Sony Corporation)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (Tones [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys (Conexant)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (V124 [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_V124.sys (Conexant)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/02/12 10:56:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/21 12:34:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/13 12:24:36 | 00,000,000 | ---D | M]

[2008/09/06 10:54:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\mozilla\Extensions
[2008/09/06 10:54:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/02/13 12:48:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\mozilla\Firefox\Profiles\k8wjhlrg.default\extensions
[2009/09/25 17:32:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/13 12:24:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/04/08 13:37:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/18 21:19:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/02/12 10:57:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/30 11:49:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/09/13 12:24:26 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/13 12:24:26 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/13 12:24:32 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2003/07/14 22:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2008/04/01 09:57:41 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/04/01 09:57:41 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/04/01 09:57:41 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2007/12/29 13:55:51 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/04/01 09:57:41 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/04/01 09:57:41 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/19 16:57:43 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/06/19 16:57:43 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/19 16:57:43 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/06/19 16:57:43 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/19 16:57:43 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/06/19 16:57:43 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/19 16:57:43 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/19 16:57:43 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (326171 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 11162 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [BTUSRBDG] C:\WINDOWS\System32\BtUsrBdg.exe (Extended Systems, Inc.)
O4 - HKLM..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.)
O4 - HKLM..\Run: [gcasServ] C:\Program Files\Microsoft AntiSpyware\gcasServ.exe (Microsoft Corporation)
O4 - HKLM..\Run: [McAfee Managed Services Tray] C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKCU..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries0000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries0000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries0000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: rmbprivatebank.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: RaptisoftGameLoader http://www.miniclip.com/hamsterball/raptisoftgameloader.cab (Reg Error: Key error.)
O18 - Protocol\Handler\httpx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\httpsx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx ()
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {9EF34FF2-3396-4527-9D27-04C8C1C67806} - C:\Program Files\Microsoft AntiSpyware\shellextension.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/30 19:05:31 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - C:\WINDOWS\System32\mspmspsv.dll (Microsoft Corporation)
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
NetSvcs: uploadmgr - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootMin: Lavasoft Ad-Aware Service - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootNet: Lavasoft Ad-Aware Service - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} - Security Update for Microsoft .NET Framework 2.0 (KB922770)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player 8
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {967B098A-042D-4367-BAC9-8BC11684174F} - Security Update for Microsoft .NET Framework 2.0 (KB917283)
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player 9 ActiveX
ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.IV41 - C:\WINDOWS\System32\IR41_32.AX (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/09/25 18:06:38 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Annalie\Desktop\OTL.exe
[2009/09/25 10:46:47 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/09/25 10:45:17 | 00,408,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Annalie\Desktop\OTM.exe
[2009/09/24 22:58:42 | 00,440,832 | ---- | C] () -- C:\Documents and Settings\Annalie\Desktop\CKScanner.exe
[2009/09/24 22:52:23 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/09/23 23:25:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009/09/21 23:26:39 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/09/21 23:13:18 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Annalie\Desktop\HijackThis.lnk
[2009/09/21 23:13:18 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/21 23:12:27 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HJTInstall.exe
[2009/09/21 23:06:44 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/09/21 23:06:42 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/09/20 22:37:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/20 22:33:36 | 00,000,000 | ---D | C] -- C:\Program Files\erunt
[2009/09/20 22:32:58 | 00,513,320 | ---- | C] () -- C:\Program Files\erunt.zip
[2009/09/20 20:43:57 | 00,000,000 | ---D | C] -- C:\Program Files\SysRestorePoint
[2009/09/17 08:35:21 | 02,201,600 | ---- | C] () -- C:\Documents and Settings\Annalie\My Documents\Katys Photo competition.ppt
[2009/09/17 08:10:08 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2009/09/17 08:09:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009/09/08 12:10:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Annalie\Application Data\Uniblue
[2009/09/07 11:28:39 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/09/07 11:19:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/04 22:58:00 | 00,002,119 | ---- | C] () -- C:\Documents and Settings\Annalie\Application Data\YQzcnqK5at.gif
[2009/09/04 22:58:00 | 00,000,607 | ---- | C] () -- C:\Documents and Settings\Annalie\Application Data\YQzcnqK5zn.gif
[2009/09/04 22:58:00 | 00,000,598 | ---- | C] () -- C:\Documents and Settings\Annalie\Application Data\YQzcnqK5by.gif
[2009/09/03 22:24:26 | 04,958,032 | ---- | C] (Perfect Software LLC) -- C:\Documents and Settings\Annalie\Application Data\pdinstall.exe
[2009/09/03 17:26:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Annalie\Application Data\Gmail
[2009/08/29 11:34:27 | 01,015,392 | ---- | C] (Nokia) -- C:\Documents and Settings\Annalie\Desktop\SetupNokiaMusic.exe
[2009/08/27 10:27:16 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Annalie\Desktop\Spybot - Search & Destroy.lnk
[2008/09/26 09:15:24 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/02/09 18:44:33 | 00,000,173 | ---- | C] () -- C:\WINDOWS\SOFTPEG.INI
[2007/12/29 13:56:13 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007/12/29 13:56:13 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007/08/02 11:06:37 | 00,020,247 | ---- | C] () -- C:\WINDOWS\msettings.ini
[2007/07/14 16:18:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Gamchest.INI
[2007/07/13 10:23:24 | 00,000,074 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2007/04/01 09:00:28 | 02,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/04/01 08:41:52 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/06/17 14:36:41 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/06/17 10:06:12 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/06/16 19:12:00 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\ESICOMMN.dll
[2006/05/01 10:09:56 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/01/10 19:33:17 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/01/05 22:46:40 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2005/08/19 18:45:22 | 00,000,419 | ---- | C] () -- C:\WINDOWS\PCPHOTO.INI
[2005/02/17 12:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/12/24 15:26:45 | 00,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2004/12/24 15:26:45 | 00,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2004/09/01 10:13:28 | 00,000,172 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2004/08/30 20:50:18 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/30 20:35:31 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2004/08/30 20:35:31 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2004/08/30 20:14:40 | 00,001,589 | ---- | C] () -- C:\WINDOWS\System32\drivers\glexport.sys
[2004/08/30 20:01:02 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/08/30 20:01:01 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/08/30 19:55:57 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2003/12/02 15:55:14 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/03/31 14:00:00 | 00,001,671 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/03/31 14:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1997/06/14 02:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[2009/09/25 18:06:45 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Annalie\Desktop\OTL.exe
[2009/09/25 17:48:44 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Annalie\Desktop\Word.lnk
[2009/09/25 10:49:51 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/09/25 10:49:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/25 10:49:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/25 10:49:40 | 00,302,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/25 10:45:20 | 00,408,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Annalie\Desktop\OTM.exe
[2009/09/25 10:34:49 | 00,471,446 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/09/25 10:34:49 | 00,403,528 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/25 10:34:49 | 00,063,130 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/09/25 10:33:43 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/09/25 10:32:51 | 00,001,671 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/24 22:58:31 | 00,440,832 | ---- | M] () -- C:\Documents and Settings\Annalie\Desktop\CKScanner.exe
[2009/09/24 10:41:06 | 00,013,740 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/23 12:02:29 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/22 22:37:49 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Annalie\Desktop\HijackThis.lnk
[2009/09/21 23:13:09 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\HJTInstall.exe
[2009/09/21 23:06:42 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/09/20 22:33:01 | 00,513,320 | ---- | M] () -- C:\Program Files\erunt.zip
[2009/09/20 20:45:53 | 00,085,392 | ---- | M] () -- C:\Documents and Settings\Annalie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/18 17:11:33 | 21,031,280 | ---- | M] () -- C:\Documents and Settings\Annalie\Desktop\aaw2007.exe
[2009/09/17 21:23:13 | 00,002,119 | ---- | M] () -- C:\Documents and Settings\Annalie\Application Data\YQzcnqK5at.gif
[2009/09/17 21:23:13 | 00,000,607 | ---- | M] () -- C:\Documents and Settings\Annalie\Application Data\YQzcnqK5zn.gif
[2009/09/17 21:23:13 | 00,000,598 | ---- | M] () -- C:\Documents and Settings\Annalie\Application Data\YQzcnqK5by.gif
[2009/09/17 08:35:21 | 02,201,600 | ---- | M] () -- C:\Documents and Settings\Annalie\My Documents\Katys Photo competition.ppt
[2009/09/07 22:03:09 | 04,958,032 | ---- | M] (Perfect Software LLC) -- C:\Documents and Settings\Annalie\Application Data\pdinstall.exe
[2009/09/07 11:27:08 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/09/07 11:21:38 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Annalie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/29 11:34:42 | 01,015,392 | ---- | M] (Nokia) -- C:\Documents and Settings\Annalie\Desktop\SetupNokiaMusic.exe
[2009/08/27 11:12:32 | 00,326,171 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/08/27 10:27:16 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Annalie\Desktop\Spybot - Search & Destroy.lnk

========== LOP Check ==========

[2009/09/23 23:25:28 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/09/04 12:09:23 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/09/21 23:06:55 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2006/01/24 07:47:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2006/06/17 14:32:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buena Vista Games
[2005/02/08 17:20:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2004/09/02 15:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2009/09/08 12:10:17 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Annalie\Application Data
[2009/07/02 19:08:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\Ahead
[2005/01/27 08:19:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\Cyberlink
[2007/11/07 15:25:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\Datalayer
[2009/09/07 12:09:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\Gmail
[2004/08/30 20:36:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\InterTrust
[2007/01/11 10:41:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\MSN6
[2008/05/02 18:15:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\NetMedia Providers
[2007/11/05 20:03:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\Nokia
[2007/06/05 08:31:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\Nokia Multimedia Player
[2006/06/16 18:43:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\PC Suite
[2008/05/02 18:15:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\Publish Providers
[2005/08/14 18:21:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\Raptisoft
[2007/07/21 12:57:25 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Annalie\Application Data\SecuROM
[2009/03/02 09:00:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\Sibelius Software
[2008/05/02 18:15:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\Sony
[2009/08/10 14:04:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\U3
[2009/09/08 12:10:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\Uniblue
[2006/06/16 19:31:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\XTND_BTUIObjects
[2003/03/31 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/25 10:49:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Custom Scans ==========

< %systemroot%\System32\antiwpa.dll >

< %systemroot%\SYSTEM32\wpa.dll >

< %systemroot%\setup\scripts\biestart.exe >

< %systemroot%\system32\drivers\royal.sys >

< %systemroot%\system32\oobe\AntiWPA_Crypt.dll >

< %TEMP%\antiwpa_crypt.dll >

< %TEMP%\antiwpa.dll /s >

< %PROGRAMFILES%\antiwpa.dll /s >

< %systemroot%\system32\crypt.dll >

< %TEMP%\crypt.dll >

< %SYSTEMDRIVE%\*. >
[2009/09/25 18:06:45 | 00,000,000 | ---D | M] -- C:
[2009/09/25 10:46:47 | 00,000,000 | ---D | M] -- C:\_OTM
[2009/09/07 11:28:39 | 00,000,000 | ---D | M] -- C:\Avenger
[2008/01/18 17:14:50 | 00,000,000 | ---D | M] -- C:\btinbox
[2009/07/05 22:07:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings
[2006/05/01 10:09:56 | 00,000,000 | ---D | M] -- C:\Drivers
[2004/08/30 20:46:53 | 00,000,000 | RH-D | M] -- C:\MSOCache
[2006/05/01 10:45:18 | 00,000,000 | ---D | M] -- C:\MWASPI
[2009/07/15 19:48:59 | 00,000,000 | ---D | M] -- C:\NVIDIA
[2005/08/19 09:04:47 | 00,000,000 | ---D | M] -- C:\ppwork
[2009/09/21 23:13:18 | 00,000,000 | R--D | M] -- C:\Program Files
[2007/07/14 21:14:33 | 00,000,000 | -HSD | M] -- C:\RECYCLER
[2009/09/24 22:52:23 | 00,000,000 | ---D | M] -- C:\Rooter$
[2004/08/30 19:15:40 | 00,000,000 | -HSD | M] -- C:\System Volume Information
[2009/09/25 10:50:53 | 00,000,000 | ---D | M] -- C:\WINDOWS

< %SYSTEMDRIVE%\*.* >
[2007/10/14 19:21:08 | 00,000,000 | ---- | M] () -- C:\AILog.txt
[2004/08/30 19:05:31 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/09/07 11:28:39 | 00,002,418 | ---- | M] () -- C:\avenger.txt
[2007/06/06 12:46:48 | 00,000,192 | ---- | M] () -- C:\BcBtRmv.log
[2004/08/30 18:59:13 | 00,000,194 | -HS- | M] () -- C:\boot.ini
[2003/08/14 06:27:02 | 00,000,509 | ---- | M] () -- C:\BsCLiP.iss
[2004/08/30 20:35:51 | 00,000,032 | ---- | M] () -- C:\BsGold.log
[2004/08/30 19:05:31 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/07/13 21:20:24 | 00,000,166 | ---- | M] () -- C:\INSTALL.LOG
[2004/08/30 19:05:31 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/04/27 10:59:18 | 00,000,172 | -H-- | M] () -- C:\IPH.PH
[2004/08/30 19:05:31 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2003/03/31 14:00:00 | 00,047,580 | RHS- | M] () -- C:\NTDETECT.COM
[2003/03/31 14:00:00 | 00,233,632 | RHS- | M] () -- C:\ntldr
[2009/09/25 10:49:39 | 80,530,6368 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2009/09/21 23:13:18 | 00,000,000 | R--D | M] -- C:\Program Files
[2008/06/26 11:34:53 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/09/25 17:34:12 | 00,000,000 | ---D | M] -- C:\Program Files\Ahead
[2004/08/30 20:41:27 | 00,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2004/08/30 20:01:04 | 00,000,000 | ---D | M] -- C:\Program Files\AvRack
[2005/12/17 15:15:37 | 00,000,000 | ---D | M] -- C:\Program Files\B's Recorder GOLD7
[2006/06/17 14:32:33 | 00,000,000 | ---D | M] -- C:\Program Files\Buena Vista Games
[2009/04/22 12:14:54 | 00,000,000 | ---D | M] -- C:\Program Files\Bullfrog
[2006/01/28 19:02:40 | 00,000,000 | ---D | M] -- C:\Program Files\Code 27
[2009/09/17 08:09:17 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/08/30 19:02:35 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2004/08/30 20:33:21 | 00,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2005/02/08 17:20:59 | 00,000,000 | ---D | M] -- C:\Program Files\CyberLink DVD Solution
[2007/04/27 15:54:14 | 00,000,000 | ---D | M] -- C:\Program Files\EA GAMES
[2007/10/14 14:13:02 | 00,000,000 | ---D | M] -- C:\Program Files\EA SPORTS
[2007/07/14 16:21:09 | 00,000,000 | ---D | M] -- C:\Program Files\eGames
[2007/07/21 12:52:44 | 00,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2009/09/20 22:33:36 | 00,000,000 | ---D | M] -- C:\Program Files\erunt
[2008/03/03 12:59:01 | 00,000,000 | ---D | M] -- C:\Program Files\Experimental uninstall Sibelius Software
[2006/06/16 19:27:35 | 00,000,000 | ---D | M] -- C:\Program Files\Extended Systems
[2006/06/24 11:48:55 | 00,000,000 | ---D | M] -- C:\Program Files\Google
[2007/12/29 13:44:19 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/01/30 15:07:26 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/03/30 11:49:24 | 00,000,000 | ---D | M] -- C:\Program Files\Java
[2009/09/24 22:58:16 | 00,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2009/01/15 20:44:23 | 00,000,000 | ---D | M] -- C:\Program Files\LucasArts
[2006/01/08 12:20:14 | 00,000,000 | ---D | M] -- C:\Program Files\Maxis
[2008/03/18 17:06:18 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/09/17 08:10:08 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/09/18 17:03:46 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft AntiSpyware
[2004/08/30 19:05:40 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2007/10/14 16:19:27 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/09/23 12:53:14 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Home Publishing 2000
[2004/08/30 20:49:33 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2004/08/30 20:49:49 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/09/07 11:21:38 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/09/25 18:08:10 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2005/12/17 23:02:47 | 00,000,000 | ---D | M] -- C:\Program Files\MSI
[2004/08/30 19:02:07 | 00,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/08/30 19:01:55 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/08/06 12:26:00 | 00,000,000 | ---D | M] -- C:\Program Files\Neopsalmist
[2004/08/30 19:03:23 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2006/06/16 18:43:26 | 00,000,000 | ---D | M] -- C:\Program Files\Nokia
[2004/08/30 19:04:27 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services
[2008/03/18 17:06:31 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2004/12/24 15:23:17 | 00,000,000 | ---D | M] -- C:\Program Files\PIXELA
[2007/12/29 13:56:07 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2004/08/30 20:01:04 | 00,000,000 | ---D | M] -- C:\Program Files\Realtek Sound Manager
[2009/03/02 08:59:23 | 00,000,000 | ---D | M] -- C:\Program Files\Sibelius Software
[2008/05/02 18:11:35 | 00,000,000 | ---D | M] -- C:\Program Files\Sony
[2004/12/24 15:22:35 | 00,000,000 | ---D | M] -- C:\Program Files\Sony Corporation
[2008/05/02 18:11:11 | 00,000,000 | ---D | M] -- C:\Program Files\Sony Setup
[2009/09/21 22:56:51 | 00,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2006/04/27 10:43:33 | 00,000,000 | ---D | M] -- C:\Program Files\Surreal
[2009/09/20 20:45:23 | 00,000,000 | ---D | M] -- C:\Program Files\SysRestorePoint
[2006/06/17 09:46:29 | 00,000,000 | ---D | M] -- C:\Program Files\The Creative Assembly
[2009/09/21 23:13:18 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2007/12/29 13:56:11 | 00,000,000 | ---D | M] -- C:\Program Files\Ubi Soft
[2004/08/30 19:16:40 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/01/18 16:56:58 | 00,000,000 | ---D | M] -- C:\Program Files\WIDCOMM
[2008/10/25 22:46:00 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2004/08/30 19:01:50 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/09/01 08:48:17 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2004/08/30 19:05:40 | 00,000,000 | ---D | M] -- C:\Program Files\xerox

< %systemroot%\system32\drivers\*.dat >

< %PROGRAMFILES%\*.* >
[2009/09/20 22:33:01 | 00,513,320 | ---- | M] () -- C:\Program Files\erunt.zip
[2009/09/21 23:13:09 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\HJTInstall.exe
[2003/12/19 20:36:56 | 00,040,960 | ---- | M] () -- C:\Program Files\Uninstall_CDS.exe

< %PROGRAMFILES%\*.exe >
[2009/09/21 23:13:09 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\HJTInstall.exe
[2003/12/19 20:36:56 | 00,040,960 | ---- | M] () -- C:\Program Files\Uninstall_CDS.exe

Invalid Environment Variable: DESKTOP

< %USERNAME%\*.exe >

< %USERPROFILE%\*.exe >

< %ALLUSERSPROFILE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMROOT%\*.exe >
[2003/11/21 10:56:36 | 00,139,264 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcrmv.exe
[2003/11/21 10:58:34 | 00,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe
[2003/03/31 14:00:00 | 01,004,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2005/05/26 00:44:31 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\hh.exe
[1998/10/29 17:45:06 | 00,306,688 | ---- | M] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2006/01/28 19:01:15 | 00,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2003/03/31 14:00:00 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\NOTEPAD.EXE
[1999/04/02 16:37:00 | 00,033,792 | R--- | M] (Electronic Arts) -- C:\WINDOWS\NPSExec.exe
[2003/03/31 14:00:00 | 00,134,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\regedit.exe
[2003/02/28 18:26:30 | 00,046,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\setdebug.exe
[2003/12/19 11:53:18 | 00,065,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2003/03/31 14:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2003/03/31 14:00:00 | 00,049,680 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_16.exe
[2003/03/31 14:00:00 | 00,025,600 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_32.exe
[1997/05/12 17:53:00 | 00,314,368 | ---- | M] (InstallShield Software Corporation) -- C:\WINDOWS\uninst.exe
[2005/04/20 13:32:57 | 02,916,352 | ---- | M] (Nero AG) -- C:\WINDOWS\UNNeroVision.exe
[2005/02/08 14:12:22 | 02,670,592 | ---- | M] (Nero AG) -- C:\WINDOWS\UNNMP.exe
[1999/11/10 11:05:00 | 00,086,016 | ---- | M] (MindVision) -- C:\WINDOWS\unvise32qt.exe
[2003/03/31 14:00:00 | 00,256,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhelp.exe
[2003/03/31 14:00:00 | 00,266,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhlp32.exe

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system\*.exe >

< %systemroot%\AppPatch\*.exe >

< %systemroot%\Cache\*.exe >

< %systemroot%\Downloaded Program Files\*.exe >

< %systemroot%\Fonts\*.exe >

< %systemroot%\Help\*.exe >

< %APPDATA%\*.exe >
[2009/09/07 22:03:09 | 04,958,032 | ---- | M] (Perfect Software LLC) -- C:\Documents and Settings\Annalie\Application Data\pdinstall.exe

< %APPDATA%\Google\*.exe >

< %systemroot%\system32\inf\*.exe >

< %APPDATA%\Opera\Opera\profile\widgets\*.exe >

< %PROGRAMFILES%\Opera\program\plugins\*.exe >

< %APPDATA%\Opera\Opera\profile\toolbar\*.exe >

< %systemroot%\Web\*.exe >

< %systemroot%\Wbem\*.exe >

< %systemroot%\twain_32\*.exe >

< %systemroot%\WinSxS\*.exe >

< %systemroot%\Sun\*.exe >

< %systemroot%\srchasst\*.exe >

< %systemroot%\Shellnew\*.exe >

< %systemroot%\Security\*.exe >

< %systemroot%\Resources\*.exe >

< %systemroot%\Repair\*.exe >

< %systemroot%\Registration\*.exe >

< %systemroot%\RegisteredPackages\*.exe >

< %systemroot%\pss\*.exe >

< %systemroot%\Provisioning\*.exe >

< %systemroot%\PIF\*.exe >

< %systemroot%\PeerNet\*.exe >

< %systemroot%\PcTel\*.exe >

< %systemroot%\Offline Web Pages\*.exe >

< %systemroot%\network diagnostic\*.exe >

< %systemroot%\mui\*.exe >

< %systemroot%\msapps\*.exe >

< %systemroot%\msagent\*.exe >
[2003/03/31 14:00:00 | 00,235,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\msagent\agentsvr.exe

< %systemroot%\minidump\*.exe >

< %systemroot%\media\*.exe >

< %systemroot%\Help\*.exe >

< %systemroot%\ie7\*.exe >

< %systemroot%\ie7updates\*.exe >

< %systemroot%\ime\*.exe >

< %systemroot%\installer\*.exe >

< %systemroot%\internet logs\*.exe >

< %systemroot%\Cursors\*.exe >

< %systemroot%\Config\*.exe >

< %systemroot%\internet logs\*.exe >

< %systemroot%\Assembly\*.exe >

< %systemroot%\internet logs\*.exe >

< %systemroot%\AppPatch\*.exe >

< %systemroot%\l2schemas\*.exe >

< %systemroot%\Debug\*.exe >

< %systemroot%\ehome\*.exe >

< %systemroot%\Connection Wizard\*.exe >

< %systemroot%\system32\1025\*.exe >

< %systemroot%\system32\1028\*.exe >

< %systemroot%\system32\1031\*.exe >

< %systemroot%\system32\1033\*.exe >

< %systemroot%\system32\1037\*.exe >

< %systemroot%\system32\1041\*.exe >

< %systemroot%\system32\1042\*.exe >

< %systemroot%\system32\1054\*.exe >

< %systemroot%\system32\2052\*.exe >

< %systemroot%\system32\3076\*.exe >

< %systemroot%\system32\appmgmt\*.exe >

< %systemroot%\system32\bits\*.exe >

< %systemroot%\system32\catroot\*.exe >

< %systemroot%\system32\catroot2\*.exe >

< %systemroot%\system32\com\*.exe >
[2003/03/31 14:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\com\comrepl.exe
[2003/03/31 14:00:00 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\com\comrereg.exe

< %systemroot%\system32\config\*.exe >

< %systemroot%\system32\dhcp\*.exe >

< %systemroot%\system32\DirectX\*.exe >

< %systemroot%\system32\drvstore\*.exe >

< %systemroot%\system32\en\*.exe >

< %systemroot%\system32\en-us\*.exe >

< %systemroot%\system32\export\*.exe >

< %systemroot%\system32\GroupPolicy\*.exe >

< %systemroot%\system32\ias\*.exe >

< %systemroot%\system32\icsxml\*.exe >

< %systemroot%\system32\ime\*.exe >

< %systemroot%\system32\inetsrv\*.exe >

< %systemroot%\system32\LogFiles\*.exe >

< %systemroot%\system32\Macromed\*.exe >

< %systemroot%\system32\Microsoft\*.exe >

< %systemroot%\system32\Msdtc\*.exe >

< %systemroot%\system32\Mui\*.exe >

< %systemroot%\system32\npp\*.exe >
[2003/03/31 14:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\npp\nppagent.exe

< %systemroot%\system32\NtMsData\*.exe >

< %systemroot%\system32\oobe\*.exe >
[2003/03/31 14:00:00 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oobe\msoobe.exe
[2003/03/31 14:00:00 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oobe\oobebaln.exe

< %systemroot%\system32\PreInstall\*.exe >

< %systemroot%\system32\ras\*.exe >

< %systemroot%\system32\ReInstallBackups\*.exe >

< %systemroot%\system32\Restore\*.exe >
[2003/03/31 14:00:00 | 00,370,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Restore\rstrui.exe
[2003/03/31 14:00:00 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Restore\srdiag.exe

< %systemroot%\system32\Scripting\*.exe >

< %systemroot%\system32\Setup\*.exe >

< %systemroot%\system32\ShellExt\*.exe >

< %systemroot%\system32\SoftwareDistribution\*.exe >

< %systemroot%\system32\URTTEmp\*.exe >
[2003/02/21 05:16:08 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\URTTEmp\regtlib.exe

< %systemroot%\system32\USMT\*.exe >
[2003/03/31 14:00:00 | 00,098,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\USMT\migload.exe
[2003/03/31 14:00:00 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\USMT\migwiz.exe
[2003/03/31 14:00:00 | 00,226,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\USMT\migwiz_a.exe

< %systemroot%\system32\Wbem\*.exe >
[2003/03/31 14:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Wbem\mofcomp.exe
[2003/03/31 14:00:00 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Wbem\scrcons.exe
[2003/03/31 14:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Wbem\unsecapp.exe
[2003/03/31 14:00:00 | 00,157,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Wbem\wbemtest.exe
[2003/03/31 14:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Wbem\winmgmt.exe
[2003/03/31 14:00:00 | 00,183,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Wbem\wmiadap.exe
[2003/03/31 14:00:00 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Wbem\wmiapsrv.exe
[2003/03/31 14:00:00 | 00,203,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Wbem\wmiprvse.exe

< %systemroot%\system32\Wins\*.exe >

< %systemroot%\system32\Xircom\*.exe >

< %systemroot%\system32\XPSViewer\*.exe >

< %COMMONPROGRAMFILES%\*.exe >

< %APPDATA%\*.* >
[2008/09/25 11:56:05 | 00,038,434 | ---- | M] () -- C:\Documents and Settings\Annalie\Application Data\Comma Separated Values (Windows).ADR
[2004/08/30 20:51:32 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Annalie\Application Data\desktop.ini
[2009/09/07 22:03:09 | 04,958,032 | ---- | M] (Perfect Software LLC) -- C:\Documents and Settings\Annalie\Application Data\pdinstall.exe
[2008/09/25 11:47:09 | 00,038,432 | ---- | M] () -- C:\Documents and Settings\Annalie\Application Data\Tab Separated Values (Windows).ADR
[2009/09/17 21:23:13 | 00,002,119 | ---- | M] () -- C:\Documents and Settings\Annalie\Application Data\YQzcnqK5at.gif
[2009/09/17 21:23:13 | 00,000,598 | ---- | M] () -- C:\Documents and Settings\Annalie\Application Data\YQzcnqK5by.gif
[2009/09/17 21:23:13 | 00,000,607 | ---- | M] () -- C:\Documents and Settings\Annalie\Application Data\YQzcnqK5zn.gif

< %TEMP%\*.* >
[2009/09/25 16:41:35 | 00,000,291 | ---- | M] () -- C:\DOCUME~1\Annalie\LOCALS~1\Temp\java_install_reg.log
[2009/09/25 16:45:37 | 00,001,315 | ---- | M] () -- C:\DOCUME~1\Annalie\LOCALS~1\Temp\jusched.log
[1 C:\DOCUME~1\Annalie\LOCALS~1\Temp\*.tmp files]

< set /c >
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Annalie\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME-STUDY
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Annalie
LOGONSERVER=\\HOME-STUDY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Annalie\LOCALS~1\Temp
TMP=C:\DOCUME~1\Annalie\LOCALS~1\Temp
USERDOMAIN=HOME-STUDY
USERNAME=Annalie
USERPROFILE=C:\Documents and Settings\Annalie
windir=C:\WINDOWS

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Annalie\Desktop\aaw2007.exe:SummaryInformation
< End of report >
****************************

And herewith the output from Extras.Txt

*****************************

OTL Extras logfile created on: 2009/09/25 06:10:13 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Annalie\Desktop
Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

511.48 Mb Total Physical Memory | 262.99 Mb Available Physical Memory | 51.42% Memory free
1.22 Gb Paging File | 0.94 Gb Available in Paging File | 76.84% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 32.34 Gb Free Space | 42.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-STUDY
Current User Name: Annalie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{12383CA3-0733-4210-00B8-D83642F1192C}" = EA SPORTS™ Cricket 07
"{12F4BE69-6614-41D3-BB3B-DF7F921DF2BB}" = Sony ACID XPress 5.0a
"{13d868cf-47e9-4b3d-9366-a0c60f82e5aa}" = Striata Reader
"{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}" = Sibelius Scorch (ActiveX Only)
"{1A7F8DF6-5A3E-4CDF-BC82-BE26B407E21B}" = The Sims Superstar
"{1B4AA674-F5CA-4BB5-831A-CD37B4021959}" = ImageMixer for Sony
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{2727FBEF-3155-11D4-8F73-0050DA0F6297}" = The Sims Livin' Large
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BA044B0-A5E4-428E-8731-63BD5DD4FDB2}" = CSI
"{3C1599DA-9ED9-4090-930F-B8BC4D99D6B0}" = Nokia Connectivity Cable Driver
"{536F7C74-844B-4683-B0C5-EA39E19A6FE3}" = Microsoft AntiSpyware
"{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}" = Image Transfer
"{57FA1C3F-CDBE-4092-9423-B83D66CD4978}" = The Chronicles of Narnia
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7BF68B83-5057-4D4B-0093-28285EEB9EE3}" = Harry Potter II
"{7FC8CFB6-0A09-486D-815B-AF6AEE43CB84}" = eGames Collector's Edition
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A0C65E65-5CF2-4C16-8023-950BA678FE15}" = XTNDConnect Blue Manager 2.0
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4CBCF09-0C7E-40AA-0080-34B8A5CFE7FA}" = Harry Potter and the Prisoner of Azkaban™
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B69F28DF-CBB1-41B7-008A-210E4D0518FC}" = Harry Potter and the Order of the Phoenix™
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{f04aff5e-362e-11d3-81ab-00c04fb932ba}" = Microsoft Home Publishing 2000
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBD6A335-7E02-43B0-AF58-1B472F9BD3E1}" = Nokia PC Suite
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adventures with Chickens" = Adventures with Chickens
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Bingo Special Edition" = Bingo Special Edition
"Castle Camelot" = Castle Camelot
"Code27_TCS" = Total Cricket Scorer
"Game Chest" = Game Chest
"Great Pyramid" = Great Pyramid
"Gumball Machine Special Edition" = Gumball Machine Special Edition
"Harry Potter Lumos" = Harry Potter Lumos Screen Saver
"HijackThis" = HijackThis 2.0.2
"Hospital" = Theme Hospital
"InfoView" = InfoView
"InstallShield_{3C1599DA-9ED9-4090-930F-B8BC4D99D6B0}" = Nokia Connectivity Cable Driver
"InstallShield_{57FA1C3F-CDBE-4092-9423-B83D66CD4978}" = The Chronicles of Narnia
"InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"InstallShield_{FBD6A335-7E02-43B0-AF58-1B472F9BD3E1}" = Nokia PC Suite
"LucasArts' Monkey 4" = LucasArts' Monkey 4
"MahJongg Game of Four Winds SE" = MahJongg Game of Four Winds SE
"MahJongg Master Special Edition" = MahJongg Master Special Edition
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"MWASPI" = MicroStaff WINASPI
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Network Play System (Patching)" = Network Play System (Patching)
"Node Jumper Special Edition" = Node Jumper Special Edition
"NVIDIA Drivers" = NVIDIA Drivers
"QuickTime" = QuickTime
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Spooky Castle" = Spooky Castle
"Strata Poker" = Strata Poker
"Tropical Poker Special Edition" = Tropical Poker Special Edition
"USB PC to PC Driver" = USB PC to PC Driver
"Word Skramble" = Word Skramble
"Zulu Assault" = Zulu Assault

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2009/09/22 04:23:28 PM | Computer Name = HOME-STUDY | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfDisk"
in
the "C:\WINDOWS\system32\perfdisk.dll" Library to finish has expired. There may
be a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.

Error - 2009/09/23 01:30:56 AM | Computer Name = HOME-STUDY | Source = Application Error | ID = 1000
Description = Faulting application outlook.exe, version 11.0.5510.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 2009/09/23 05:52:32 AM | Computer Name = HOME-STUDY | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfDisk"
in
the "C:\WINDOWS\system32\perfdisk.dll" Library to finish has expired. There may
be a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.

Error - 2009/09/23 06:08:06 AM | Computer Name = HOME-STUDY | Source = Application Error | ID = 1000
Description = Faulting application outlook.exe, version 11.0.5510.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 2009/09/23 05:20:24 PM | Computer Name = HOME-STUDY | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfDisk"
in
the "C:\WINDOWS\system32\perfdisk.dll" Library to finish has expired. There may
be a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.

Error - 2009/09/24 06:17:20 AM | Computer Name = HOME-STUDY | Source = Application Error | ID = 1000
Description = Faulting application outlook.exe, version 11.0.5510.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 2009/09/24 04:48:35 PM | Computer Name = HOME-STUDY | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.

Error - 2009/09/24 04:48:37 PM | Computer Name = HOME-STUDY | Source = Application Error | ID = 1000
Description = Faulting application outlook.exe, version 11.0.5510.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 2009/09/25 04:34:35 AM | Computer Name = HOME-STUDY | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.

Error - 2009/09/25 04:34:37 AM | Computer Name = HOME-STUDY | Source = Application Error | ID = 1000
Description = Faulting application outlook.exe, version 11.0.5510.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 2009/09/24 05:00:00 PM | Computer Name = HOME-STUDY | Source = Schedule | ID = 7901
Description = The At48.job command failed to start due to the following error: %%2147942402

Error - 2009/09/25 04:06:07 AM | Computer Name = HOME-STUDY | Source = Service Control Manager | ID = 7000
Description = The Bluetooth Port Client Driver service failed to start due to the
following error: %%2

Error - 2009/09/25 04:06:07 AM | Computer Name = HOME-STUDY | Source = Service Control Manager | ID = 7000
Description = The EngineServer service failed to start due to the following error:
%%3

Error - 2009/09/25 04:06:07 AM | Computer Name = HOME-STUDY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 2009/09/25 04:46:48 AM | Computer Name = HOME-STUDY | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).

Error - 2009/09/25 04:46:48 AM | Computer Name = HOME-STUDY | Source = Service Control Manager | ID = 7031
Description = The Bluetooth Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 2009/09/25 04:46:48 AM | Computer Name = HOME-STUDY | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 2009/09/25 04:51:20 AM | Computer Name = HOME-STUDY | Source = Service Control Manager | ID = 7000
Description = The Bluetooth Port Client Driver service failed to start due to the
following error: %%2

Error - 2009/09/25 04:51:20 AM | Computer Name = HOME-STUDY | Source = Service Control Manager | ID = 7000
Description = The EngineServer service failed to start due to the following error:
%%3

Error - 2009/09/25 04:51:20 AM | Computer Name = HOME-STUDY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

< End of report >

******************

Many thanks!

Rorschach112

Sep 25 2009, 06:32 PM

hi

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

CODE
:OTL
[2009/09/04 22:58:00 | 00,002,119 | ---- | C] () -- C:\Documents and Settings\Annalie\Application Data\YQzcnqK5at.gif
[2009/09/04 22:58:00 | 00,000,607 | ---- | C] () -- C:\Documents and Settings\Annalie\Application Data\YQzcnqK5zn.gif
[2009/09/04 22:58:00 | 00,000,598 | ---- | C] () -- C:\Documents and Settings\Annalie\Application Data\YQzcnqK5by.gif

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Annalie

Sep 27 2009, 06:49 PM

Hi!

I managed to get to the second bullt point of loading Malwarebytes' Anti-Malware - but for some reason the program fails to launch. Even when I run it from the download or the desktop icon, I merely get an egg-timer for a while and then nothing. I have not yet done anything about Kaspersky - thought I'd first sort out MBAM.

Many thanks!!

Rorschach112

Sep 27 2009, 10:00 PM

try it in safe mode

if it fails go onto kaspersky

Annalie

Sep 29 2009, 04:57 PM

Hi again!

I seem to be hitting problems. Firstly, unable to run MBAM in Safe Mode, then downloaded Kaspersky and have run it three times now - but although it shows infected items in the right hand window during the scan, the report disappears as soon as the scan is over - I never get the opportunity to save it. When I go into the "report" section on the right hand side, it is entirely blank. Any ideas?

Thanks

Rorschach112

Sep 30 2009, 01:28 PM

hi

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
During the download, rename Combofix to Combo-Fix as follows:
It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  -----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on combo-Fix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Annalie

Sep 30 2009, 05:50 PM

Hi!

I ran Combo-fix, and here are the log reports produced (they were not called Combo-Fix.txt but log.txt so I hope these are the correct ones.

Thanks again!

***********************

ComboFix 09-09-29.04 - Annalie 2009/09/30 18:37.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.27.1033.18.511.222 [GMT 2:00]
Running from: c:\documents and settings\Annalie\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Annalie\Application Data\Gmail
c:\documents and settings\Annalie\Application Data\Gmail\exiap6415386.exe
c:\documents and settings\Annalie\Application Data\Gmail\Shell32.dll
c:\documents and settings\Annalie\Application Data\Gmail\shell32.dll
c:\windows\Installer\1082425.msi
c:\windows\Installer\56df4.msp
c:\windows\msettings.ini
c:\windows\system32\drivers\Sonyhcp.dll
c:\windows\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-30 )))))))))))))))))))))))))))))))
.

2009-09-25 22:20 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-25 22:20 . 2009-09-27 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-25 22:20 . 2009-09-10 12:53 18520 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-25 22:04 . 2009-09-25 22:04 -------- d-----w- C:\_OTL
2009-09-25 08:46 . 2009-09-25 08:46 -------- d-----w- C:\_OTM
2009-09-24 20:52 . 2009-09-24 20:52 -------- d-----w- C:\Rooter$
2009-09-23 21:25 . 2009-09-23 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-09-21 21:26 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-21 21:13 . 2009-09-21 21:13 -------- d-----w- c:\program files\Trend Micro
2009-09-21 21:12 . 2009-09-21 21:13 812344 ----a-w- c:\program files\HJTInstall.exe
2009-09-21 21:06 . 2009-09-21 21:06 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-20 20:33 . 2009-09-20 20:33 -------- d-----w- c:\program files\erunt
2009-09-20 20:32 . 2009-09-20 20:33 513320 ----a-w- c:\program files\erunt.zip
2009-09-20 18:43 . 2009-09-20 18:45 -------- d-----w- c:\program files\SysRestorePoint
2009-09-17 06:10 . 2009-09-17 06:10 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-09-08 10:10 . 2009-09-08 10:10 -------- d-----w- c:\documents and settings\Annalie\Application Data\Uniblue
2009-09-07 09:19 . 2009-09-07 09:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-24 20:58 . 2008-05-13 13:37 -------- d-----w- c:\program files\Lavasoft
2009-09-23 10:53 . 2004-09-02 14:00 -------- d-----w- c:\program files\Microsoft Home Publishing 2000
2009-09-21 21:06 . 2008-05-13 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-21 20:56 . 2008-05-13 14:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-20 18:45 . 2004-09-01 17:28 85392 -c--a-w- c:\documents and settings\Annalie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-18 15:03 . 2005-08-18 11:42 -------- d-----w- c:\program files\Microsoft AntiSpyware
2009-09-07 20:03 . 2009-09-03 20:24 4958032 ----a-w- c:\documents and settings\Annalie\Application Data\pdinstall.exe
2009-09-04 10:09 . 2009-05-06 07:42 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-08-27 09:10 . 2008-05-13 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-10 12:04 . 2009-08-10 12:03 -------- d-----w- c:\documents and settings\Annalie\Application Data\U3
2009-08-06 10:26 . 2009-08-06 10:24 -------- d-----w- c:\program files\Neopsalmist
2003-12-19 18:36 . 2004-08-30 18:33 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
.

------- Sigcheck -------

[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wscntfy.exe

[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xmlprov.dll

c:\windows\system32\wscntfy.exe ... is missing !!
c:\windows\system32\xmlprov.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-08-26 860160]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-01 1953792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-05-15 335872]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"gcasServ"="c:\program files\Microsoft AntiSpyware\gcasServ.exe" [2005-07-12 473928]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2008-05-15 820736]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 176128]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-29 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-12-19 65024]
"BTUSRBDG"="BtUsrBdg.exe" - c:\windows\system32\BtUsrBdg.exe [2002-06-19 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2003-03-31 13312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\System32\Macromed\Flash\FlashUtil9b.exe" [2006-11-09 190072]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
Image Transfer.lnk - c:\program files\Sony Corporation\Image Transfer\SonyTray.exe [2004-12-24 73728]

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2004/08/30 08:36 PM 9344]
R3 BTCOMM;BTCOMM;c:\windows\system32\drivers\Btcomm.sys [2006/06/16 07:27 PM 54624]
R3 BTKRNBDG;Bluetooth COM Bridge;c:\windows\system32\drivers\BtKrnBdg.sys [2006/06/16 07:27 PM 15908]
R3 Ndisusb;GeneLink Network Driver;c:\windows\system32\drivers\genelan.sys [2004/08/30 08:14 PM 11328]
S0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009/09/21 11:26 PM 64160]
S2 EngineServer;EngineServer;"c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe" --> c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [?]
S3 aa0cc2a1-f087-4a27-9cd8-c7fefae64e77;aa0cc2a1-f087-4a27-9cd8-c7fefae64e77;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.za/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
Trusted Zone: rmbprivatebank.com\www
Trusted Zone: //about.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Update.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: {F4EEC7DC-3402-4F75-83AC-43EA187F7BD4} = 196.43.34.190,196.43.46.190
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/hamsterball/raptisoftgameloader.cab
FF - ProfilePath - c:\documents and settings\Annalie\Application Data\Mozilla\Firefox\Profiles\k8wjhlrg.default\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-McAfee Managed Services Tray - c:\program files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe
HKLM-Run-realtekc - c:\documents and settings\Annalie\Application Data\Gmail\exiap6415386.exe
SafeBoot-Lavasoft Ad-Aware Service

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-30 18:42
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\ODBC32.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(896)
c:\windows\System32\dssenh.dll
.
Completion time: 2009-09-30 18:45
ComboFix-quarantined-files.txt 2009-09-30 16:45

Pre-Run: 34,368,065,536 bytes free
Post-Run: 34,548,133,888 bytes free

winxpsp1_en_hom_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

153 --- E O F --- 2008-11-03 10:10

Rorschach112

Sep 30 2009, 06:00 PM

Make sure to use Internet Explorer for this
Please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
- c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wscntfy.exe
Click on the Upload button
If a pop-up appears saying the file has been scanned already, please select the ReScan button.
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

Repeat it for this file

c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xmlprov.dll

Please download OTM

Save it to your desktop.
Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

CODE
:Processes

:Services
aa0cc2a1-f087-4a27-9cd8-c7fefae64e77
:Reg

:Files
d:\player
:Commands
[purity]
[emptytemp]
[Reboot]
Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM and reboot your PC.

Annalie

Sep 30 2009, 10:13 PM

Hi again!

Herewith the results of the first scan (wscntfy.exe)

###############################################

VirSCAN.org Scanned Report :
Scanned time : 2009/09/30 22:36:41 (SAST)
Scanner results: All Scanners reported not find malware!
File Name : wscntfy.exe
File Size : 13824 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 49911dd39e023bb6c45e4e436cfbd297
SHA1 : ba51674e7049e2bace2e2753c2d61e95550fc7fc
Online report : http://virscan.org/report/75a4bd6e76ac88f8...ee5e5e2c5c.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20090930233123 2009-09-30 3.97 -
AhnLab V3 2009.10.01.00 2009.10.01 2009-10-01 0.96 -
AntiVir 8.2.1.27 7.1.6.59 2009-09-30 0.14 -
Antiy 2.0.18 20090930.2943538 2009-09-30 0.12 -
Arcavir 2009 200909301639 2009-09-30 0.03 -
Authentium 5.1.1 200909301043 2009-09-30 1.18 -
AVAST! 4.7.4 090929-0 2009-09-29 0.00 -
AVG 8.5.288 270.13.115/2405 2009-09-30 0.31 -
BitDefender 7.81008.4297153 7.27991 2009-10-01 3.67 -
CA (VET) 9.0.0.143 31.6.6769 2009-10-01 3.62 -
ClamAV 0.95.2 9855 2009-09-30 0.01 -
Comodo 3.11 2475 2009-09-30 0.69 -
CP Secure 1.3.0.5 2009.09.30 2009-09-30 0.04 -
Dr.Web 4.44.0.9170 2009.09.30 2009-09-30 5.43 -
F-Prot 4.4.4.56 20090930 2009-09-30 1.17 -
F-Secure 7.02.73807 2009.09.30.09 2009-09-30 0.15 -
Fortinet 2.81-3.120 10.892 2009-09-30 0.24 -
GData 19.8151/19.494 20090930 2009-09-30 4.99 -
ViRobot 20090930 2009.09.30 2009-09-30 0.43 -
Ikarus T3.1.01.72 2009.09.30.73841 2009-09-30 4.08 -
JiangMin 11.0.800 2009.09.26 2009-09-26 3.85 -
Kaspersky 5.5.10 2009.09.30 2009-09-30 0.06 -
KingSoft 2009.2.5.15 2009.9.30.21 2009-09-30 0.49 -
McAfee 5.3.00 5757 2009-09-30 3.27 -
Microsoft 1.5101 2009.09.30 2009-09-30 5.55 -
Norman 6.01.09 6.01.00 2009-09-16 1.82 -
Panda 9.05.01 2009.09.30 2009-09-30 1.65 -
Trend Micro 8.700-1004 6.492.02 2009-09-30 0.03 -
Quick Heal 10.00 2009.09.30 2009-09-30 1.15 -
Rising 20.0 21.49.22.00 2009-09-30 0.80 -
Sophos 2.90.1 4.45 2009-10-01 3.46 -
Sunbelt 5423 5423 2009-09-30 1.53 -
Symantec 1.3.0.24 20090930.002 2009-09-30 0.05 -
nProtect 20090930.01 5690625 2009-09-30 7.34 -
The Hacker 6.5.0.2 v00023 2009-09-30 0.70 -
VBA32 3.12.10.11 20090930.1230 2009-09-30 1.98 -
VirusBuster 4.5.11.10 10.112.54/1925539 2009-09-30 2.34 -

#############################################

and herewith the results from the second scan (xmlprov.dll)

##############################################

VirSCAN.org Scanned Report :
Scanned time : 2009/09/30 22:44:36 (SAST)
Scanner results: All Scanners reported not find malware!
File Name : xmlprov.dll
File Size : 129536 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : eef46dab68229a14da3d8e73c99e2959
SHA1 : 82de19bf2a5c673f28e6c135fb2f1e7e8b4e3319
Online report : http://virscan.org/report/cbc6cb7727ac525c...2d45d05010.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20090930233123 2009-09-30 4.03 -
AhnLab V3 2009.10.01.00 2009.10.01 2009-10-01 0.81 -
AntiVir 8.2.1.27 7.1.6.59 2009-09-30 0.47 -
Antiy 2.0.18 20090930.2943538 2009-09-30 0.12 -
Arcavir 2009 200909301639 2009-09-30 0.05 -
Authentium 5.1.1 200909301043 2009-09-30 1.45 -
AVAST! 4.7.4 090929-0 2009-09-29 0.01 -
AVG 8.5.288 270.13.115/2405 2009-09-30 0.33 -
BitDefender 7.81008.4297153 7.27991 2009-10-01 3.67 -
CA (VET) 9.0.0.143 31.6.6769 2009-10-01 7.48 -
ClamAV 0.95.2 9855 2009-09-30 0.03 -
Comodo 3.11 2475 2009-09-30 0.69 -
CP Secure 1.3.0.5 2009.09.30 2009-09-30 0.06 -
Dr.Web 4.44.0.9170 2009.09.30 2009-09-30 5.51 -
F-Prot 4.4.4.56 20090930 2009-09-30 1.43 -
F-Secure 7.02.73807 2009.09.30.09 2009-09-30 8.39 -
Fortinet 2.81-3.120 10.892 2009-09-30 0.22 -
GData 19.8151/19.494 20090930 2009-09-30 4.87 -
ViRobot 20090930 2009.09.30 2009-09-30 0.41 -
Ikarus T3.1.01.72 2009.09.30.73841 2009-09-30 4.13 -
JiangMin 11.0.800 2009.09.26 2009-09-26 3.80 -
Kaspersky 5.5.10 2009.09.30 2009-09-30 0.06 -
KingSoft 2009.2.5.15 2009.9.30.21 2009-09-30 0.49 -
McAfee 5.3.00 5757 2009-09-30 3.30 -
Microsoft 1.5101 2009.09.30 2009-09-30 5.37 -
Norman 6.01.09 6.01.00 2009-09-16 1.83 -
Panda 9.05.01 2009.09.30 2009-09-30 1.73 -
Trend Micro 8.700-1004 6.492.02 2009-09-30 0.03 -
Quick Heal 10.00 2009.09.30 2009-09-30 1.17 -
Rising 20.0 21.49.22.00 2009-09-30 0.81 -
Sophos 2.90.1 4.45 2009-10-01 3.44 -
Sunbelt 5423 5423 2009-09-30 1.41 -
Symantec 1.3.0.24 20090930.002 2009-09-30 0.05 -
nProtect 20090930.01 5690625 2009-09-30 6.76 -
The Hacker 6.5.0.2 v00023 2009-09-30 0.69 -
VBA32 3.12.10.11 20090930.1230 2009-09-30 1.94 -
VirusBuster 4.5.11.10 10.112.54/1925539 2009-09-30 2.39 -

###############################################

and, finally, the result of the OTM run.

################################################

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========

Service\Driver aa0cc2a1-f087-4a27-9cd8-c7fefae64e77 deleted successfully.
========== REGISTRY ==========
========== FILES ==========
File/Folder d:\player not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Annalie
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 1928809 bytes
->Java cache emptied: 1185219 bytes
->FireFox cache emptied: 37844795 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest 2009
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Katy

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32835 bytes

User: Matthew

User: McAfeeMVSUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Peter

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 39.12 mb

OTM by OldTimer - Version 3.0.0.6 log created on 09302009_225850

Files moved on Reboot...

Registry entries deleted on Reboot...

###################################################

Thank you!

Rorschach112

Sep 30 2009, 11:01 PM

hi

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE

File::

Folder::

Registry::
FCopy::
c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wscntfy.exe | c:\windows\system32\wscntfy.exe
c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xmlprov.dll | c:\windows\system32\xmlprov.dll
Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Also tell me how its running

Rorschach112

Oct 5 2009, 08:20 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !

Rorschach112

Oct 7 2009, 01:06 PM

This topic has been reopened at the original posters request.

Rorschach112

Oct 7 2009, 01:07 PM

post the logs

Annalie

Oct 7 2009, 05:56 PM

Hi!

Ran ComboFix, this time with no interruptions - the log attac hed below.

Thanks!!
Annalie

#########################################################

ComboFix 09-10-06.04 - Annalie 2009/10/07 18:45.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.27.1033.18.511.267 [GMT 2:00]
Running from: c:\documents and settings\Annalie\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Annalie\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wscntfy.exe --> c:\windows\system32\wscntfy.exe
c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xmlprov.dll --> c:\windows\system32\xmlprov.dll
.
((((((((((((((((((((((((( Files Created from 2009-09-07 to 2009-10-07 )))))))))))))))))))))))))))))))
.

2009-10-07 16:45 . 2004-08-04 07:56 13824 ----a-w- c:\windows\system32\wscntfy.exe
2009-09-25 22:20 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-25 22:20 . 2009-09-27 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-25 22:20 . 2009-09-10 12:53 18520 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-25 22:04 . 2009-09-25 22:04 -------- d-----w- C:\_OTL
2009-09-25 08:46 . 2009-09-25 08:46 -------- d-----w- C:\_OTM
2009-09-24 20:52 . 2009-09-24 20:52 -------- d-----w- C:\Rooter$
2009-09-23 21:25 . 2009-09-23 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-09-21 21:26 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-21 21:13 . 2009-09-21 21:13 -------- d-----w- c:\program files\Trend Micro
2009-09-21 21:12 . 2009-09-21 21:13 812344 ----a-w- c:\program files\HJTInstall.exe
2009-09-21 21:06 . 2009-09-21 21:06 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-20 20:33 . 2009-09-20 20:33 -------- d-----w- c:\program files\erunt
2009-09-20 20:32 . 2009-09-20 20:33 513320 ----a-w- c:\program files\erunt.zip
2009-09-20 18:43 . 2009-09-20 18:45 -------- d-----w- c:\program files\SysRestorePoint
2009-09-17 06:10 . 2009-09-17 06:10 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-09-08 10:10 . 2009-09-08 10:10 -------- d-----w- c:\documents and settings\Annalie\Application Data\Uniblue

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-05 11:46 . 2004-09-01 17:28 85392 -c--a-w- c:\documents and settings\Annalie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-01 08:36 . 2005-08-18 11:42 -------- d-----w- c:\program files\Microsoft AntiSpyware
2009-09-24 20:58 . 2008-05-13 13:37 -------- d-----w- c:\program files\Lavasoft
2009-09-23 10:53 . 2004-09-02 14:00 -------- d-----w- c:\program files\Microsoft Home Publishing 2000
2009-09-21 21:06 . 2008-05-13 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-21 20:56 . 2008-05-13 14:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-07 20:03 . 2009-09-03 20:24 4958032 ----a-w- c:\documents and settings\Annalie\Application Data\pdinstall.exe
2009-09-07 09:19 . 2009-09-07 09:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-04 10:09 . 2009-05-06 07:42 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-08-27 09:10 . 2008-05-13 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-10 12:04 . 2009-08-10 12:03 -------- d-----w- c:\documents and settings\Annalie\Application Data\U3
2003-12-19 18:36 . 2004-08-30 18:33 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
.

------- Sigcheck -------

[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe

[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-09-30_16.42.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-30 17:07 . 2009-09-30 07:29 65536 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-30 17:07 . 2009-10-07 05:12 65536 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-30 18:50 . 2009-09-30 21:00 302032 c:\windows\system32\FNTCACHE.DAT
- 2004-08-30 18:50 . 2009-09-27 21:45 302032 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-30 17:07 . 2009-10-07 05:12 704512 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-08-30 17:07 . 2009-09-30 07:29 704512 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-30 05:50 . 2009-10-07 05:12 7585792 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-30 05:50 . 2009-09-30 07:29 7585792 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-08-26 860160]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-01 1953792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-05-15 335872]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"gcasServ"="c:\program files\Microsoft AntiSpyware\gcasServ.exe" [2005-07-12 473928]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2008-05-15 820736]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 176128]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-29 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-12-19 65024]
"BTUSRBDG"="BtUsrBdg.exe" - c:\windows\system32\BtUsrBdg.exe [2002-06-19 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2003-03-31 13312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\System32\Macromed\Flash\FlashUtil9b.exe" [2006-11-09 190072]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
Image Transfer.lnk - c:\program files\Sony Corporation\Image Transfer\SonyTray.exe [2004-12-24 73728]

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2004/08/30 08:36 PM 9344]
R3 BTCOMM;BTCOMM;c:\windows\system32\drivers\Btcomm.sys [2006/06/16 07:27 PM 54624]
R3 BTKRNBDG;Bluetooth COM Bridge;c:\windows\system32\drivers\BtKrnBdg.sys [2006/06/16 07:27 PM 15908]
R3 Ndisusb;GeneLink Network Driver;c:\windows\system32\drivers\genelan.sys [2004/08/30 08:14 PM 11328]
S0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009/09/21 11:26 PM 64160]
S2 EngineServer;EngineServer;"c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe" --> c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.za/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
Trusted Zone: rmbprivatebank.com\www
Trusted Zone: //about.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Update.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: {F4EEC7DC-3402-4F75-83AC-43EA187F7BD4} = 196.43.34.190,196.43.46.190
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/hamsterball/raptisoftgameloader.cab
FF - ProfilePath - c:\documents and settings\Annalie\Application Data\Mozilla\Firefox\Profiles\k8wjhlrg.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-07 18:51
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\ODBC32.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(892)
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(3984)
c:\windows\System32\btmmhook.dll
c:\windows\System32\msi.dll
.
Completion time: 2009-10-07 18:53
ComboFix-quarantined-files.txt 2009-10-07 16:53
ComboFix2.txt 2009-09-30 16:45

Pre-Run: 34,460,696,576 bytes free
Post-Run: 34,425,319,424 bytes free

152 --- E O F --- 2008-11-03 10:10

Rorschach112

Oct 7 2009, 06:37 PM

Looking good

download and run the mcafee removal tool from here

http://majorgeeks.com/McAfee_Consumer_Prod...Tool_d5420.html

* I notice that you have no firewall on your PC, this is extremely dangerous and leaves your PC open to vulnerabilities, so please download and install one of the following programs : ZoneAlarm, Comodo, or
Outpost
Make sure you only use one firewall though. A tutorial on understanding and using firewalls may be found here.

* I notice that you have no anti-virus program on your PC, this is extremely dangerous and leaves your PC open to vulnerabilities, so please download and install one of the following programs :
AntiVir or avast!.

Then update Windows to the latest Service Pack and post a new HJT log

Annalie

Oct 8 2009, 08:20 AM

Hi!

I ran MCPR a number of times, and even restarted the computer and ran it again, but I keep getting an "incomplete cleanup" message. I have posted the log below - any suggestions??

Annalie

###################################################

MCAFEE CLEANUP
October 08, 2009 09:18:35
INFO Cleanup will be scheduled and run.
INFO Product mpfpcu to be removed from system.
INFO Product mpfp to be removed from system.
INFO Product mps to be removed from system.
INFO Product shred to be removed from system.
INFO Product mpscu to be removed from system.
INFO Product mskcu to be removed from system.
INFO Product msk to be removed from system.
INFO Product emproxy to be removed from system.
INFO Product mas to be removed from system.
INFO Product fwdriver to be removed from system.
INFO Product hw to be removed from system.
INFO Product mbk to be removed from system.
INFO Product mcproxy to be removed from system.
INFO Product mhn to be removed from system.
INFO Product mqccu to be removed from system.
INFO Product mqc to be removed from system.
INFO Product shrd to be removed from system.
INFO Product nmc to be removed from system.
INFO Product redir to be removed from system.
INFO Product mna to be removed from system.
INFO Product mwl to be removed from system.
INFO Product msad to be removed from system.
INFO Product vs to be removed from system.
INFO Product msc to be removed from system.
INFO Product mcpr to be removed from system.
INFO Task Scheduler service started.
WINERR OpenService() failed. Error: 997
INFO (Warning) Unable to control McAfee service.

October 08, 2009 09:18:39
INFO Cleanup finished running using Task Scheduler.
FAIL The products were not successfully removed by the scheduled cleanup.

Rorschach112

Oct 8 2009, 12:28 PM

do the other steps then do this

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%systemroot%\System32\antiwpa.dll
%systemroot%\SYSTEM32\wpa.dll
%systemroot%\setup\scripts\biestart.exe
%systemroot%\system32\drivers\royal.sys
%systemroot%\system32\oobe\AntiWPA_Crypt.dll
%TEMP%\antiwpa_crypt.dll
%TEMP%\antiwpa.dll /s
%PROGRAMFILES%\antiwpa.dll /s
%systemroot%\system32\crypt.dll
%TEMP%\crypt.dll
%SYSTEMDRIVE%\*.
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
%systemroot%\system32\drivers\*.dat
%PROGRAMFILES%\*.*
%PROGRAMFILES%\*.exe
%DESKTOP%\*.exe
%USERNAME%\*.exe
%USERPROFILE%\*.exe
%ALLUSERSPROFILE%\*.exe
%SYSTEMDRIVE%\*.exe
%SYSTEMROOT%\*.exe
%systemroot%\system32\drivers\*.exe
%systemroot%\system\*.exe
%systemroot%\AppPatch\*.exe
%systemroot%\Cache\*.exe
%systemroot%\Downloaded Program Files\*.exe
%systemroot%\Fonts\*.exe
%systemroot%\Help\*.exe
%APPDATA%\*.exe
%APPDATA%\Google\*.exe
%systemroot%\system32\inf\*.exe
%APPDATA%\Opera\Opera\profile\widgets\*.exe
%PROGRAMFILES%\Opera\program\plugins\*.exe
%APPDATA%\Opera\Opera\profile\toolbar\*.exe
%systemroot%\Web\*.exe
%systemroot%\Wbem\*.exe
%systemroot%\twain_32\*.exe
%systemroot%\WinSxS\*.exe
%systemroot%\Sun\*.exe
%systemroot%\srchasst\*.exe
%systemroot%\Shellnew\*.exe
%systemroot%\Security\*.exe
%systemroot%\Resources\*.exe
%systemroot%\Repair\*.exe
%systemroot%\Registration\*.exe
%systemroot%\RegisteredPackages\*.exe
%systemroot%\pss\*.exe
%systemroot%\Provisioning\*.exe
%systemroot%\PIF\*.exe
%systemroot%\PeerNet\*.exe
%systemroot%\PcTel\*.exe
%systemroot%\Offline Web Pages\*.exe
%systemroot%\network diagnostic\*.exe
%systemroot%\mui\*.exe
%systemroot%\msapps\*.exe
%systemroot%\msagent\*.exe
%systemroot%\minidump\*.exe
%systemroot%\media\*.exe
%systemroot%\Help\*.exe
%systemroot%\ie7\*.exe
%systemroot%\ie7updates\*.exe
%systemroot%\ime\*.exe
%systemroot%\installer\*.exe
%systemroot%\internet logs\*.exe
%systemroot%\Cursors\*.exe
%systemroot%\Config\*.exe
%systemroot%\internet logs\*.exe
%systemroot%\Assembly\*.exe
%systemroot%\internet logs\*.exe
%systemroot%\AppPatch\*.exe
%systemroot%\l2schemas\*.exe
%systemroot%\Debug\*.exe
%systemroot%\ehome\*.exe
%systemroot%\Connection Wizard\*.exe
%systemroot%\system32\1025\*.exe
%systemroot%\system32\1028\*.exe
%systemroot%\system32\1031\*.exe
%systemroot%\system32\1033\*.exe
%systemroot%\system32\1037\*.exe
%systemroot%\system32\1041\*.exe
%systemroot%\system32\1042\*.exe
%systemroot%\system32\1054\*.exe
%systemroot%\system32\2052\*.exe
%systemroot%\system32\3076\*.exe
%systemroot%\system32\appmgmt\*.exe
%systemroot%\system32\bits\*.exe
%systemroot%\system32\catroot\*.exe
%systemroot%\system32\catroot2\*.exe
%systemroot%\system32\com\*.exe
%systemroot%\system32\config\*.exe
%systemroot%\system32\dhcp\*.exe
%systemroot%\system32\DirectX\*.exe
%systemroot%\system32\drvstore\*.exe
%systemroot%\system32\en\*.exe
%systemroot%\system32\en-us\*.exe
%systemroot%\system32\export\*.exe
%systemroot%\system32\GroupPolicy\*.exe
%systemroot%\system32\ias\*.exe
%systemroot%\system32\icsxml\*.exe
%systemroot%\system32\ime\*.exe
%systemroot%\system32\inetsrv\*.exe
%systemroot%\system32\LogFiles\*.exe
%systemroot%\system32\Macromed\*.exe
%systemroot%\system32\Microsoft\*.exe
%systemroot%\system32\Msdtc\*.exe
%systemroot%\system32\Mui\*.exe
%systemroot%\system32\npp\*.exe
%systemroot%\system32\NtMsData\*.exe
%systemroot%\system32\oobe\*.exe
%systemroot%\system32\PreInstall\*.exe
%systemroot%\system32\ras\*.exe
%systemroot%\system32\ReInstallBackups\*.exe
%systemroot%\system32\Restore\*.exe
%systemroot%\system32\Scripting\*.exe
%systemroot%\system32\Setup\*.exe
%systemroot%\system32\ShellExt\*.exe
%systemroot%\system32\SoftwareDistribution\*.exe
%systemroot%\system32\URTTEmp\*.exe
%systemroot%\system32\USMT\*.exe
%systemroot%\system32\Wbem\*.exe
%systemroot%\system32\Wins\*.exe
%systemroot%\system32\Xircom\*.exe
%systemroot%\system32\XPSViewer\*.exe
%COMMONPROGRAMFILES%\*.exe
%APPDATA%\*.*
%TEMP%\*.*
set /c
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Annalie

Oct 10 2009, 09:42 PM

Hi!

Downloaded COMODO and Avira AntVir, updated to SP3 and then ran HJT. Herewith the log for HJT:

##########################################################

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:05 PM, on 2009/10/10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\BtUsrBdg.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4EEC7DC-3402-4F75-83AC-43EA187F7BD4}: NameServer = 196.43.34.190,196.43.46.190
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.dll (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: EngineServer - Unknown owner - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McShield - Unknown owner - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe (file missing)

--
End of file - 8236 bytes

####################################################

Many thanks!

######################################################

Then ran OTL, and herewith the logs:

##########################

OTL.Txt

###########################

OTL logfile created on: 2009/10/10 10:46:14 PM - Run 2
OTL by OldTimer - Version 3.0.19.0 Folder = C:\Documents and Settings\Annalie\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

511.48 Mb Total Physical Memory | 231.93 Mb Available Physical Memory | 45.34% Memory free
1.22 Gb Paging File | 0.88 Gb Available in Paging File | 71.85% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 29.31 Gb Free Space | 38.22% Space Free | Partition Type: NTFS
Drive D: | 200.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-STUDY
Current User Name: Annalie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Annalie\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe (Nokia Corporation)
PRC - C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.)
PRC - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe (Nokia.)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe (Microsoft Corporation)
PRC - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
PRC - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe ()
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\System32\Ati2evxx.exe ()
PRC - C:\WINDOWS\System32\BtUsrBdg.exe (Extended Systems, Inc.)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe ()
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\System32\ati2sgag.exe ()
SRV - (btwdins [Auto | Running]) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (cmdAgent [Auto | Running]) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (EngineServer [Auto | Stopped]) -- File not found
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (McShield [On_Demand | Stopped]) -- File not found
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ALCXSENS [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (avgntflt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (basic2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys (Conexant)
DRV - (BsStor [Boot | Running]) -- C:\WINDOWS\System32\drivers\BsStor.sys (B.H.A Co.,Ltd.)
DRV - (BtAudio [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\btaudio.sys (Broadcom Corporation.)
DRV - (BTCOMM [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Btcomm.sys (Extended Systems Inc.)
DRV - (BTDriver [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\btport.sys (Broadcom Corporation.)
DRV - (BTKRNBDG [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\btkrnbdg.sys (Extended Systems, Inc.)
DRV - (BTKRNL [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWDNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\btwhid.sys (Broadcom Corporation.)
DRV - (cdrbsvsd [System | Running]) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys (B.H.A Corporation)
DRV - (cmdGuard [System | Running]) -- C:\WINDOWS\System32\DRIVERS\cmdguard.sys (COMODO)
DRV - (cmdHlp [System | Running]) -- C:\WINDOWS\System32\DRIVERS\cmdhlp.sys (COMODO)
DRV - (EIO [Auto | Running]) -- C:\WINDOWS\System32\drivers\EIO.sys (ASUSTeK Computer Inc.)
DRV - (Fallback [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys (Conexant)
DRV - (Fsks [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys (Conexant)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys (Conexant Systems, Inc.)
DRV - (hsf_msft [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys (Conexant)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys (Conexant Systems, Inc.)
DRV - (Inspect [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (K56 [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys (Conexant)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (MASPINT [Auto | Running]) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MfeAVFK [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\MfeAVFK.sys (McAfee, Inc.)
DRV - (MfeBOPK [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\MfeBOPK.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (MfeRKDK [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\MfeRKDK.sys (McAfee, Inc.)
DRV - (mfetdik [System | Running]) -- C:\WINDOWS\System32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (Ndisusb [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\genelan.sys (Genesys Logic)
DRV - (nv_agp [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (nvatabus [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\nvatabus.sys (NVIDIA Corporation)
DRV - (NVENET [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NVENET.sys (NVIDIA Corporation)
DRV - (NwlnkIpx [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys (Microsoft Corporation)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Rksample [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys (Conexant)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (sdcplh [System | Running]) -- C:\WINDOWS\System32\drivers\sdcplh.sys (Macrovision Europe Ltd)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys ()
DRV - (sisidex [Boot | Running]) -- C:\WINDOWS\system32\drivers\sisidex.sys (Windows ® 2000 DDK provider)
DRV - (sisperf [Boot | Running]) -- C:\WINDOWS\system32\drivers\sisperf.sys (Silicon Integrated Systems Corp.)
DRV - (SoftFax [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys (Conexant)
DRV - (sonypvs1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sonypvs1.sys (Sony Corporation)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (ssmdrv [System | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (Tones [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys (Conexant)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (V124 [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_V124.sys (Conexant)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/02/12 10:56:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/21 12:34:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/09 16:01:34 | 00,000,000 | ---D | M]

[2008/09/06 10:54:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\mozilla\Extensions
[2008/09/06 10:54:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/02/13 12:48:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\mozilla\Firefox\Profiles\k8wjhlrg.default\extensions
[2009/10/10 11:34:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/13 12:24:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/04/08 13:37:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/18 21:19:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/02/12 10:57:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/30 11:49:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/09/13 12:24:26 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/13 12:24:26 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/13 12:24:32 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2008/04/01 09:57:41 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/04/01 09:57:41 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/04/01 09:57:41 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2007/12/29 13:55:51 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/04/01 09:57:41 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/04/01 09:57:41 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/19 16:57:43 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/06/19 16:57:43 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/19 16:57:43 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/06/19 16:57:43 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/19 16:57:43 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/06/19 16:57:43 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/19 16:57:43 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/19 16:57:43 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (326171 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 11162 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BTUSRBDG] C:\WINDOWS\System32\BtUsrBdg.exe (Extended Systems, Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.)
O4 - HKLM..\Run: [gcasServ] C:\Program Files\Microsoft AntiSpyware\gcasServ.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKCU..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries0000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries0000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries0000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 61 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: rmbprivatebank.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: RaptisoftGameLoader http://www.miniclip.com/hamsterball/raptisoftgameloader.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\httpx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\httpsx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {9EF34FF2-3396-4527-9D27-04C8C1C67806} - C:\Program Files\Microsoft AntiSpyware\shellextension.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/30 19:05:31 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1997/01/29 16:35:22 | 00,026,624 | R--- | M] () - D:\AUTOSET.EXE -- [ CDFS ]
O32 - AutoRun File - [1997/11/12 03:10:00 | 00,150,016 | R--- | M] (Indigo Rose Corporation) - D:\automenu.exe -- [ CDFS ]
O32 - AutoRun File - [1998/07/20 17:06:54 | 00,002,789 | R--- | M] () - D:\automenu.ini -- [ CDFS ]
O32 - AutoRun File - [1998/07/20 17:00:46 | 00,000,049 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} - Security Update for Microsoft .NET Framework 2.0 (KB922770)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {967B098A-042D-4367-BAC9-8BC11684174F} - Security Update for Microsoft .NET Framework 2.0 (KB917283)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player 9 ActiveX
ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.IV41 - C:\WINDOWS\System32\IR41_32.AX (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/09/21 23:06:44 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/10/10 22:24:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/10/09 18:43:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2009/09/23 23:25:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009/09/17 08:09:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009/10/10 22:24:30 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/10/09 18:43:17 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2009/09/20 22:33:36 | 00,000,000 | ---D | C] -- C:\Program Files\erunt
[2009/09/26 00:20:26 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/17 08:10:08 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2009/09/20 20:43:57 | 00,000,000 | ---D | C] -- C:\Program Files\SysRestorePoint
[2009/09/21 23:13:18 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/10 22:24:36 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/10/10 22:24:36 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/10/10 22:24:36 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/10/10 22:24:36 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/10/10 22:24:36 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/10/10 11:36:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/10/09 18:43:20 | 00,179,792 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2009/10/09 18:43:20 | 00,132,296 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/10/09 18:43:20 | 00,087,104 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/10/09 18:43:20 | 00,025,160 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/10/09 14:28:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/10/09 12:29:40 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2009/10/09 12:27:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2009/10/09 12:27:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2009/10/09 12:25:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/10/09 12:21:06 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/10/09 12:21:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2009/10/09 10:43:32 | 40,519,952 | ---- | C] (COMODO) -- C:\Program Files\CIS_Setup_3.12.111745.560_XP_Vista_x32.exe
[2009/10/09 07:05:27 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/10/07 18:53:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/07 18:45:41 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmlprov.dll
[2009/10/07 18:45:41 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
[2009/10/07 18:44:34 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/07 18:44:34 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/07 18:44:34 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/07 18:44:34 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/09/30 18:36:33 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/09/30 18:33:25 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/09/26 00:20:28 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/26 00:20:26 | 00,018,520 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/26 00:16:14 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Annalie\Desktop\mbam-setup.exe
[2009/09/26 00:10:58 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Annalie\Desktop\TFC.exe
[2009/09/26 00:04:02 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/09/25 18:06:38 | 00,520,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Annalie\Desktop\OTL.exe
[2009/09/25 10:46:47 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/09/25 10:45:17 | 00,408,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Annalie\Desktop\OTM.exe
[2009/09/24 22:52:23 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/09/21 23:26:39 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/09/21 23:12:27 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HJTInstall.exe
[2009/09/20 22:37:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/03 22:24:26 | 04,958,032 | ---- | C] (Perfect Software LLC) -- C:\Documents and Settings\Annalie\Application Data\pdinstall.exe

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/10/10 22:42:02 | 00,520,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Annalie\Desktop\OTL.exe
[2009/10/10 22:25:02 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/10/10 22:25:02 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/10/10 22:24:55 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/10/10 22:16:17 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Annalie\Desktop\Word.lnk
[2009/10/10 22:06:29 | 00,086,168 | ---- | M] () -- C:\Documents and Settings\Annalie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/10 11:20:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/10 11:20:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/09 18:46:48 | 00,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2009/10/09 18:43:16 | 00,179,792 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2009/10/09 18:43:16 | 00,132,296 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/10/09 18:43:16 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/10/09 18:43:16 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/10/09 16:43:07 | 00,303,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/09 16:02:47 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/09 16:01:39 | 00,001,686 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/09 15:51:58 | 00,013,740 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/09 14:32:44 | 00,474,832 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/09 14:32:44 | 00,403,836 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/09 14:32:44 | 00,063,246 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/09 14:29:49 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/10/09 12:29:41 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/09 12:23:34 | 00,250,032 | RHS- | M] () -- C:\ntldr
[2009/10/09 12:23:34 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/10/09 12:07:43 | 33,961,728 | ---- | M] () -- C:\Program Files\avira_antivir_personal_en.exe
[2009/10/09 11:01:40 | 40,519,952 | ---- | M] (COMODO) -- C:\Program Files\CIS_Setup_3.12.111745.560_XP_Vista_x32.exe
[2009/10/08 12:39:05 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/08 09:10:15 | 00,608,344 | ---- | M] () -- C:\Documents and Settings\Annalie\Desktop\MCPR.exe
[2009/10/07 18:51:10 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/07 18:43:41 | 03,327,820 | R--- | M] () -- C:\Documents and Settings\Annalie\Desktop\Combo-Fix.exe
[2009/09/30 22:57:14 | 00,408,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Annalie\Desktop\OTM.exe
[2009/09/30 09:43:55 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/09/29 10:57:05 | 00,037,888 | ---- | M] () -- C:\Documents and Settings\Annalie\My Documents\Salary Slip - Philipina and George and Thembile 2008.doc
[2009/09/28 00:38:07 | 00,002,119 | ---- | M] () -- C:\Documents and Settings\Annalie\Application Data\YQzcnqK5at.gif
[2009/09/28 00:38:07 | 00,000,607 | ---- | M] () -- C:\Documents and Settings\Annalie\Application Data\YQzcnqK5zn.gif
[2009/09/28 00:38:07 | 00,000,598 | ---- | M] () -- C:\Documents and Settings\Annalie\Application Data\YQzcnqK5by.gif
[2009/09/26 00:20:31 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/26 00:18:11 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Annalie\Desktop\mbam-setup.exe
[2009/09/26 00:09:02 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Annalie\Desktop\TFC.exe
[2009/09/24 22:58:31 | 00,440,832 | ---- | M] () -- C:\Documents and Settings\Annalie\Desktop\CKScanner.exe
[2009/09/22 22:37:49 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Annalie\Desktop\HijackThis.lnk
[2009/09/21 23:13:09 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\HJTInstall.exe
[2009/09/21 23:06:42 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/09/20 22:33:01 | 00,513,320 | ---- | M] () -- C:\Program Files\erunt.zip
[2009/09/18 17:11:33 | 21,031,280 | ---- | M] () -- C:\Documents and Settings\Annalie\Desktop\aaw2007.exe
[2009/09/17 08:35:21 | 02,201,600 | ---- | M] () -- C:\Documents and Settings\Annalie\My Documents\Katys Photo competition.ppt
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe

========== Files - No Company Name ==========
[2009/10/10 22:24:55 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/10/09 18:46:48 | 00,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2009/10/09 11:50:21 | 33,961,728 | ---- | C] () -- C:\Program Files\avira_antivir_personal_en.exe
[2009/10/08 09:10:10 | 00,608,344 | ---- | C] () -- C:\Documents and Settings\Annalie\Desktop\MCPR.exe
[2009/10/07 18:44:34 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/07 18:44:34 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/07 18:44:34 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/07 18:44:34 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/07 18:42:13 | 03,327,820 | R--- | C] () -- C:\Documents and Settings\Annalie\Desktop\Combo-Fix.exe
[2009/09/30 18:36:37 | 00,000,194 | ---- | C] () -- C:\Boot.bak
[2009/09/30 18:36:34 | 00,245,920 | ---- | C] () -- C:\cmldr
[2009/09/28 00:38:07 | 00,002,119 | ---- | C] () -- C:\Documents and Settings\Annalie\Application Data\YQzcnqK5at.gif
[2009/09/28 00:38:07 | 00,000,607 | ---- | C] () -- C:\Documents and Settings\Annalie\Application Data\YQzcnqK5zn.gif
[2009/09/28 00:38:07 | 00,000,598 | ---- | C] () -- C:\Documents and Settings\Annalie\Application Data\YQzcnqK5by.gif
[2009/09/26 00:20:31 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/24 22:58:42 | 00,440,832 | ---- | C] () -- C:\Documents and Settings\Annalie\Desktop\CKScanner.exe
[2009/09/21 23:13:18 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Annalie\Desktop\HijackThis.lnk
[2009/09/21 23:06:42 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/09/20 22:32:58 | 00,513,320 | ---- | C] () -- C:\Program Files\erunt.zip
[2009/09/17 08:35:21 | 02,201,600 | ---- | C] () -- C:\Documents and Settings\Annalie\My Documents\Katys Photo competition.ppt
[2008/09/26 09:15:24 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/25 11:53:41 | 00,038,434 | ---- | C] () -- C:\Documents and Settings\Annalie\Application Data\Comma Separated Values (Windows).ADR
[2008/09/25 11:47:09 | 00,038,432 | ---- | C] () -- C:\Documents and Settings\Annalie\Application Data\Tab Separated Values (Windows).ADR
[2008/02/09 18:44:33 | 00,000,173 | ---- | C] () -- C:\WINDOWS\SOFTPEG.INI
[2007/12/29 13:56:13 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007/12/29 13:56:13 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007/07/14 16:18:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Gamchest.INI
[2007/04/01 09:00:28 | 02,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/04/01 08:41:52 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/06/17 14:36:41 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/06/17 10:06:12 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/06/16 19:12:00 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\ESICOMMN.dll
[2006/01/10 19:33:17 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/01/05 22:46:40 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2005/08/19 18:45:22 | 00,000,419 | ---- | C] () -- C:\WINDOWS\PCPHOTO.INI
[2005/02/17 12:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/12/24 15:26:45 | 00,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2004/12/24 15:26:45 | 00,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2004/09/01 19:28:13 | 00,086,168 | ---- | C] () -- C:\Documents and Settings\Annalie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/09/01 10:13:28 | 00,000,172 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2004/09/01 09:55:31 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Annalie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/30 20:51:32 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/30 20:50:18 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/30 20:35:31 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2004/08/30 20:35:31 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2004/08/30 20:33:12 | 00,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2004/08/30 20:14:40 | 00,001,589 | ---- | C] () -- C:\WINDOWS\System32\drivers\glexport.sys
[2004/08/30 20:01:02 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/08/30 20:01:01 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/08/30 19:56:20 | 01,108,964 | -H-- | C] () -- C:\Documents and Settings\Annalie\Local Settings\Application Data\IconCache.db
[2004/08/30 19:55:57 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/08/30 19:16:36 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Annalie\Application Data\desktop.ini
[2004/08/04 09:56:42 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2003/12/02 15:55:14 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/03/31 14:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/03/31 14:00:00 | 00,001,686 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/03/31 14:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1997/06/14 02:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/10/10 22:24:30 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/09/04 12:09:23 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/09/21 23:06:55 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2006/01/24 07:47:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2006/06/17 14:32:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buena Vista Games
[2005/02/08 17:20:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2004/09/02 15:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2009/10/09 15:52:22 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Annalie\Application Data
[2009/07/02 19:08:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\Ahead
[2005/01/27 08:19:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\Cyberlink
[2007/11/07 15:25:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\Datalayer
[2004/08/30 20:36:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\InterTrust
[2007/01/11 10:41:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\MSN6
[2008/05/02 18:15:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\NetMedia Providers
[2007/11/05 20:03:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\Nokia
[2007/06/05 08:31:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\Nokia Multimedia Player
[2006/06/16 18:43:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\PC Suite
[2008/05/02 18:15:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\Publish Providers
[2005/08/14 18:21:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\Raptisoft
[2007/07/21 12:57:25 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Annalie\Application Data\SecuROM
[2009/03/02 09:00:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\Sibelius Software
[2008/05/02 18:15:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\Sony
[2009/08/10 14:04:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\U3
[2009/09/08 12:10:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\Uniblue
[2006/06/16 19:31:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Annalie\Application Data\XTND_BTUIObjects
[2003/03/31 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/10 11:20:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Custom Scans ==========

< %systemroot%\System32\antiwpa.dll >

< %systemroot%\SYSTEM32\wpa.dll >

< %systemroot%\setup\scripts\biestart.exe >

< %systemroot%\system32\drivers\royal.sys >

< %systemroot%\system32\oobe\AntiWPA_Crypt.dll >

< %TEMP%\antiwpa_crypt.dll >

< %TEMP%\antiwpa.dll /s >

< %PROGRAMFILES%\antiwpa.dll /s >

< %systemroot%\system32\crypt.dll >

< %TEMP%\crypt.dll >

< %SYSTEMDRIVE%\*. >
[2009/10/10 22:42:02 | 00,000,000 | ---D | M] -- C:
[2009/09/26 00:04:02 | 00,000,000 | ---D | M] -- C:\_OTL
[2009/09/25 10:46:47 | 00,000,000 | ---D | M] -- C:\_OTM
[2008/01/18 17:14:50 | 00,000,000 | ---D | M] -- C:\btinbox
[2009/09/30 18:36:37 | 00,000,000 | RHSD | M] -- C:\cmdcons
[2009/07/05 22:07:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings
[2006/05/01 10:09:56 | 00,000,000 | ---D | M] -- C:\Drivers
[2004/08/30 20:46:53 | 00,000,000 | R--D | M] -- C:\MSOCache
[2006/05/01 10:45:18 | 00,000,000 | ---D | M] -- C:\MWASPI
[2009/07/15 19:48:59 | 00,000,000 | ---D | M] -- C:\NVIDIA
[2005/08/19 09:04:47 | 00,000,000 | ---D | M] -- C:\ppwork
[2009/10/10 22:24:30 | 00,000,000 | R--D | M] -- C:\Program Files
[2009/10/07 18:53:48 | 00,000,000 | ---D | M] -- C:\Qoobox
[2009/10/09 07:05:27 | 00,000,000 | -HSD | M] -- C:\RECYCLER
[2009/09/24 22:52:23 | 00,000,000 | ---D | M] -- C:\Rooter$
[2009/10/09 14:28:22 | 00,000,000 | -HSD | M] -- C:\System Volume Information
[2009/10/10 22:25:02 | 00,000,000 | ---D | M] -- C:\WINDOWS

< %SYSTEMDRIVE%\*.* >
[2007/10/14 19:21:08 | 00,000,000 | ---- | M] () -- C:\AILog.txt
[2004/08/30 19:05:31 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/09/07 11:28:39 | 00,002,418 | ---- | M] () -- C:\avenger.txt
[2007/06/06 12:46:48 | 00,000,192 | ---- | M] () -- C:\BcBtRmv.log
[2004/08/30 18:59:13 | 00,000,194 | ---- | M] () -- C:\Boot.bak
[2009/10/09 12:29:41 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2003/08/14 06:27:02 | 00,000,509 | ---- | M] () -- C:\BsCLiP.iss
[2004/08/30 20:35:51 | 00,000,032 | ---- | M] () -- C:\BsGold.log
[2002/08/29 01:05:52 | 00,245,920 | ---- | M] () -- C:\cmldr
[2009/10/07 18:53:45 | 00,010,620 | ---- | M] () -- C:\ComboFix.txt
[2004/08/30 19:05:31 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/07/13 21:20:24 | 00,000,166 | ---- | M] () -- C:\INSTALL.LOG
[2004/08/30 19:05:31 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/04/27 10:59:18 | 00,000,172 | -H-- | M] () -- C:\IPH.PH
[2004/08/30 19:05:31 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/10/09 12:23:34 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/10/09 12:23:34 | 00,250,032 | RHS- | M] () -- C:\ntldr
[2009/10/10 11:20:29 | 80,530,6368 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2009/10/10 22:24:30 | 00,000,000 | R--D | M] -- C:\Program Files
[2008/06/26 11:34:53 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/09/25 17:34:12 | 00,000,000 | ---D | M] -- C:\Program Files\Ahead
[2004/08/30 20:41:27 | 00,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2009/10/10 22:24:30 | 00,000,000 | ---D | M] -- C:\Program Files\Avira
[2004/08/30 20:01:04 | 00,000,000 | ---D | M] -- C:\Program Files\AvRack
[2005/12/17 15:15:37 | 00,000,000 | ---D | M] -- C:\Program Files\B's Recorder GOLD7
[2006/06/17 14:32:33 | 00,000,000 | ---D | M] -- C:\Program Files\Buena Vista Games
[2009/04/22 12:14:54 | 00,000,000 | ---D | M] -- C:\Program Files\Bullfrog
[2006/01/28 19:02:40 | 00,000,000 | ---D | M] -- C:\Program Files\Code 27
[2009/10/07 18:48:53 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/10/09 18:43:17 | 00,000,000 | ---D | M] -- C:\Program Files\COMODO
[2004/08/30 19:02:35 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2004/08/30 20:33:21 | 00,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2005/02/08 17:20:59 | 00,000,000 | ---D | M] -- C:\Program Files\CyberLink DVD Solution
[2007/04/27 15:54:14 | 00,000,000 | ---D | M] -- C:\Program Files\EA GAMES
[2007/10/14 14:13:02 | 00,000,000 | ---D | M] -- C:\Program Files\EA SPORTS
[2007/07/14 16:21:09 | 00,000,000 | ---D | M] -- C:\Program Files\eGames
[2007/07/21 12:52:44 | 00,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2009/09/20 22:33:36 | 00,000,000 | ---D | M] -- C:\Program Files\erunt
[2008/03/03 12:59:01 | 00,000,000 | ---D | M] -- C:\Program Files\Experimental uninstall Sibelius Software
[2006/06/16 19:27:35 | 00,000,000 | ---D | M] -- C:\Program Files\Extended Systems
[2006/06/24 11:48:55 | 00,000,000 | ---D | M] -- C:\Program Files\Google
[2007/12/29 13:44:19 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/10/09 12:27:39 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/03/30 11:49:24 | 00,000,000 | ---D | M] -- C:\Program Files\Java
[2009/09/24 22:58:16 | 00,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2009/01/15 20:44:23 | 00,000,000 | ---D | M] -- C:\Program Files\LucasArts
[2009/09/27 19:45:24 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2006/01/08 12:20:14 | 00,000,000 | ---D | M] -- C:\Program Files\Maxis
[2009/10/09 18:41:43 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/09/17 08:10:08 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/10/01 10:36:39 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft AntiSpyware
[2004/08/30 19:05:40 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2007/10/14 16:19:27 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/09/23 12:53:14 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Home Publishing 2000
[2004/08/30 20:49:33 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2004/08/30 20:49:49 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/10/09 18:41:43 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/10/10 22:20:11 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2005/12/17 23:02:47 | 00,000,000 | ---D | M] -- C:\Program Files\MSI
[2004/08/30 19:02:07 | 00,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/08/30 19:01:55 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/08/06 12:26:00 | 00,000,000 | ---D | M] -- C:\Program Files\Neopsalmist
[2009/10/09 12:25:35 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2006/06/16 18:43:26 | 00,000,000 | ---D | M] -- C:\Program Files\Nokia
[2004/08/30 19:04:27 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/10/09 12:25:31 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2004/12/24 15:23:17 | 00,000,000 | ---D | M] -- C:\Program Files\PIXELA
[2007/12/29 13:56:07 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2004/08/30 20:01:04 | 00,000,000 | ---D | M] -- C:\Program Files\Realtek Sound Manager
[2009/03/02 08:59:23 | 00,000,000 | ---D | M] -- C:\Program Files\Sibelius Software
[2008/05/02 18:11:35 | 00,000,000 | ---D | M] -- C:\Program Files\Sony
[2004/12/24 15:22:35 | 00,000,000 | ---D | M] -- C:\Program Files\Sony Corporation
[2008/05/02 18:11:11 | 00,000,000 | ---D | M] -- C:\Program Files\Sony Setup
[2009/09/21 22:56:51 | 00,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2006/04/27 10:43:33 | 00,000,000 | ---D | M] -- C:\Program Files\Surreal
[2009/09/20 20:45:23 | 00,000,000 | ---D | M] -- C:\Program Files\SysRestorePoint
[2006/06/17 09:46:29 | 00,000,000 | ---D | M] -- C:\Program Files\The Creative Assembly
[2009/09/21 23:13:18 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2007/12/29 13:56:11 | 00,000,000 | ---D | M] -- C:\Program Files\Ubi Soft
[2004/08/30 19:16:40 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/01/18 16:56:58 | 00,000,000 | ---D | M] -- C:\Program Files\WIDCOMM
[2009/10/09 18:41:38 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/10/09 12:25:31 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/09/01 08:48:17 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2004/08/30 19:05:40 | 00,000,000 | ---D | M] -- C:\Program Files\xerox

< %systemroot%\system32\drivers\*.dat >

< %PROGRAMFILES%\*.* >
[2009/10/09 12:07:43 | 33,961,728 | ---- | M] () -- C:\Program Files\avira_antivir_personal_en.exe
[2009/10/09 11:01:40 | 40,519,952 | ---- | M] (COMODO) -- C:\Program Files\CIS_Setup_3.12.111745.560_XP_Vista_x32.exe
[2009/09/20 22:33:01 | 00,513,320 | ---- | M] () -- C:\Program Files\erunt.zip
[2009/09/21 23:13:09 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\HJTInstall.exe
[2003/12/19 20:36:56 | 00,040,960 | ---- | M] () -- C:\Program Files\Uninstall_CDS.exe

< %PROGRAMFILES%\*.exe >
[2009/10/09 12:07:43 | 33,961,728 | ---- | M] () -- C:\Program Files\avira_antivir_personal_en.exe
[2009/10/09 11:01:40 | 40,519,952 | ---- | M] (COMODO) -- C:\Program Files\CIS_Setup_3.12.111745.560_XP_Vista_x32.exe
[2009/09/21 23:13:09 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\HJTInstall.exe
[2003/12/19 20:36:56 | 00,040,960 | ---- | M] () -- C:\Program Files\Uninstall_CDS.exe

Invalid Environment Variable: DESKTOP

< %USERNAME%\*.exe >

< %USERPROFILE%\*.exe >

< %ALLUSERSPROFILE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMROOT%\*.exe >
[2003/11/21 10:56:36 | 00,139,264 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcrmv.exe
[2003/11/21 10:58:34 | 00,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe
[2004/08/04 09:56:49 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2000/08/31 08:00:00 | 00,080,412 | ---- | M] () -- C:\WINDOWS\grep.exe
[2005/05/27 01:22:01 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\hh.exe
[1998/10/29 17:45:06 | 00,306,688 | ---- | M] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2006/01/28 19:01:15 | 00,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2009/04/20 12:56:28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2004/08/04 09:56:54 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[1999/04/02 16:37:00 | 00,033,792 | R--- | M] (Electronic Arts) -- C:\WINDOWS\NPSExec.exe
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2004/08/04 09:56:55 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\regedit.exe
[2000/08/31 08:00:00 | 00,098,816 | ---- | M] () -- C:\WINDOWS\sed.exe
[2003/02/28 18:26:30 | 00,046,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\setdebug.exe
[2004/08/04 09:56:56 | 00,032,866 | ---- | M] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2003/12/19 11:53:18 | 00,065,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2000/08/31 08:00:00 | 00,161,792 | ---- | M] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2000/08/31 08:00:00 | 00,136,704 | ---- | M] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2000/08/31 08:00:00 | 00,212,480 | ---- | M] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2003/03/31 14:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2003/03/31 14:00:00 | 00,049,680 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_16.exe
[2003/03/31 14:00:00 | 00,025,600 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_32.exe
[1997/05/12 17:53:00 | 00,314,368 | ---- | M] (InstallShield Software Corporation) -- C:\WINDOWS\uninst.exe
[2005/04/20 13:32:57 | 02,916,352 | ---- | M] (Nero AG) -- C:\WINDOWS\UNNeroVision.exe
[2005/02/08 14:12:22 | 02,670,592 | ---- | M] (Nero AG) -- C:\WINDOWS\UNNMP.exe
[1999/11/10 11:05:00 | 00,086,016 | ---- | M] (MindVision) -- C:\WINDOWS\unvise32qt.exe
[2003/03/31 14:00:00 | 00,256,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhelp.exe
[2004/08/04 09:56:57 | 00,283,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhlp32.exe
[2000/08/31 08:00:00 | 00,068,096 | ---- | M] () -- C:\WINDOWS\zip.exe
[1 C:\WINDOWS\*.tmp files]

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system\*.exe >

< %systemroot%\AppPatch\*.exe >

< %systemroot%\Cache\*.exe >

< %systemroot%\Downloaded Program Files\*.exe >

< %systemroot%\Fonts\*.exe >

< %systemroot%\Help\*.exe >

< %APPDATA%\*.exe >
[2009/09/07 22:03:09 | 04,958,032 | ---- | M] (Perfect Software LLC) -- C:\Documents and Settings\Annalie\Application Data\pdinstall.exe

< %APPDATA%\Google\*.exe >

< %systemroot%\system32\inf\*.exe >

< %APPDATA%\Opera\Opera\profile\widgets\*.exe >

< %PROGRAMFILES%\Opera\program\plugins\*.exe >

< %APPDATA%\Opera\Opera\profile\toolbar\*.exe >

< %systemroot%\Web\*.exe >

< %systemroot%\Wbem\*.exe >

< %systemroot%\twain_32\*.exe >

< %systemroot%\WinSxS\*.exe >

< %systemroot%\Sun\*.exe >

< %systemroot%\srchasst\*.exe >

< %systemroot%\Shellnew\*.exe >

< %systemroot%\Security\*.exe >

< %systemroot%\Resources\*.exe >

< %systemroot%\Repair\*.exe >

< %systemroot%\Registration\*.exe >

< %systemroot%\RegisteredPackages\*.exe >

< %systemroot%\pss\*.exe >

< %systemroot%\Provisioning\*.exe >

< %systemroot%\PIF\*.exe >

< %systemroot%\PeerNet\*.exe >

< %systemroot%\PcTel\*.exe >

< %systemroot%\Offline Web Pages\*.exe >

< %systemroot%\network diagnostic\*.exe >

< %systemroot%\mui\*.exe >

< %systemroot%\msapps\*.exe >

< %systemroot%\msagent\*.exe >
[2004/08/04 09:56:47 | 00,256,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\msagent\agentsvr.exe

< %systemroot%\minidump\*.exe >

< %systemroot%\media\*.exe >

< %systemroot%\Help\*.exe >

< %systemroot%\ie7\*.exe >

< %systemroot%\ie7updates\*.exe >

< %systemroot%\ime\*.exe >

< %systemroot%\installer\*.exe >

< %systemroot%\internet logs\*.exe >

< %systemroot%\Cursors\*.exe >

< %systemroot%\Config\*.exe >

< %systemroot%\internet logs\*.exe >

< %systemroot%\Assembly\*.exe >

< %systemroot%\internet logs\*.exe >

< %systemroot%\AppPatch\*.exe >

< %systemroot%\l2schemas\*.exe >

< %systemroot%\Debug\*.exe >

< %systemroot%\ehome\*.exe >

< %systemroot%\Connection Wizard\*.exe >

< %systemroot%\system32\1025\*.exe >

< %systemroot%\system32\1028\*.exe >

< %systemroot%\system32\1031\*.exe >

< %systemroot%\system32\1033\*.exe >

< %systemroot%\system32\1037\*.exe >

< %systemroot%\system32\1041\*.exe >

< %systemroot%\system32\1042\*.exe >

< %systemroot%\system32\1054\*.exe >

< %systemroot%\system32\2052\*.exe >

< %systemroot%\system32\3076\*.exe >

< %systemroot%\system32\appmgmt\*.exe >

< %systemroot%\system32\bits\*.exe >

< %systemroot%\system32\catroot\*.exe >

< %systemroot%\system32\catroot2\*.exe >

< %systemroot%\system32\com\*.exe >
[2004/08/04 09:56:48 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\com\comrepl.exe
[2003/03/31 14:00:00 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\com\comrereg.exe

< %systemroot%\system32\config\*.exe >

< %systemroot%\system32\dhcp\*.exe >

< %systemroot%\system32\DirectX\*.exe >

< %systemroot%\system32\drvstore\*.exe >

< %systemroot%\system32\en\*.exe >

< %systemroot%\system32\en-us\*.exe >

< %systemroot%\system32\export\*.exe >

< %systemroot%\system32\GroupPolicy\*.exe >

< %systemroot%\system32\ias\*.exe >

< %systemroot%\system32\icsxml\*.exe >

< %systemroot%\system32\ime\*.exe >

< %systemroot%\system32\inetsrv\*.exe >

< %systemroot%\system32\LogFiles\*.exe >

< %systemroot%\system32\Macromed\*.exe >

< %systemroot%\system32\Microsoft\*.exe >

< %systemroot%\system32\Msdtc\*.exe >

< %systemroot%\system32\Mui\*.exe >

< %systemroot%\system32\npp\*.exe >
[2004/08/04 09:56:54 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\npp\nppagent.exe

< %systemroot%\system32\NtMsData\*.exe >

< %systemroot%\system32\oobe\*.exe >
[2003/03/31 14:00:00 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oobe\msoobe.exe
[2004/08/04 09:56:54 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oobe\oobebaln.exe

< %systemroot%\system32\PreInstall\*.exe >

< %systemroot%\system32\ras\*.exe >

< %systemroot%\system32\ReInstallBackups\*.exe >

< %systemroot%\system32\Restore\*.exe >
[2004/08/04 09:56:55 | 00,380,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Restore\rstrui.exe
[2003/03/31 14:00:00 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Restore\srdiag.exe

< %systemroot%\system32\Scripting\*.exe >

< %systemroot%\system32\Setup\*.exe >

< %systemroot%\system32\ShellExt\*.exe >

< %systemroot%\system32\SoftwareDistribution\*.exe >

< %systemroot%\system32\URTTEmp\*.exe >
[2003/02/21 05:16:08 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\URTTEmp\regtlib.exe

< %systemroot%\system32\USMT\*.exe >
[2004/08/04 09:56:50 | 00,103,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\USMT\migload.exe
[2004/08/04 09:56:51 | 00,240,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\USMT\migwiz.exe
[2004/08/04 09:56:51 | 00,236,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\USMT\migwiz_a.exe

< %systemroot%\system32\Wbem\*.exe >
[2004/08/04 09:56:51 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Wbem\mofcomp.exe
[2004/08/04 09:56:55 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Wbem\scrcons.exe
[2003/03/31 14:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Wbem\unsecapp.exe
[2004/08/04 09:56:57 | 00,116,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Wbem\wbemtest.exe
[2003/03/31 14:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Wbem\winmgmt.exe
[2004/08/04 09:56:57 | 00,196,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Wbem\wmiadap.exe
[2004/08/04 09:56:57 | 00,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Wbem\wmiapsrv.exe
[2004/08/04 09:56:57 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Wbem\wmiprvse.exe

< %systemroot%\system32\Wins\*.exe >

< %systemroot%\system32\Xircom\*.exe >

< %systemroot%\system32\XPSViewer\*.exe >

< %COMMONPROGRAMFILES%\*.exe >

< %APPDATA%\*.* >
[2008/09/25 11:56:05 | 00,038,434 | ---- | M] () -- C:\Documents and Settings\Annalie\Application Data\Comma Separated Values (Windows).ADR
[2004/08/30 20:51:32 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Annalie\Application Data\desktop.ini
[2009/09/07 22:03:09 | 04,958,032 | ---- | M] (Perfect Software LLC) -- C:\Documents and Settings\Annalie\Application Data\pdinstall.exe
[2008/09/25 11:47:09 | 00,038,432 | ---- | M] () -- C:\Documents and Settings\Annalie\Application Data\Tab Separated Values (Windows).ADR
[2009/09/28 00:38:07 | 00,002,119 | ---- | M] () -- C:\Documents and Settings\Annalie\Application Data\YQzcnqK5at.gif
[2009/09/28 00:38:07 | 00,000,598 | ---- | M] () -- C:\Documents and Settings\Annalie\Application Data\YQzcnqK5by.gif
[2009/09/28 00:38:07 | 00,000,607 | ---- | M] () -- C:\Documents and Settings\Annalie\Application Data\YQzcnqK5zn.gif

< %TEMP%\*.* >
[2009/10/10 11:28:27 | 00,008,989 | ---- | M] () -- C:\DOCUME~1\Annalie\LOCALS~1\Temp\au-descriptor-1.6.0_15-b71.xml
[2009/10/08 13:53:47 | 00,012,818 | ---- | M] () -- C:\DOCUME~1\Annalie\LOCALS~1\Temp\control.xml
[2009/10/09 15:57:18 | 00,803,158 | ---- | M] () -- C:\DOCUME~1\Annalie\LOCALS~1\Temp\dd_ATL80SP1_KB973923MSI70B6.txt
[2009/10/09 15:57:18 | 00,011,756 | ---- | M] () -- C:\DOCUME~1\Annalie\LOCALS~1\Temp\dd_ATL80SP1_KB973923UI70B6.txt
[2009/10/10 22:22:03 | 00,480,004 | ---- | M] () -- C:\DOCUME~1\Annalie\LOCALS~1\Temp\dd_vcredistMSI654F.txt
[2009/10/10 22:22:03 | 00,011,498 | ---- | M] () -- C:\DOCUME~1\Annalie\LOCALS~1\Temp\dd_vcredistUI654F.txt
[2009/10/09 16:41:44 | 00,000,291 | ---- | M] () -- C:\DOCUME~1\Annalie\LOCALS~1\Temp\java_install_reg.log
[2009/10/10 11:29:35 | 00,000,949 | ---- | M] () -- C:\DOCUME~1\Annalie\LOCALS~1\Temp\jinstall.cfg
[2009/09/23 22:15:37 | 00,714,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\DOCUME~1\Annalie\LOCALS~1\Temp\jre-6u15-windows-i586-iftw.exe
[2009/10/10 11:29:35 | 00,031,796 | ---- | M] () -- C:\DOCUME~1\Annalie\LOCALS~1\Temp\jusched.log
[2009/10/08 09:18:39 | 00,006,340 | ---- | M] () -- C:\DOCUME~1\Annalie\LOCALS~1\Temp\mccleanup.log
[15 C:\DOCUME~1\Annalie\LOCALS~1\Temp\*.tmp files]

< set /c >
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Annalie\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME-STUDY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Annalie
LOGONSERVER=\\HOME-STUDY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Annalie\LOCALS~1\Temp
TMP=C:\DOCUME~1\Annalie\LOCALS~1\Temp
USERDOMAIN=HOME-STUDY
USERNAME=Annalie
USERPROFILE=C:\Documents and Settings\Annalie
windir=C:\WINDOWS

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Annalie\Desktop\aaw2007.exe:SummaryInformation
< End of report >

###############################

There was only the log created in the previous run (Sept) in the Extras.Txt file - it seems this run created nothing new. Hope this is OK!

Thanks again!
Annalie

Rorschach112

Oct 10 2009, 11:15 PM

hows it running now

Rorschach112

Oct 13 2009, 05:14 PM

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.