Re this problem http://www.lavasoftsupport.com/index.php?showtopic=27331

I was told to post a Hijack this log on to here and maybe someone could help me.

Thanks in advance

Here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:21, on 16/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Xmarks\IE Extension\xmarkssync.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Sony\Content Transfer\ContentTransfer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Desktop\Hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FoxmarksDLLBHO - {A2A71ABA-3939-43B2-BD8F-8C1767EF9020} - C:\Program Files\Xmarks\IE Extension\foxmarksdll.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /ns
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\windows sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [Xmarks] C:\Program Files\Xmarks\IE Extension\xmarkssync.exe -q
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [NetMeter] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Newz Crawler - {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - C:\Program Files\NewzCrawler\News.exe
O9 - Extra 'Tools' menuitem: Newz Crawler - {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - C:\Program Files\NewzCrawler\News.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files\Xmarks\IE Extension\foxmarksdll.dll (HKCU)
O9 - Extra 'Tools' menuitem: Xmarks for IE... - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files\Xmarks\IE Extension\foxmarksdll.dll (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applicatio...torLauncher.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-29-0.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c99d18f856ec13) (gupdate1c99d18f856ec13) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: M4iPodWPDService - Mediafour Corporation - C:\Program Files\Common Files\Mediafour\iPod\M4iPodWPDService.exe
O23 - Service: MBQDQK - Mediafour Corporation - (no file)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP2c\RpcAgentSrv.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 15377 bytes

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt

Save both reports to your desktop. Post them back to your topic.

As instructed by the Hijack log forum, I was told that I needed to post this log on here.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-13.01)

Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 15/02/2008 12:51:38
System Uptime: 16/10/2009 10:50:13 (10 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | P35-DQ6
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 279.491 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1421: 09/10/2009 12:23:42 - Scheduled Checkpoint
RP1422: 10/10/2009 14:27:57 - Scheduled Checkpoint
RP1424: 10/10/2009 22:30:08 - Revo Uninstaller's restore point - SoundTaxi Media Suite 3.9.1
RP1426: 10/10/2009 22:32:07 - Revo Uninstaller's restore point - RipTiger 2.7.8
RP1427: 10/10/2009 22:48:17 - Installed Sky Player.
RP1429: 10/10/2009 23:21:06 - Revo Uninstaller's restore point - get_iplayer 2.2+
RP1430: 12/10/2009 11:30:21 - Scheduled Checkpoint
RP1431: 13/10/2009 17:09:20 - Scheduled Checkpoint
RP1433: 13/10/2009 22:13:06 - Revo Uninstaller's restore point - Ad-Aware
RP1434: 15/10/2009 22:43:16 - Scheduled Checkpoint
RP1435: 16/10/2009 15:45:31 - Installed Windows Installer Clean Up

==== Installed Programs ======================

#1 DVD Ripper 7.0
@BIOS
3-D Ultra Minigolf Adventures Deluxe
32 Bit HP CIO Components Installer
3D Fish School Screen Saver 4.8
3D Realistic Fireplace Screen Saver 3.4
3ivX MPEG-4 5.0.1 Video CODEC
4oD
80s Game With Martha Quinn
a-squared Free 4.0
Acrobat.com
Acronis Disk Director Suite
Acronis Migrate Easy
Acronis True Image Home
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 6.0
Adobe Reader 9
AI RoboForm (All Users)
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
Amic Email Backup v2.0
AnvSoft Flash to 3GP Converter 1.00
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression
ArcSoft Software Suite
Ashampoo Burning Studio 9.12
Ashampoo DVD Theme Pack 1
Ashampoo Movie Shrink & Burn 3.02
µTorrent
Audacity 1.2.6
AusLogics Disk Defrag
Auto Gordian Knot 2.40
Avanquest update
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
Azureus
BBC iPlayer Download Manager
BELKIN Bluetooth Software 6.0.1.4400
Bonjour
BufferChm
C3100
c3100_Help
CCleaner (remove only)
CDDRV_Installer
Choice Guard
CloneDVD2
Content Transfer
ConvertXtoDVD 2.2.3.258h
ConvertXtoDVD 2.99.9.600b
Copy
Coupon Printer
Destinations
DeviceManagementQFolder
Diskeeper 2009 Pro Premier
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DMIView B06.1227.01
DocProc
DocProcQFolder
Dream Aquarium
DreamMaker
Driver Genius Professional Edition
Driver Magician 3.30
DriverAgent by TouchStone Software
DVD Audio Ripper 4
DVD Decrypter (Remove Only)
DVD Ripper 4
DVDInfoPro
EasyTune5
eSupportQFolder
Face_Wizard B07.0509.01
Fax
FCleaner 1.2.3.801
Flickr Uploadr 3.1.3
FLV Player 2.0, build 24
Foxit Reader
GetFLV Pro 8.79
Google Earth
Google Earth Plug-in
Google Earth Pro
Google Gmail Notifier
Google Update Helper
GreedyTorrent v1.01 beta build 170
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Photosmart Essential
HP Photosmart.All-In-One Driver Software 8.0 .A
HP Update
HPProductAssistant
i-Cool
Identity Finder Home Edition
IE7Pro
Internet Download Manager
##nospam Configuration Utility
iTunes
J2SE Runtime Environment 5.0 Update 7
Java™ 6 Update 16
JMB36X Raid Configurer
Junk Mail filter update
jv16 PowerTools 2009
Kerio Visual C++ 2005 redistributable permanent package
Keynote Connector
KhalInstallWrapper
Logitech SetPoint
Logitech Updater
Magic Audio Recorder v5.3.7
MailWasher Pro
Malwarebytes' Anti-Malware
Media Manager for WALKMAN 1.2
Mega Manager
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft AutoRoute 2007
Microsoft Digital Image Library 9 - Blocker
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Money
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Photo Premium 10
Microsoft Picture It! Library 10
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Microsoft XML Parser
Moffsoft Calculator 2
Mozilla Firefox (3.5.3)
Mp3tag v2.44
MPEG Encoder 3
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Nero 8 Trial
neroxml
NetMeter 1.1.4 BETA
NewzCrawler 1.8 Final
Noise Ninja 2 (Standalone Version)
NVIDIA Drivers
O&O Defrag Professional Edition
Password Safe
Password Safe 3.13 for Windows
PDF-Viewer
PeerGuardian 2.0
PerfectDisk 10 Professional
PHOTOfunSTUDIO -viewer-
PixiePack Codec Pack
Plato DVD DivX Ripper 6.66
PlayFLV
PowerDVD
PowerDVD Ultra
PrintFolders 2.21
QuickSFV (Remove only)
QuickTime
RapidShare Manager
RealPlayer
RealSpeak Solo for UK English Emily
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Registry Mechanic 8.0
Revo Uninstaller 1.83
save2pc Pro 3.25
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Shockwave
SILKYPIX Developer Studio 3.0 SE
SiSoftware Sandra Professional Business XII.SP2c
Sky Player
Smart Defrag 1.11
Snagit 9.1.1
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Spotify
Spybot - Search & Destroy
Spyware Doctor 6.1
Spyware Terminator
Status
Sunbelt CounterSpy
SUPER © Version 2008.bld.30 (Mar 22, 2008)
SUPERAntiSpyware Free Edition
System Requirements Lab
Tag&Rename 3.5.3
Thermal Analysis Tool
TomTom HOME 2.7.1.1812
TomTom HOME Visual Studio Merge Modules
Toolbox
Total Recorder 7.0
TrayApp
Trojan Remover 6.7.1
Tunebite
TuneUp Utilities 2009
Ultimate Extras sounds from Microsoft® Tinker™
UnloadSupport
Unlocker 1.8.7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb973514)
VC 9.0 Runtime
VCRedistSetup
VersionTracker Pro Windows
VideoAvatar
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Virtual DJ - Atomix Productions
Vista Manager
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VisualRoute Lite Edition
VobSub v2.23 (Remove Only)
VoiceOver Kit
WD Firewire HID Driver
WebReg
Winamp
Winamp Essentials Pack
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Windows Media Recorder
Windows Sound Schemes
WinPcap 4.0.2
WinRAR archiver
WinZip 11.2
Works Upgrade
Xilisoft Video Converter Ultimate
Xmarks for IE
XPlay 3
XviD MPEG4 Video Codec (remove only)
Your Uninstaller! 2008 Version 6.0

==== Event Viewer Messages From Past Week ========

16/10/2009 19:53:45, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
16/10/2009 07:32:21, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt TfFsMon TfSysMon
16/10/2009 07:32:21, Error: Service Control Manager [7022] - The M4iPodWPDService service hung on starting.
16/10/2009 07:32:21, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the UPnP Device Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
16/10/2009 07:29:04, Error: volmgr [46] - Crash dump initialization failed!
15/10/2009 22:12:22, Error: PlugPlayManager [12] - The device 'SAMSUNG HD501LJ ATA Device' (IDE\DiskSAMSUNG_HD501LJ_________________________CR100-12\5&3905c2af&0&0.1.0) disappeared from the system without first being prepared for removal.
15/10/2009 19:32:24, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{DA33A5CD-09FE-4B0D-9933-277B9C8A4596} because another computer on the network has the same name. The server could not start.
15/10/2009 19:32:24, Error: netbt [4321] - The name "TALLY-PC :20" could not be registered on the interface with IP address 192.168.0.2. The computer with the IP address 192.168.0.5 did not allow the name to be claimed by this computer.
15/10/2009 19:32:21, Error: netbt [4321] - The name "TALLY-PC :0" could not be registered on the interface with IP address 192.168.0.2. The computer with the IP address 192.168.0.5 did not allow the name to be claimed by this computer.
14/10/2009 23:49:23, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
14/10/2009 23:49:10, Error: disk [15] - The device, \Device\Harddisk1\DR3, is not ready for access yet.
14/10/2009 23:49:10, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
10/10/2009 22:32:17, Error: Service Control Manager [7034] - The ElevatorService service terminated unexpectedly. It has done this 1 time(s).
09/10/2009 19:49:10, Error: Virtual Disk Service [1] - Unexpected failure. Error code: 2@02000018
09/10/2009 19:48:54, Error: disk [15] - The device, \Device\Harddisk1\DR7, is not ready for access yet.
09/10/2009 17:24:50, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on F: cannot be read.

==== End Of File ===========================

Please post dds.txt file contents too.

Oops sorry.

I have just run it again and here are them both.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-13.01)

Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 15/02/2008 12:51:38
System Uptime: 17/10/2009 07:48:23 (1 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | P35-DQ6
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 279.487 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1421: 09/10/2009 12:23:42 - Scheduled Checkpoint
RP1422: 10/10/2009 14:27:57 - Scheduled Checkpoint
RP1424: 10/10/2009 22:30:08 - Revo Uninstaller's restore point - SoundTaxi Media Suite 3.9.1
RP1426: 10/10/2009 22:32:07 - Revo Uninstaller's restore point - RipTiger 2.7.8
RP1427: 10/10/2009 22:48:17 - Installed Sky Player.
RP1429: 10/10/2009 23:21:06 - Revo Uninstaller's restore point - get_iplayer 2.2+
RP1430: 12/10/2009 11:30:21 - Scheduled Checkpoint
RP1431: 13/10/2009 17:09:20 - Scheduled Checkpoint
RP1433: 13/10/2009 22:13:06 - Revo Uninstaller's restore point - Ad-Aware
RP1434: 15/10/2009 22:43:16 - Scheduled Checkpoint
RP1435: 16/10/2009 15:45:31 - Installed Windows Installer Clean Up

==== Installed Programs ======================

#1 DVD Ripper 7.0
@BIOS
3-D Ultra Minigolf Adventures Deluxe
32 Bit HP CIO Components Installer
3D Fish School Screen Saver 4.8
3D Realistic Fireplace Screen Saver 3.4
3ivX MPEG-4 5.0.1 Video CODEC
4oD
80s Game With Martha Quinn
a-squared Free 4.0
Acrobat.com
Acronis Disk Director Suite
Acronis Migrate Easy
Acronis True Image Home
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 6.0
Adobe Reader 9
AI RoboForm (All Users)
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
Amic Email Backup v2.0
AnvSoft Flash to 3GP Converter 1.00
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression
ArcSoft Software Suite
Ashampoo Burning Studio 9.12
Ashampoo DVD Theme Pack 1
Ashampoo Movie Shrink & Burn 3.02
µTorrent
Audacity 1.2.6
AusLogics Disk Defrag
Auto Gordian Knot 2.40
Avanquest update
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
Azureus
BBC iPlayer Download Manager
BELKIN Bluetooth Software 6.0.1.4400
Bonjour
BufferChm
C3100
c3100_Help
CCleaner (remove only)
CDDRV_Installer
Choice Guard
CloneDVD2
Content Transfer
ConvertXtoDVD 2.2.3.258h
ConvertXtoDVD 2.99.9.600b
Copy
Coupon Printer
Destinations
DeviceManagementQFolder
Diskeeper 2009 Pro Premier
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DMIView B06.1227.01
DocProc
DocProcQFolder
Dream Aquarium
DreamMaker
Driver Genius Professional Edition
Driver Magician 3.30
DriverAgent by TouchStone Software
DVD Audio Ripper 4
DVD Decrypter (Remove Only)
DVD Ripper 4
DVDInfoPro
EasyTune5
eSupportQFolder
Face_Wizard B07.0509.01
Fax
FCleaner 1.2.3.801
Flickr Uploadr 3.1.3
FLV Player 2.0, build 24
Foxit Reader
GetFLV Pro 8.79
Google Earth
Google Earth Plug-in
Google Earth Pro
Google Gmail Notifier
Google Update Helper
GreedyTorrent v1.01 beta build 170
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Photosmart Essential
HP Photosmart.All-In-One Driver Software 8.0 .A
HP Update
HPProductAssistant
i-Cool
Identity Finder Home Edition
IE7Pro
Internet Download Manager
##nospam Configuration Utility
iTunes
J2SE Runtime Environment 5.0 Update 7
Java™ 6 Update 16
JMB36X Raid Configurer
Junk Mail filter update
jv16 PowerTools 2009
Kerio Visual C++ 2005 redistributable permanent package
Keynote Connector
KhalInstallWrapper
Logitech SetPoint
Logitech Updater
Magic Audio Recorder v5.3.7
MailWasher Pro
Malwarebytes' Anti-Malware
Media Manager for WALKMAN 1.2
Mega Manager
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft AutoRoute 2007
Microsoft Digital Image Library 9 - Blocker
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Money
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Photo Premium 10
Microsoft Picture It! Library 10
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Microsoft XML Parser
Moffsoft Calculator 2
Mozilla Firefox (3.5.3)
Mp3tag v2.44
MPEG Encoder 3
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Nero 8 Trial
neroxml
NetMeter 1.1.4 BETA
NewzCrawler 1.8 Final
Noise Ninja 2 (Standalone Version)
NVIDIA Drivers
O&O Defrag Professional Edition
Password Safe
Password Safe 3.13 for Windows
PDF-Viewer
PeerGuardian 2.0
PerfectDisk 10 Professional
PHOTOfunSTUDIO -viewer-
PixiePack Codec Pack
Plato DVD DivX Ripper 6.66
PlayFLV
PowerDVD
PowerDVD Ultra
PrintFolders 2.21
QuickSFV (Remove only)
QuickTime
RapidShare Manager
RealPlayer
RealSpeak Solo for UK English Emily
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Registry Mechanic 8.0
Revo Uninstaller 1.83
save2pc Pro 3.25
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Shockwave
SILKYPIX Developer Studio 3.0 SE
SiSoftware Sandra Professional Business XII.SP2c
Sky Player
Smart Defrag 1.11
Snagit 9.1.1
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Spotify
Spybot - Search & Destroy
Spyware Doctor 6.1
Spyware Terminator
Status
Sunbelt CounterSpy
SUPER © Version 2008.bld.30 (Mar 22, 2008)
SUPERAntiSpyware Free Edition
System Requirements Lab
Tag&Rename 3.5.3
Thermal Analysis Tool
TomTom HOME 2.7.1.1812
TomTom HOME Visual Studio Merge Modules
Toolbox
Total Recorder 7.0
TrayApp
Trojan Remover 6.7.1
Tunebite
TuneUp Utilities 2009
Ultimate Extras sounds from Microsoft® Tinker™
UnloadSupport
Unlocker 1.8.7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb973514)
VC 9.0 Runtime
VCRedistSetup
VersionTracker Pro Windows
VideoAvatar
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Virtual DJ - Atomix Productions
Vista Manager
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VisualRoute Lite Edition
VobSub v2.23 (Remove Only)
VoiceOver Kit
WD Firewire HID Driver
WebReg
Winamp
Winamp Essentials Pack
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Windows Media Recorder
Windows Sound Schemes
WinPcap 4.0.2
WinRAR archiver
WinZip 11.2
Works Upgrade
Xilisoft Video Converter Ultimate
Xmarks for IE
XPlay 3
XviD MPEG4 Video Codec (remove only)
Your Uninstaller! 2008 Version 6.0

==== Event Viewer Messages From Past Week ========

17/10/2009 07:51:59, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt TfFsMon TfSysMon
17/10/2009 07:51:59, Error: Service Control Manager [7022] - The M4iPodWPDService service hung on starting.
17/10/2009 07:51:59, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the UPnP Device Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
17/10/2009 07:49:24, Error: volmgr [46] - Crash dump initialization failed!
16/10/2009 19:53:45, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
15/10/2009 22:12:22, Error: PlugPlayManager [12] - The device 'SAMSUNG HD501LJ ATA Device' (IDE\DiskSAMSUNG_HD501LJ_________________________CR100-12\5&3905c2af&0&0.1.0) disappeared from the system without first being prepared for removal.
15/10/2009 19:32:24, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{DA33A5CD-09FE-4B0D-9933-277B9C8A4596} because another computer on the network has the same name. The server could not start.
15/10/2009 19:32:24, Error: netbt [4321] - The name "TALLY-PC :20" could not be registered on the interface with IP address 192.168.0.2. The computer with the IP address 192.168.0.5 did not allow the name to be claimed by this computer.
15/10/2009 19:32:21, Error: netbt [4321] - The name "TALLY-PC :0" could not be registered on the interface with IP address 192.168.0.2. The computer with the IP address 192.168.0.5 did not allow the name to be claimed by this computer.
14/10/2009 23:49:23, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
14/10/2009 23:49:10, Error: disk [15] - The device, \Device\Harddisk1\DR3, is not ready for access yet.
14/10/2009 23:49:10, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
10/10/2009 22:32:17, Error: Service Control Manager [7034] - The ElevatorService service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================






DDS (Ver_09-10-13.01) - NTFSx86
Run at 8:04:23.48 on 17/10/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.3582.2281 [GMT 1:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Sunbelt Software Sunbelt CounterSpy 2.5.1043 *disabled* (Outdated) {9817B764-AE4E-4B29-AEE7-725B7A50BD48}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Xmarks\IE Extension\xmarkssync.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Mediafour\iPod\M4iPodWPDService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\oodag.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Windows\System32\TUProgSt.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Sony\Content Transfer\ContentTransfer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP2c\RpcAgentSrv.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\Symconsent.exe
C:\Windows\system32\DllHost.exe
C:\Users\Desktop\Downloads\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearch Bar = Preserve
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FoxmarksDLLBHO Class: {a2a71aba-3939-43b2-bd8f-8c1767ef9020} - c:\program files\xmarks\ie extension\foxmarksdll.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: PDF-XChange Viewer IE-Plugin: {c5d07eb6-bbce-4dae-acbb-d13a8d28cb1f} - c:\program files\tracker software\pdf viewer\PDFXCviewIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [Xmarks] c:\program files\xmarks\ie extension\xmarkssync.exe -q
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [NetMeter] c:\program files\netmeter\NetMeter.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Skytel] Skytel.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
mRun: [AcronisTimounterMonitor] "c:\program files\acronis\trueimagehome\TimounterMonitor.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /ns
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bluetooth.lnk - c:\program files\belkin\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hp digital imaging monitor.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logitech setpoint.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Lookup on Merriam Webster
IE: Lookup on Wikipedia
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - c:\program files\newzcrawler\News.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\belkin\bluetooth software\btsendto_ie.htm
IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\users\tally\appdata\roaming\mozilla\firefox\profiles\wlfalu9w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\mozilla firefox\components\FFConnectorLauncher.dll
FF - component: c:\program files\mozilla firefox\components\FFSource.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -

============= SERVICES / DRIVERS ===============

R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2008-10-24 293632]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-7-31 206256]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2009-5-30 136744]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-5-20 20392]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-6-26 141312]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd0.fcl [2007-11-3 41456]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-11 124832]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-26 108289]
R2 M4iPodWPDService;M4iPodWPDService;c:\program files\common files\mediafour\ipod\M4iPodWPDService.exe [2008-10-6 211456]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra professional business xii.sp2c\RpcAgentSrv.exe [2008-10-19 98488]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-4-12 1153368]
R2 SymAFR;SymAFR;c:\windows\system32\drivers\SymAFR.sys [2008-10-23 15408]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-8-19 92008]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-8-1 604488]
R2 Viewpoint Service;Viewpoint Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-15 30152]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2008-4-17 120472]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;c:\program files\common files\acronis\acronis disk director\oss_reinstall_svc.exe [2007-2-22 2217416]
S2 gupdate1c99d18f856ec13;Google Update Service (gupdate1c99d18f856ec13);c:\program files\google\update\GoogleUpdate.exe [2009-3-4 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-2-11 13224]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [2008-1-16 62464]
S3 MBQDQK;MBQDQK; [x]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-7-31 64392]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-7-31 348752]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-10-13 22:17 <DIR> -cd-h--- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-13 22:17 <DIR> -cd-h--- c:\progra~2\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-13 07:13 69 a------- c:\windows\NeroDigital.ini
2009-10-10 23:18 <DIR> --d----- c:\users\tally\.get_iplayer
2009-10-10 22:48 <DIR> --d----- c:\programdata\Sky
2009-10-10 22:48 <DIR> --d----- c:\program files\Sky
2009-10-10 22:48 <DIR> --d----- c:\progra~2\Sky
2009-10-10 22:14 <DIR> --d----- c:\program files\FLVCodec
2009-10-10 22:14 <DIR> --d----- c:\program files\WinPcap
2009-10-10 22:14 <DIR> --d----- c:\program files\RipTiger
2009-10-10 22:13 <DIR> --d----- c:\users\tally\appdata\roaming\GetRightToGo
2009-10-10 17:36 640,512 a------- c:\windows\system32\gfbaksm.dat
2009-10-10 17:35 640,512 a------- c:\windows\system32\gfkernel.dll
2009-10-10 17:34 1,170,432 a------- c:\windows\system32\vbsgf.dll
2009-10-10 17:34 <DIR> --d----- c:\program files\GetFLV
2009-09-30 22:11 <DIR> --d----- c:\program files\VirtualDJ
2009-09-30 14:10 <DIR> --d----- c:\program files\Tracker Software
2009-09-30 14:08 <DIR> --d----- c:\users\tally\appdata\roaming\Foxit
2009-09-30 14:07 <DIR> --d----- c:\program files\Foxit Software
2009-09-30 13:59 <DIR> --d--r-- c:\users\tally\CD & DVD Covers
2009-09-30 13:50 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-30 08:22 <DIR> --d----- c:\program files\iPod

==================== Find3M ====================

2009-10-15 20:34 143,360 a------- c:\windows\inf\infstrng.dat
2009-10-15 20:34 86,016 a------- c:\windows\inf\infpub.dat
2009-10-03 13:23 5,924 a------- c:\users\tally\appdata\roaming\wklnhst.dat
2009-09-14 09:32 143,360 a------- c:\windows\inf\infstor.dat
2009-09-09 11:43 210,352 a------- c:\windows\system32\idmmbc.dll
2009-09-05 08:26 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-05 08:26 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-02 17:58 14,656 a------- c:\windows\gdrv.sys
2009-08-29 03:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-29 03:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-29 03:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-29 03:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-29 01:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 01:14 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-14 16:53 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 14:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:49 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 14:49 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 14:49 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:49 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 14:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:49 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 14:48 105,984 a------- c:\windows\system32\netiohlp.dll
2009-08-01 14:50 604,488 a------- c:\windows\system32\TUProgSt.exe
2009-08-01 14:50 361,288 a------- c:\windows\system32\TuneUpDefragService.exe
2009-07-27 09:10 25,158 a------- c:\users\tally\cc_20090727_091030.reg
2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-05-27 14:07 665,600 a------- c:\windows\inf\drvindex.dat
2008-09-22 23:30 32,265 a------- c:\program files\INSTALL.LOG
2008-04-19 08:30 30,615 a------- c:\users\tally\x.exe
2008-03-19 09:38 174 a--sh--- c:\program files\desktop.ini
2008-03-07 09:13 87,608 a------- c:\users\tally\appdata\roaming\inst.exe
2008-03-07 09:13 47,360 a------- c:\users\tally\appdata\roaming\pcouffin.sys
2008-02-19 00:36 87,608 a------- c:\users\tally\appdata\roaming\ezpinst.exe
2006-11-02 13:40 287,440 a------- c:\windows\inf\perflib409\perfi.dat
2006-11-02 13:40 287,440 a------- c:\windows\inf\perflib409\perfh.dat
2006-11-02 13:40 30,674 a------- c:\windows\inf\perflib409\perfd.dat
2006-11-02 13:40 30,674 a------- c:\windows\inf\perflib409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib00\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib00\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib00\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib00\perfc.dat
2006-04-12 11:13 12,640 a------- c:\users\tally\Passwords.dat
2001-09-28 18:00 243,200 a------- c:\program files\UNWISE.EXE
2008-02-21 20:51 2,048 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\lastalive0.dat
2008-02-21 20:51 2,048 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\lastalive1.dat
2009-06-13 09:15 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-13 09:15 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-13 09:15 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-01-25 11:45 23 a--sh--- c:\windows\system32\bbdfeaaceaa_z.dll
2009-01-25 11:29 23 a--sh--- c:\windows\system32\bddc_z.dll
2008-02-21 09:33 23 a--sh--- c:\windows\system32\ebaaee_r.dll
2006-05-03 11:06 163,328 a--shr-- c:\windows\system32\flvDX.dll
2007-02-21 12:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2007-12-17 14:43 27,648 a--sh--- c:\windows\system32\Smab0.dll

============= FINISH: 8:04:50.59 ===============

You seem to have P2P file sharing programs installed there. It's recommended to uninstall those.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

The site in your link seems to be down at present so I'll try later. Thanks very much for the help, its much appreciated.

They probably had some maintenance break there. Appears to be working now.

Here is the combo fix log:

ComboFix 09-10-19.02 - Tally 20/10/2009 15:31.1.4 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.3582.2242 [GMT 1:00]
Running from: c:\users\Tally\Desktop\Downloads\ComboFix.exe
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Sunbelt Software Sunbelt CounterSpy 2.5.1043 *disabled* (Outdated) {9817B764-AE4E-4B29-AEE7-725B7A50BD48}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
c:\program files\INSTALL.LOG
c:\users\Tally\AppData\Roaming\AD ON Multimedia
c:\users\Tally\AppData\Roaming\AD ON Multimedia\eBay Shortcuts\config.ini
c:\users\Tally\AppData\Roaming\Desktopicon
c:\users\Tally\AppData\Roaming\Desktopicon\config.ini
c:\users\Tally\AppData\Roaming\inst.exe
c:\users\Tally\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Free Edition.lnk
c:\users\Tally\x.exe
c:\windows\CouponPrinter.ocx
c:\windows\Installer\233d2f.msi
c:\windows\Installer\93642f.msi

.
((((((((((((((((((((((((( Files Created from 2009-09-20 to 2009-10-20 )))))))))))))))))))))))))))))))
.

2009-10-20 14:38 . 2009-10-20 14:38 -------- d-----w- c:\users\Leanne\AppData\Local\temp
2009-10-20 14:38 . 2009-10-20 14:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-13 21:17 . 2009-10-13 21:17 -------- dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-10 22:18 . 2009-10-10 22:18 -------- d-----w- c:\users\Tally\.get_iplayer
2009-10-10 21:48 . 2009-10-10 21:48 -------- d-----w- c:\programdata\Sky
2009-10-10 21:48 . 2009-10-10 21:48 -------- d-----w- c:\program files\Sky
2009-10-10 21:14 . 2009-10-10 21:14 -------- d-----w- c:\program files\FLVCodec
2009-10-10 21:14 . 2009-10-10 21:14 -------- d-----w- c:\program files\WinPcap
2009-10-10 21:14 . 2009-10-10 21:32 -------- d-----w- c:\program files\RipTiger
2009-10-10 21:13 . 2009-10-10 21:14 -------- d-----w- c:\users\Tally\AppData\Roaming\GetRightToGo
2009-10-10 16:36 . 2009-10-10 16:37 640512 ----a-w- c:\windows\system32\gfbaksm.dat
2009-10-10 16:35 . 2009-10-10 16:37 640512 ----a-w- c:\windows\system32\gfkernel.dll
2009-10-10 16:34 . 2009-10-10 16:36 -------- d-----w- c:\program files\GetFLV
2009-10-07 10:05 . 2009-10-07 10:05 232712 ----a-w- c:\windows\system32\PDBoot.exe
2009-09-30 21:11 . 2009-09-30 21:39 -------- d-----w- c:\program files\VirtualDJ
2009-09-30 13:10 . 2009-09-30 13:10 -------- d-----w- c:\program files\Tracker Software
2009-09-30 13:08 . 2009-09-30 13:08 -------- d-----w- c:\users\Tally\AppData\Roaming\Foxit
2009-09-30 13:07 . 2009-09-30 13:07 -------- d-----w- c:\program files\Foxit Software
2009-09-30 12:59 . 2009-10-14 07:27 -------- d-----r- c:\users\Tally\CD & DVD Covers
2009-09-30 12:57 . 2009-09-30 12:58 -------- d-----w- c:\users\Tally\AppData\Roaming\Apple Computer
2009-09-30 12:50 . 2009-09-30 12:50 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-30 07:22 . 2009-09-30 07:22 -------- d-----w- c:\program files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-20 14:30 . 2008-03-18 08:24 -------- d-----w- c:\users\Tally\AppData\Roaming\MailWasherPro
2009-10-19 23:01 . 2008-02-17 23:08 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-19 22:48 . 2008-02-17 23:21 -------- d-----w- c:\users\Tally\AppData\Roaming\Vso
2009-10-19 22:16 . 2008-02-17 09:47 -------- d-----w- c:\users\Tally\AppData\Roaming\DMCache
2009-10-19 21:15 . 2008-02-18 22:42 6530 ----a-w- c:\users\Tally\AppData\Roaming\wklnhst.dat
2009-10-19 15:12 . 2008-12-09 08:05 -------- d-----w- c:\program files\PeerGuardian2
2009-10-19 15:12 . 2008-12-04 11:39 -------- d-----w- c:\users\Tally\AppData\Roaming\uTorrent
2009-10-17 12:24 . 2009-07-31 21:28 -------- d-----w- c:\program files\Spyware Doctor
2009-10-16 14:48 . 2008-02-17 21:21 -------- d-----w- c:\programdata\Lavasoft
2009-10-16 14:47 . 2008-03-05 19:11 -------- d-----w- c:\program files\MSECACHE
2009-10-15 20:24 . 2009-05-11 22:18 -------- d-----w- c:\users\Tally\AppData\Roaming\Spotify
2009-10-13 21:14 . 2008-02-15 17:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-10 08:56 . 2008-02-18 22:57 -------- d-----w- c:\program files\Google
2009-10-02 06:59 . 2009-08-25 23:13 -------- d-----w- c:\program files\NetMeter
2009-10-01 20:11 . 2008-05-20 21:31 -------- d-----w- c:\programdata\iolo
2009-10-01 20:05 . 2008-05-20 21:31 -------- d-----w- c:\users\Tally\AppData\Roaming\iolo
2009-09-30 22:13 . 2008-02-15 12:58 112904 ----a-w- c:\users\Tally\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-30 12:50 . 2008-05-28 20:54 -------- d-----w- c:\program files\Java
2009-09-30 12:49 . 2009-06-25 08:52 -------- d-----w- c:\program files\IEPro
2009-09-30 07:23 . 2009-04-22 07:42 -------- d-----w- c:\program files\iTunes
2009-09-30 07:22 . 2008-02-18 23:00 -------- d-----w- c:\program files\Common Files\Apple
2009-09-17 21:00 . 2008-06-30 09:26 -------- d-----w- c:\program files\TagRename
2009-09-17 20:53 . 2009-07-19 22:28 -------- d-----w- c:\program files\Mp3tag
2009-09-14 22:28 . 2009-09-14 22:28 -------- d-----w- c:\program files\FireTrust
2009-09-14 08:38 . 2008-02-18 21:04 -------- d-----w- c:\program files\Sony Ericsson
2009-09-14 08:34 . 2008-02-15 13:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-14 08:14 . 2008-06-04 09:49 -------- d-----w- c:\programdata\Sony Ericsson
2009-09-14 07:58 . 2008-06-05 22:14 -------- d-----w- c:\users\Tally\AppData\Roaming\Sony
2009-09-14 07:54 . 2009-09-13 23:40 -------- d-----w- c:\program files\Chris Stroud
2009-09-12 12:30 . 2008-02-18 23:00 -------- d-----w- c:\programdata\Apple
2009-09-11 21:39 . 2008-02-16 23:33 -------- d-----w- c:\program files\Password Safe
2009-09-11 07:46 . 2009-09-11 07:46 -------- d-----w- c:\program files\##nospam Configuration Utility
2009-09-11 07:45 . 2009-09-11 07:45 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-11 07:44 . 2009-01-18 20:55 -------- d-----w- c:\program files\QuickTime
2009-09-10 22:47 . 2009-04-23 19:12 -------- d-----w- c:\program files\Internet Download Manager
2009-09-10 22:47 . 2008-04-13 20:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 22:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-10 22:41 . 2008-02-15 21:49 -------- d-----w- c:\programdata\Microsoft Help
2009-09-10 20:49 . 2008-07-22 08:44 -------- d-----w- c:\users\Tally\AppData\Roaming\Ashampoo
2009-09-09 10:43 . 2009-09-09 09:52 210352 ----a-w- c:\windows\system32\idmmbc.dll
2009-09-05 10:28 . 2009-09-05 10:28 -------- d-----w- c:\program files\jv16 PowerTools 2009
2009-09-05 07:26 . 2009-07-31 21:28 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-05 07:26 . 2009-09-05 07:26 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-02 16:58 . 2008-02-15 13:18 14656 ----a-w- c:\windows\gdrv.sys
2009-09-01 18:28 . 2009-09-01 18:28 31 ---ha-w- c:\windows\UKCpInfo.sys
2009-09-01 18:28 . 2009-09-01 18:28 -------- d-----w- c:\program files\Coupon Printer
2009-08-30 21:01 . 2009-08-30 21:01 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-08-30 19:41 . 2009-08-30 19:41 -------- d-----w- c:\programdata\TomTom
2009-08-30 19:38 . 2009-08-30 19:38 -------- d-----w- c:\users\Tally\AppData\Roaming\TomTom
2009-08-30 19:38 . 2009-08-30 19:38 -------- d-----w- c:\program files\TomTom International B.V
2009-08-30 19:38 . 2009-08-30 19:38 -------- d-----w- c:\program files\TomTom HOME 2
2009-08-29 14:40 . 2009-06-09 07:34 -------- d-----w- c:\program files\FCleaner
2009-08-29 00:27 . 2009-09-02 07:16 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 07:16 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 18:42 . 2009-08-28 18:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 18:42 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 13:41 . 2009-08-26 13:41 -------- d-----w- c:\program files\Avira
2009-08-26 13:41 . 2008-06-22 06:47 -------- d-----w- c:\programdata\Avira
2009-08-25 23:18 . 2009-08-25 23:13 -------- d-----w- c:\users\Tally\AppData\Roaming\NetMeter
2009-08-25 23:03 . 2009-08-25 23:03 -------- d-----w- c:\users\Tally\AppData\Roaming\USBSafelyRemove
2009-08-25 23:00 . 2009-08-25 23:00 -------- d-----w- c:\programdata\USBSRService
2009-08-25 21:58 . 2009-08-25 21:58 -------- d-----w- c:\program files\Alwil Software
2009-08-20 10:11 . 2009-08-20 10:11 73232 ----a-w- c:\windows\system32\drivers\DefragFs.sys
2009-08-14 16:27 . 2009-09-10 22:40 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 22:40 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 22:40 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 22:40 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 22:40 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 22:40 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 22:40 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 22:40 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 22:40 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 22:40 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 22:40 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-05 18:01 . 2009-08-05 18:01 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-08-01 13:50 . 2009-08-01 13:50 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-08-01 13:50 . 2009-08-01 13:50 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-28 15:33 . 2009-08-26 13:41 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-27 08:10 . 2009-07-27 08:10 25158 ----a-w- c:\users\Tally\cc_20090727_091030.reg
2001-09-28 17:00 . 2008-09-22 22:30 243200 ----a-w- c:\program files\UNWISE.EXE
2009-10-11 20:02 . 2009-10-11 20:02 149344 ----a-w- c:\program files\mozilla firefox\components\FFConnectorLauncher.dll
2009-10-11 20:02 . 2009-10-11 20:02 276320 ----a-w- c:\program files\mozilla firefox\components\FFSource.dll
2008-05-04 19:55 . 2008-02-17 08:40 120 --sha-w- c:\windows\S20D6ED6C(77).tmp
2008-05-04 19:55 . 2008-02-17 08:40 120 --sh--w- c:\windows\S20D6ED6C.tmp
2008-02-21 19:51 . 2008-02-21 19:06 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2008-02-21 19:51 . 2008-02-21 19:06 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2009-01-25 10:45 . 2009-01-25 10:45 23 --sha-w- c:\windows\System32\bbdfeaaceaa_z.dll
2009-01-25 10:29 . 2009-01-25 10:29 23 --sha-w- c:\windows\System32\bddc_z.dll
2008-02-21 08:33 . 2008-02-21 08:33 23 --sha-w- c:\windows\System32\ebaaee_r.dll
2006-05-03 10:06 . 2008-03-26 13:57 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2008-03-26 13:57 31232 --sh--r- c:\windows\System32\msfDX.dll
2007-12-17 13:43 . 2008-03-26 13:57 27648 --sha-w- c:\windows\System32\Smab0.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\windows sidebar\sidebar.exe" [2009-04-11 1233920]
"Xmarks"="c:\program files\Xmarks\IE Extension\xmarkssync.exe" [2009-05-08 1003520]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-07-18 160592]
"NetMeter"="c:\program files\NetMeter\NetMeter.exe" [2009-08-09 293888]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-09 2595792]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-09 909208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-22 13535776]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-01-23 423200]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-04-13 1822720]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-04-23 4435968]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Belkin\Bluetooth Software\BTTray.exe [2007-2-27 715568]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-28 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave"=DrvTrNTm.dll
"mixer"=DrvTrNTm.dll
"aux5"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck PDBoot.exeautocheck PDBoot.exeautocheck autochk *autocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSOODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSwitch

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"RunSpySweeperScheduleAtStartup"="c:\windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{5D09E0E7-B3E8-4A61-ACED-F1A89CACBA16}
"HP Software Update Client"=c:\program files\HP\HP Software Update\HPWUCli.exe
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EasyTuneV"=c:\program files\Gigabyte\ET5\ETcall.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvSvc"=RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"OODefragTray"=c:\windows\system32\oodtray.exe
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"BDRegion"=c:\program files\Cyberlink\Shared Files\brs.exe
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"StartupDelayer"="c:\program files\Startup Delayer\Startup Launcher.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=c:\program files\Google\Gmail Notifier\gnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:36,57,fe,cf,cc,de,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-638123338-1822242044-3064731778-1000]
"EnableNotificationsRef"=dword:00000002

R0 MDFSYSNT;MacDrive file system driver;c:\windows\System32\drivers\MDFSYSNT.SYS [24/10/2008 07:53 293632]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [31/07/2009 22:28 206256]
R1 CbFs;CbFs;c:\windows\System32\drivers\cbfs.sys [30/05/2009 08:55 136744]
R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\elrawdsk.sys [20/05/2008 22:39 20392]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/03/2009 15:07 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/03/2009 15:07 72944]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [26/06/2008 10:26 141312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26/08/2009 14:41 108289]
R2 M4iPodWPDService;M4iPodWPDService;c:\program files\Common Files\Mediafour\iPod\M4iPodWPDService.exe [06/10/2008 09:12 211456]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business XII.SP2c\RpcAgentSrv.exe [19/10/2008 08:46 98488]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [12/04/2009 22:07 1153368]
R2 SymAFR;SymAFR;c:\windows\System32\drivers\SymAFR.sys [23/10/2008 20:45 15408]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [19/08/2009 16:37 92008]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [01/08/2009 14:50 604488]
R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [15/03/2009 22:16 30152]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\System32\drivers\TotRec7.sys [17/04/2008 01:34 120472]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [22/02/2007 19:53 2217416]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 01:45 124832]
S2 gupdate1c99d18f856ec13;Google Update Service (gupdate1c99d18f856ec13);c:\program files\Google\Update\GoogleUpdate.exe [04/03/2009 23:31 133104]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [11/02/2009 09:27 13224]
S3 kvpndev;Kerio VPN adapter;c:\windows\System32\drivers\kvpndrv.sys [16/01/2008 09:59 62464]
S3 MBQDQK;MBQDQK; [x]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [06/11/2007 21:22 34064]
S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [31/07/2009 22:28 64392]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/03/2009 15:07 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [31/07/2009 22:28 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder

2009-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 22:31]

2009-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 22:31]

2009-10-20 c:\windows\Tasks\User_Feed_Synchronization-{5CF6F0F4-A371-46CA-A6D8-81A18C58F19A}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Lookup on Merriam Webster
IE: Lookup on Wikipedia
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - c:\program files\NewzCrawler\News.exe
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
FF - ProfilePath - c:\users\Tally\AppData\Roaming\Mozilla\Firefox\Profiles\wlfalu9w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\Mozilla Firefox\components\FFConnectorLauncher.dll
FF - component: c:\program files\Mozilla Firefox\components\FFSource.dll
FF - component: c:\users\Tally\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-20 15:39
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD0.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Bike Stuff]
"Order"=hex:08,00,00,00,02,00,00,00,e4,09,00,00,01,00,00,00,11,00,00,00,ba,00,
00,00,00,00,00,00,ac,00,32,00,cd,00,00,00,00,79,bd,d7,20,00,41,42,55,53,20,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Bookmarks Toolbar Folder]
"Order"=hex:08,00,00,00,02,00,00,00,00,0d,00,00,01,00,00,00,19,00,00,00,6e,00,
00,00,00,00,00,00,60,00,32,00,cd,00,00,00,00,74,93,b3,20,00,41,4f,4c,20,45,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Broadband speed testers]
"Order"=hex:08,00,00,00,02,00,00,00,b0,02,00,00,01,00,00,00,05,00,00,00,7e,00,
00,00,00,00,00,00,70,00,32,00,cd,00,00,00,00,c0,50,1f,20,00,42,54,20,53,70,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Broadband speed testers & Stuff]
"Order"=hex:08,00,00,00,02,00,00,00,48,03,00,00,01,00,00,00,06,00,00,00,7e,00,
00,00,00,00,00,00,70,00,32,00,cd,00,00,00,00,f6,4b,e1,20,00,42,54,20,53,70,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Desktop Wallpapers]
"Order"=hex:08,00,00,00,02,00,00,00,1e,04,00,00,01,00,00,00,07,00,00,00,86,00,
00,00,00,00,00,00,78,00,32,00,cd,00,00,00,00,1e,29,57,20,00,44,65,73,6b,74,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Disposible Email Address Sites]
"Order"=hex:08,00,00,00,02,00,00,00,9a,01,00,00,01,00,00,00,02,00,00,00,de,00,
00,00,00,00,00,00,d0,00,32,00,b0,00,00,00,3e,3b,6f,35,20,20,47,75,65,72,72,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \DVD, CD & Games]
"Order"=hex:08,00,00,00,02,00,00,00,9e,0f,00,00,01,00,00,00,1a,00,00,00,74,00,
00,00,00,00,00,00,66,00,31,00,00,00,00,00,9e,3a,d0,a8,10,20,4d,75,73,69,63,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \DVD, CD & Games\Music Searching]
"Order"=hex:08,00,00,00,02,00,00,00,16,01,00,00,01,00,00,00,02,00,00,00,68,00,
00,00,00,00,00,00,5a,00,32,00,cd,00,00,00,00,61,01,c6,20,00,44,69,73,63,6f,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer]
"Order"=hex:08,00,00,00,02,00,00,00,2a,73,00,00,01,00,00,00,c6,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,88,3e,d2,10,00,42,69,6b,65,20,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Bike Stuff]
"Order"=hex:08,00,00,00,02,00,00,00,e4,09,00,00,01,00,00,00,11,00,00,00,ba,00,
00,00,00,00,00,00,ac,00,32,00,cd,00,00,00,00,1e,e2,d7,20,00,41,42,55,53,20,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Desktop Wallpapers]
"Order"=hex:08,00,00,00,02,00,00,00,ba,04,00,00,01,00,00,00,08,00,00,00,9c,00,
00,00,07,00,00,00,8e,00,32,00,cd,00,00,00,00,5c,0a,21,20,00,44,65,73,6b,74,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Disposible Email Sites]
"Order"=hex:08,00,00,00,02,00,00,00,c4,01,00,00,01,00,00,00,02,00,00,00,de,00,
00,00,01,00,00,00,d0,00,32,00,cd,00,00,00,00,7f,7f,ed,20,00,47,75,65,72,72,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\DVD, CD & Games]
"Order"=hex:08,00,00,00,02,00,00,00,9e,0f,00,00,01,00,00,00,1a,00,00,00,74,00,
00,00,17,00,00,00,66,00,31,00,00,00,00,00,00,ee,0b,8f,10,00,4d,75,73,69,63,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\DVD, CD & Games\Music Searching]
"Order"=hex:08,00,00,00,02,00,00,00,e6,01,00,00,01,00,00,00,02,00,00,00,38,01,
00,00,01,00,00,00,2a,01,32,00,cd,00,00,00,00,a5,87,ed,20,00,44,69,73,63,6f,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Home Shopping]
"Order"=hex:08,00,00,00,02,00,00,00,ec,13,00,00,01,00,00,00,1d,00,00,00,72,00,
00,00,00,00,00,00,64,00,31,00,00,00,00,00,00,8d,34,3f,10,00,42,6c,61,6e,6b,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Home Shopping\Blank CDs DVDs]
"Order"=hex:08,00,00,00,02,00,00,00,ba,07,00,00,01,00,00,00,0d,00,00,00,84,00,
00,00,00,00,00,00,76,00,32,00,cd,00,00,00,00,69,1b,41,20,00,42,69,67,50,6f,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Home Shopping\Blank CDs, DVDs]
"Order"=hex:08,00,00,00,02,00,00,00,24,08,00,00,01,00,00,00,0e,00,00,00,84,00,
00,00,00,00,00,00,76,00,32,00,cd,00,00,00,00,12,63,f3,20,00,42,69,67,50,6f,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Home Shopping\Ink Cartridges]
"Order"=hex:08,00,00,00,02,00,00,00,e4,06,00,00,01,00,00,00,0b,00,00,00,a8,00,
00,00,00,00,00,00,9a,00,32,00,cd,00,00,00,00,a0,e9,e6,20,00,41,6d,61,7a,6f,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Home Shopping\PC & Camera Accessory Shops etc]
"Order"=hex:08,00,00,00,02,00,00,00,c0,10,00,00,01,00,00,00,19,00,00,00,c6,00,
00,00,00,00,00,00,b8,00,32,00,cd,00,00,00,00,2d,55,3a,20,00,31,6d,6f,72,65,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Leannes Sites]
"Order"=hex:08,00,00,00,02,00,00,00,a0,02,00,00,01,00,00,00,05,00,00,00,72,00,
00,00,01,00,00,00,64,00,32,00,cd,00,00,00,00,2c,bb,0e,20,00,44,6f,67,73,20,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Newspapers & Magazines]
"Order"=hex:08,00,00,00,02,00,00,00,68,03,00,00,01,00,00,00,06,00,00,00,9e,00,
00,00,00,00,00,00,90,00,32,00,cd,00,00,00,00,e0,99,39,20,00,48,6f,6d,65,20,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Newspapers & Magazines]
"Order"=hex:08,00,00,00,02,00,00,00,68,03,00,00,01,00,00,00,06,00,00,00,9e,00,
00,00,00,00,00,00,90,00,32,00,cd,00,00,00,00,d2,c6,47,20,00,48,6f,6d,65,20,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Old Stuff]
"Order"=hex:08,00,00,00,02,00,00,00,6a,04,00,00,01,00,00,00,07,00,00,00,e0,00,
00,00,00,00,00,00,d2,00,32,00,cd,00,00,00,00,ed,31,93,20,00,32,30,74,68,20,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Old TV Program Sites]
"Order"=hex:08,00,00,00,02,00,00,00,ce,03,00,00,01,00,00,00,06,00,00,00,86,00,
00,00,00,00,00,00,78,00,32,00,cd,00,00,00,00,8c,d8,0b,20,00,47,72,61,6e,67,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\PC Info & Computer Magazines]
"Order"=hex:08,00,00,00,02,00,00,00,06,1a,00,00,01,00,00,00,2b,00,00,00,ba,00,
00,00,00,00,00,00,ac,00,32,00,cd,00,00,00,00,2e,8e,84,20,00,37,36,20,57,61,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Playstation 3 & DS Lite]
"Order"=hex:08,00,00,00,02,00,00,00,ca,06,00,00,01,00,00,00,0a,00,00,00,a4,00,
00,00,08,00,00,00,96,00,32,00,cd,00,00,00,00,1f,51,7c,20,00,43,48,45,41,54,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Ringtones Phone Stuff]
"Order"=hex:08,00,00,00,02,00,00,00,c4,0b,00,00,01,00,00,00,0f,00,00,00,38,01,
00,00,00,00,00,00,2a,01,32,00,cd,00,00,00,00,6f,2c,ea,20,00,43,65,6c,6c,20,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Security Software]
"Order"=hex:08,00,00,00,02,00,00,00,16,02,00,00,01,00,00,00,03,00,00,00,a2,00,
00,00,00,00,00,00,94,00,32,00,cd,00,00,00,00,68,a6,1e,20,00,42,69,74,44,65,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Home Shopping]
"Order"=hex:08,00,00,00,02,00,00,00,f6,12,00,00,01,00,00,00,1b,00,00,00,74,00,
00,00,00,00,00,00,66,00,31,00,00,00,00,00,9e,3a,d0,a8,10,20,42,6c,61,6e,6b,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Home Shopping\Blank CDs, DVDs]
"Order"=hex:08,00,00,00,02,00,00,00,20,08,00,00,01,00,00,00,0e,00,00,00,84,00,
00,00,00,00,00,00,76,00,32,00,cd,00,00,00,00,11,09,c1,20,00,42,69,67,50,6f,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Home Shopping\Ink Cartridges]
"Order"=hex:08,00,00,00,02,00,00,00,e4,06,00,00,01,00,00,00,0b,00,00,00,a8,00,
00,00,00,00,00,00,9a,00,32,00,cd,00,00,00,00,26,9a,70,20,00,41,6d,61,7a,6f,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Home Shopping\PC & Camera Accessory Shops etc]
"Order"=hex:08,00,00,00,02,00,00,00,18,10,00,00,01,00,00,00,18,00,00,00,c6,00,
00,00,00,00,00,00,b8,00,32,00,cd,00,00,00,00,fa,4f,cd,20,00,31,6d,6f,72,65,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Leannes Sites]
"Order"=hex:08,00,00,00,02,00,00,00,a0,02,00,00,01,00,00,00,05,00,00,00,72,00,
00,00,00,00,00,00,64,00,32,00,cd,00,00,00,00,c8,3c,26,20,00,44,6f,67,73,20,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Links]
"Order"=hex:08,00,00,00,02,00,00,00,ea,14,00,00,01,00,00,00,2b,00,00,00,6e,00,
00,00,00,00,00,00,60,00,32,00,cd,00,00,00,00,17,75,f4,20,00,41,4f,4c,20,45,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Microsoft Websites]
"Order"=hex:08,00,00,00,02,00,00,00,24,03,00,00,01,00,00,00,06,00,00,00,7e,00,
00,00,00,00,00,00,70,00,32,00,cd,00,00,00,00,c3,c4,49,20,00,49,45,20,41,64,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \MSN Websites]
"Order"=hex:08,00,00,00,02,00,00,00,ae,02,00,00,01,00,00,00,06,00,00,00,5c,00,
00,00,04,00,00,00,4e,00,32,00,cd,00,00,00,00,15,aa,5c,20,00,4d,53,4e,2e,75,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Newspapers & Magazines]
"Order"=hex:08,00,00,00,02,00,00,00,68,03,00,00,01,00,00,00,06,00,00,00,9e,00,
00,00,00,00,00,00,90,00,32,00,cd,00,00,00,00,6c,e6,b0,20,00,48,6f,6d,65,20,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Old Stuff]
"Order"=hex:08,00,00,00,02,00,00,00,6a,04,00,00,01,00,00,00,07,00,00,00,e0,00,
00,00,00,00,00,00,d2,00,32,00,cd,00,00,00,00,be,46,93,20,00,32,30,74,68,20,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Old TV Program Sites]
"Order"=hex:08,00,00,00,02,00,00,00,ce,03,00,00,01,00,00,00,06,00,00,00,86,00,
00,00,00,00,00,00,78,00,32,00,cd,00,00,00,00,47,43,0e,20,00,47,72,61,6e,67,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \PC Info & Computer Magazines]
"Order"=hex:08,00,00,00,02,00,00,00,34,19,00,00,01,00,00,00,2a,00,00,00,ba,00,
00,00,00,00,00,00,ac,00,32,00,cd,00,00,00,00,6a,6f,94,20,00,37,36,20,57,61,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Playstation 3 & DS Lite]
"Order"=hex:08,00,00,00,02,00,00,00,66,07,00,00,01,00,00,00,0b,00,00,00,a4,00,
00,00,05,00,00,00,96,00,32,00,cd,00,00,00,00,94,31,cf,20,00,43,48,45,41,54,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Ringtones Phone Stuff]
"Order"=hex:08,00,00,00,02,00,00,00,0e,0b,00,00,01,00,00,00,0e,00,00,00,38,01,
00,00,00,00,00,00,2a,01,32,00,cd,00,00,00,00,fe,ad,7c,20,00,43,65,6c,6c,20,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Security Software]
"Order"=hex:08,00,00,00,02,00,00,00,16,02,00,00,01,00,00,00,03,00,00,00,a2,00,
00,00,00,00,00,00,94,00,32,00,cd,00,00,00,00,d5,33,cd,20,00,42,69,74,44,65,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Windows Live]
"Order"=hex:08,00,00,00,02,00,00,00,32,02,00,00,01,00,00,00,04,00,00,00,84,00,
00,00,00,00,00,00,76,00,32,00,cd,00,00,00,00,b9,4a,bb,20,00,47,65,74,20,57,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):08,eb,e5,a5,d6,18,c8,2e,c2,9d,43,4a,37,f8,95,cb,c6,54,86,6a,4d,
95,af,27,d7,61,6a,5c,a8,12,9d,d7,7a,69,d0,61,b1,b3,be,12,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000_Classes\CLSID\{b97d7b0b-e2ae-48e5-a436-cb208140e0de}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000007d
"Therad"=dword:00000014
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,74,2c,31,ae,81,3f,2a,55,57,fe,fe,cd,92,73,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}00\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}01\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}02\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}03\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}04\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}05\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}06\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{38119b75-bbac-4053-bc45-60afafc22822}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:08020054
"Dhcpv6State"=dword:00000000
"NameServer"=""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{6c699874-32a1-49a9-b308-f678e8eb0b24}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{a186746b-87d2-4209-81d8-3e684e130f2e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f000a3a
"Dhcpv6State"=dword:00000000
"NameServer"=""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{da33a5cd-09fe-4b0d-9933-277b9c8a4596}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001a4d
"Dhcpv6State"=dword:00000000
"NameServer"=""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ee7ca0e6-e377-4523-a2b3-257de88ade5c}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\relog_ap.dll
.
Completion time: ~,10time:~,-3
ComboFix-quarantined-files.txt 2009-10-20 14:40

Pre-Run: 308,547,059,712 bytes free
Post-Run: 308,552,007,680 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7,19
- - End Of File - - 3B28D7BBD0B793947068C9B449B91BE9








Here is the DDS log:


DDS (Ver_09-10-13.01) - NTFSx86
Run by Tally at 16:02:33.32 on 20/10/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.3582.2104 [GMT 1:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Sunbelt Software Sunbelt CounterSpy 2.5.1043 *disabled* (Outdated) {9817B764-AE4E-4B29-AEE7-725B7A50BD48}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Xmarks\IE Extension\xmarkssync.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Mediafour\iPod\M4iPodWPDService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\oodag.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Windows\System32\TUProgSt.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony\Content Transfer\ContentTransfer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP2c\RpcAgentSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Windows\system32\Symconsent.exe
C:\Windows\system32\DllHost.exe
C:\Users\Tally\Desktop\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FoxmarksDLLBHO Class: {a2a71aba-3939-43b2-bd8f-8c1767ef9020} - c:\program files\xmarks\ie extension\foxmarksdll.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: PDF-XChange Viewer IE-Plugin: {c5d07eb6-bbce-4dae-acbb-d13a8d28cb1f} - c:\program files\tracker software\pdf viewer\PDFXCviewIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [Xmarks] c:\program files\xmarks\ie extension\xmarkssync.exe -q
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [NetMeter] c:\program files\netmeter\NetMeter.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Skytel] Skytel.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
mRun: [AcronisTimounterMonitor] "c:\program files\acronis\trueimagehome\TimounterMonitor.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /ns
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bluetooth.lnk - c:\program files\belkin\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hp digital imaging monitor.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logitech setpoint.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Lookup on Merriam Webster
IE: Lookup on Wikipedia
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - c:\program files\newzcrawler\News.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\belkin\bluetooth software\btsendto_ie.htm
IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\users\tally\appdata\roaming\mozilla\firefox\profiles\wlfalu9w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\mozilla firefox\components\FFConnectorLauncher.dll
FF - component: c:\program files\mozilla firefox\components\FFSource.dll
FF - component: c:\users\tally\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -

============= SERVICES / DRIVERS ===============

R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2008-10-24 293632]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-7-31 206256]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2009-5-30 136744]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-5-20 20392]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-6-26 141312]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd0.fcl [2007-11-3 41456]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-26 108289]
R2 M4iPodWPDService;M4iPodWPDService;c:\program files\common files\mediafour\ipod\M4iPodWPDService.exe [2008-10-6 211456]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra professional business xii.sp2c\RpcAgentSrv.exe [2008-10-19 98488]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-4-12 1153368]
R2 SymAFR;SymAFR;c:\windows\system32\drivers\SymAFR.sys [2008-10-23 15408]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-8-19 92008]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-8-1 604488]
R2 Viewpoint Service;Viewpoint Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-15 30152]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2008-4-17 120472]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;c:\program files\common files\acronis\acronis disk director\oss_reinstall_svc.exe [2007-2-22 2217416]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-11 124832]
S2 gupdate1c99d18f856ec13;Google Update Service (gupdate1c99d18f856ec13);c:\program files\google\update\GoogleUpdate.exe [2009-3-4 133104]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-2-11 13224]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [2008-1-16 62464]
S3 MBQDQK;MBQDQK; [x]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-7-31 64392]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-7-31 348752]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-10-20 15:30 236,544 a------- c:\windows\PEV.exe
2009-10-20 15:30 161,792 a------- c:\windows\SWREG.exe
2009-10-20 15:30 98,816 a------- c:\windows\sed.exe
2009-10-20 15:30 <DIR> --d----- C:\ComboFix
2009-10-13 22:17 <DIR> -cd-h--- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-13 22:17 <DIR> -cd-h--- c:\progra~2\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-13 07:13 69 a------- c:\windows\NeroDigital.ini
2009-10-10 23:18 <DIR> --d----- c:\users\tally\.get_iplayer
2009-10-10 22:48 <DIR> --d----- c:\programdata\Sky
2009-10-10 22:48 <DIR> --d----- c:\program files\Sky
2009-10-10 22:48 <DIR> --d----- c:\progra~2\Sky
2009-10-10 22:14 <DIR> --d----- c:\program files\FLVCodec
2009-10-10 22:14 <DIR> --d----- c:\program files\WinPcap
2009-10-10 22:14 <DIR> --d----- c:\program files\RipTiger
2009-10-10 22:13 <DIR> --d----- c:\users\tally\appdata\roaming\GetRightToGo
2009-10-10 17:36 640,512 a------- c:\windows\system32\gfbaksm.dat
2009-10-10 17:35 640,512 a------- c:\windows\system32\gfkernel.dll
2009-10-10 17:34 <DIR> --d----- c:\program files\GetFLV
2009-10-07 11:05 232,712 a------- c:\windows\system32\PDBoot.exe
2009-09-30 22:11 <DIR> --d----- c:\program files\VirtualDJ
2009-09-30 14:10 <DIR> --d----- c:\program files\Tracker Software
2009-09-30 14:08 <DIR> --d----- c:\users\tally\appdata\roaming\Foxit
2009-09-30 14:07 <DIR> --d----- c:\program files\Foxit Software
2009-09-30 13:59 <DIR> --d--r-- c:\users\tally\CD & DVD Covers
2009-09-30 13:50 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-30 08:22 <DIR> --d----- c:\program files\iPod

==================== Find3M ====================

2009-10-19 22:15 6,530 a------- c:\users\tally\appdata\roaming\wklnhst.dat
2009-10-15 20:34 143,360 a------- c:\windows\inf\infstrng.dat
2009-10-15 20:34 86,016 a------- c:\windows\inf\infpub.dat
2009-09-14 09:32 143,360 a------- c:\windows\inf\infstor.dat
2009-09-09 11:43 210,352 a------- c:\windows\system32\idmmbc.dll
2009-09-05 08:26 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-05 08:26 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-02 17:58 14,656 a------- c:\windows\gdrv.sys
2009-08-29 03:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-29 03:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-29 03:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-29 03:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-29 01:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 01:14 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-14 16:53 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 14:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:49 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 14:49 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 14:49 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:49 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 14:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:49 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 14:48 105,984 a------- c:\windows\system32\netiohlp.dll
2009-08-01 14:50 604,488 a------- c:\windows\system32\TUProgSt.exe
2009-08-01 14:50 361,288 a------- c:\windows\system32\TuneUpDefragService.exe
2009-07-27 09:10 25,158 a------- c:\users\tally\cc_20090727_091030.reg
2009-05-27 14:07 665,600 a------- c:\windows\inf\drvindex.dat
2008-03-19 09:38 174 a--sh--- c:\program files\desktop.ini
2008-03-07 09:13 47,360 a------- c:\users\tally\appdata\roaming\pcouffin.sys
2008-02-19 00:36 87,608 a------- c:\users\tally\appdata\roaming\ezpinst.exe
2006-11-02 13:40 287,440 a------- c:\windows\inf\perflib409\perfi.dat
2006-11-02 13:40 287,440 a------- c:\windows\inf\perflib409\perfh.dat
2006-11-02 13:40 30,674 a------- c:\windows\inf\perflib409\perfd.dat
2006-11-02 13:40 30,674 a------- c:\windows\inf\perflib409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib00\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib00\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib00\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib00\perfc.dat
2006-04-12 11:13 12,640 a------- c:\users\tally\Passwords.dat
2001-09-28 18:00 243,200 a------- c:\program files\UNWISE.EXE
2008-02-21 20:51 2,048 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\lastalive0.dat
2008-02-21 20:51 2,048 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\lastalive1.dat
2009-06-13 09:15 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-13 09:15 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-13 09:15 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-01-25 11:45 23 a--sh--- c:\windows\system32\bbdfeaaceaa_z.dll
2009-01-25 11:29 23 a--sh--- c:\windows\system32\bddc_z.dll
2008-02-21 09:33 23 a--sh--- c:\windows\system32\ebaaee_r.dll
2006-05-03 11:06 163,328 a--shr-- c:\windows\system32\flvDX.dll
2007-02-21 12:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2007-12-17 14:43 27,648 a--sh--- c:\windows\system32\Smab0.dll

============= FINISH: 16:03:02.79 ===============

Hi,



Show hidden files (Vista)
-----------------
1. Open Folder Options by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
2. Click the View tab.
3. Under Advanced settings, click Show hidden files and folders, and then click OK.

Upload these files to http://www.virustotal.com and post back the results:
c:\windows\System32\bbdfeaaceaa_z.dll
c:\windows\System32\bddc_z.dll
c:\windows\System32\ebaaee_r.dll

Thanks Blade81 for the help its appreciated.

I have done as you mentioned above about showing hidden files, I have looked in the locations that you mentioned above, but there are no files with those names. I have even searched the whole computer for them, but there were none found.

Hi,

Ok. We'll see if those files are gone or if they're hiding deeper

Uninstall NetMeter.


Open notepad and copy/paste the text in the quotebox below into it:




Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (9.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Uninstall your current Adobe shockwave player and get the fresh one here if needed.

Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.


Uninstall this vulnerable Java:
J2SE Runtime Environment 5.0 Update 7


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


* Go here to run an online scanner from ESET.

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• Make sure that the option Remove found threats is UNchecked.
• Click Scan
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Thanks immensely for the help :)

I Installed Adobe reader 9.2
I Installed Adobe shockwave player
My Flash was up to date
I uninstalled the J2SE Runtime Enviroment 5.0 Update 7



Here is the result of the ESET scanner:

ESETSmartInstaller@High as downloader log:
all ok
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=caf6a214efa59545af241716a58cbec7
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-21 07:38:17
# local_time=2009-10-21 08:38:17 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 61 100 100 30182779452
# compatibility_mode=5889 61 66 100 553823785850960
# compatibility_mode=7937 61 100 100 416382912872118
# scanned=18168
# found=0
# cleaned=0
# scan_time=401
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=caf6a214efa59545af241716a58cbec7
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-21 07:43:32
# local_time=2009-10-21 08:43:32 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 61 100 100 33336406482
# compatibility_mode=5889 61 66 100 553826939477990
# compatibility_mode=7937 61 100 100 416386066499148
# scanned=18168
# found=0
# cleaned=0
# scan_time=278






Here is the results of the Combofix log:

ComboFix 09-10-19.02 - Tally 21/10/2009 8:48.2.4 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.3582.2107 [GMT 1:00]
Running from: c:\users\Tally\Desktop\Downloads\ComboFix.exe
Command switches used :: c:\users\Tally\Desktop\CFScript.txt
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Sunbelt Software Sunbelt CounterSpy 2.5.1043 *disabled* (Outdated) {9817B764-AE4E-4B29-AEE7-725B7A50BD48}

file zipped: c:\windows\System32\bbdfeaaceaa_z.dll
file zipped: c:\windows\System32\bddc_z.dll
file zipped: c:\windows\System32\ebaaee_r.dll
.
ADS - Windows: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\NetMeter
c:\program files\NetMeter\NetMeter.exe
c:\program files\NetMeter\NetMeter.tlg
c:\windows\System32\bbdfeaaceaa_z.dll
c:\windows\System32\bddc_z.dll
c:\windows\System32\ebaaee_r.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MBQDQK


((((((((((((((((((((((((( Files Created from 2009-09-21 to 2009-10-21 )))))))))))))))))))))))))))))))
.

2009-10-21 07:55 . 2009-10-21 07:55 -------- d-----w- c:\users\Leanne\AppData\Local\temp
2009-10-21 07:55 . 2009-10-21 07:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-21 07:27 . 2009-10-21 07:27 -------- d-----w- c:\windows\system32\Adobe
2009-10-13 21:17 . 2009-10-13 21:17 -------- dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-10 22:18 . 2009-10-10 22:18 -------- d-----w- c:\users\Tally\.get_iplayer
2009-10-10 21:48 . 2009-10-10 21:48 -------- d-----w- c:\programdata\Sky
2009-10-10 21:48 . 2009-10-10 21:48 -------- d-----w- c:\program files\Sky
2009-10-10 21:14 . 2009-10-10 21:14 -------- d-----w- c:\program files\FLVCodec
2009-10-10 21:14 . 2009-10-10 21:14 -------- d-----w- c:\program files\WinPcap
2009-10-10 21:14 . 2009-10-10 21:32 -------- d-----w- c:\program files\RipTiger
2009-10-10 21:13 . 2009-10-10 21:14 -------- d-----w- c:\users\Tally\AppData\Roaming\GetRightToGo
2009-10-10 16:36 . 2009-10-10 16:37 640512 ----a-w- c:\windows\system32\gfbaksm.dat
2009-10-10 16:35 . 2009-10-10 16:37 640512 ----a-w- c:\windows\system32\gfkernel.dll
2009-10-10 16:34 . 2009-10-10 16:36 -------- d-----w- c:\program files\GetFLV
2009-10-07 10:05 . 2009-10-07 10:05 232712 ----a-w- c:\windows\system32\PDBoot.exe
2009-09-30 21:11 . 2009-09-30 21:39 -------- d-----w- c:\program files\VirtualDJ
2009-09-30 13:10 . 2009-09-30 13:10 -------- d-----w- c:\program files\Tracker Software
2009-09-30 13:08 . 2009-09-30 13:08 -------- d-----w- c:\users\Tally\AppData\Roaming\Foxit
2009-09-30 13:07 . 2009-09-30 13:07 -------- d-----w- c:\program files\Foxit Software
2009-09-30 12:59 . 2009-10-14 07:27 -------- d-----r- c:\users\Tally\CD & DVD Covers
2009-09-30 12:57 . 2009-09-30 12:58 -------- d-----w- c:\users\Tally\AppData\Roaming\Apple Computer
2009-09-30 12:50 . 2009-09-30 12:50 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-30 07:22 . 2009-09-30 07:22 -------- d-----w- c:\program files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 07:55 . 2008-02-17 23:08 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-21 07:38 . 2008-03-18 08:24 -------- d-----w- c:\users\Tally\AppData\Roaming\MailWasherPro
2009-10-21 07:25 . 2008-02-17 23:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-21 07:12 . 2008-05-28 20:54 -------- d-----w- c:\program files\Java
2009-10-19 22:48 . 2008-02-17 23:21 -------- d-----w- c:\users\Tally\AppData\Roaming\Vso
2009-10-19 22:16 . 2008-02-17 09:47 -------- d-----w- c:\users\Tally\AppData\Roaming\DMCache
2009-10-19 21:15 . 2008-02-18 22:42 6530 ----a-w- c:\users\Tally\AppData\Roaming\wklnhst.dat
2009-10-19 15:12 . 2008-12-09 08:05 -------- d-----w- c:\program files\PeerGuardian2
2009-10-19 15:12 . 2008-12-04 11:39 -------- d-----w- c:\users\Tally\AppData\Roaming\uTorrent
2009-10-17 12:24 . 2009-07-31 21:28 -------- d-----w- c:\program files\Spyware Doctor
2009-10-16 14:48 . 2008-02-17 21:21 -------- d-----w- c:\programdata\Lavasoft
2009-10-16 14:47 . 2008-03-05 19:11 -------- d-----w- c:\program files\MSECACHE
2009-10-15 20:24 . 2009-05-11 22:18 -------- d-----w- c:\users\Tally\AppData\Roaming\Spotify
2009-10-13 21:14 . 2008-02-15 17:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-10 08:56 . 2008-02-18 22:57 -------- d-----w- c:\program files\Google
2009-10-01 20:11 . 2008-05-20 21:31 -------- d-----w- c:\programdata\iolo
2009-10-01 20:05 . 2008-05-20 21:31 -------- d-----w- c:\users\Tally\AppData\Roaming\iolo
2009-09-30 22:13 . 2008-02-15 12:58 112904 ----a-w- c:\users\Tally\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-30 12:49 . 2009-06-25 08:52 -------- d-----w- c:\program files\IEPro
2009-09-30 07:23 . 2009-04-22 07:42 -------- d-----w- c:\program files\iTunes
2009-09-30 07:22 . 2008-02-18 23:00 -------- d-----w- c:\program files\Common Files\Apple
2009-09-17 21:00 . 2008-06-30 09:26 -------- d-----w- c:\program files\TagRename
2009-09-17 20:53 . 2009-07-19 22:28 -------- d-----w- c:\program files\Mp3tag
2009-09-14 22:28 . 2009-09-14 22:28 -------- d-----w- c:\program files\FireTrust
2009-09-14 08:38 . 2008-02-18 21:04 -------- d-----w- c:\program files\Sony Ericsson
2009-09-14 08:34 . 2008-02-15 13:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-14 08:14 . 2008-06-04 09:49 -------- d-----w- c:\programdata\Sony Ericsson
2009-09-14 07:58 . 2008-06-05 22:14 -------- d-----w- c:\users\Tally\AppData\Roaming\Sony
2009-09-14 07:54 . 2009-09-13 23:40 -------- d-----w- c:\program files\Chris Stroud
2009-09-12 12:30 . 2008-02-18 23:00 -------- d-----w- c:\programdata\Apple
2009-09-11 21:39 . 2008-02-16 23:33 -------- d-----w- c:\program files\Password Safe
2009-09-11 07:46 . 2009-09-11 07:46 -------- d-----w- c:\program files\##nospam Configuration Utility
2009-09-11 07:45 . 2009-09-11 07:45 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-11 07:44 . 2009-01-18 20:55 -------- d-----w- c:\program files\QuickTime
2009-09-10 22:47 . 2009-04-23 19:12 -------- d-----w- c:\program files\Internet Download Manager
2009-09-10 22:47 . 2008-04-13 20:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 22:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-10 22:41 . 2008-02-15 21:49 -------- d-----w- c:\programdata\Microsoft Help
2009-09-10 20:49 . 2008-07-22 08:44 -------- d-----w- c:\users\Tally\AppData\Roaming\Ashampoo
2009-09-09 10:43 . 2009-09-09 09:52 210352 ----a-w- c:\windows\system32\idmmbc.dll
2009-09-05 10:28 . 2009-09-05 10:28 -------- d-----w- c:\program files\jv16 PowerTools 2009
2009-09-05 07:26 . 2009-07-31 21:28 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-05 07:26 . 2009-09-05 07:26 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-02 16:58 . 2008-02-15 13:18 14656 ----a-w- c:\windows\gdrv.sys
2009-09-01 18:28 . 2009-09-01 18:28 31 ---ha-w- c:\windows\UKCpInfo.sys
2009-09-01 18:28 . 2009-09-01 18:28 -------- d-----w- c:\program files\Coupon Printer
2009-08-30 21:01 . 2009-08-30 21:01 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-08-30 19:41 . 2009-08-30 19:41 -------- d-----w- c:\programdata\TomTom
2009-08-30 19:38 . 2009-08-30 19:38 -------- d-----w- c:\users\Tally\AppData\Roaming\TomTom
2009-08-30 19:38 . 2009-08-30 19:38 -------- d-----w- c:\program files\TomTom International B.V
2009-08-30 19:38 . 2009-08-30 19:38 -------- d-----w- c:\program files\TomTom HOME 2
2009-08-29 14:40 . 2009-06-09 07:34 -------- d-----w- c:\program files\FCleaner
2009-08-29 00:27 . 2009-09-02 07:16 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 07:16 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 18:42 . 2009-08-28 18:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 18:42 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 13:41 . 2009-08-26 13:41 -------- d-----w- c:\program files\Avira
2009-08-26 13:41 . 2008-06-22 06:47 -------- d-----w- c:\programdata\Avira
2009-08-25 23:18 . 2009-08-25 23:13 -------- d-----w- c:\users\Tally\AppData\Roaming\NetMeter
2009-08-25 23:03 . 2009-08-25 23:03 -------- d-----w- c:\users\Tally\AppData\Roaming\USBSafelyRemove
2009-08-25 23:00 . 2009-08-25 23:00 -------- d-----w- c:\programdata\USBSRService
2009-08-25 21:58 . 2009-08-25 21:58 -------- d-----w- c:\program files\Alwil Software
2009-08-20 10:11 . 2009-08-20 10:11 73232 ----a-w- c:\windows\system32\drivers\DefragFs.sys
2009-08-14 16:27 . 2009-09-10 22:40 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 22:40 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 22:40 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 22:40 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 22:40 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 22:40 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 22:40 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 22:40 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 22:40 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 22:40 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 22:40 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-05 18:01 . 2009-08-05 18:01 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-08-01 13:50 . 2009-08-01 13:50 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-08-01 13:50 . 2009-08-01 13:50 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-28 15:33 . 2009-08-26 13:41 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-27 08:10 . 2009-07-27 08:10 25158 ----a-w- c:\users\Tally\cc_20090727_091030.reg
2001-09-28 17:00 . 2008-09-22 22:30 243200 ----a-w- c:\program files\UNWISE.EXE
2009-10-11 20:02 . 2009-10-11 20:02 149344 ----a-w- c:\program files\mozilla firefox\components\FFConnectorLauncher.dll
2009-10-11 20:02 . 2009-10-11 20:02 276320 ----a-w- c:\program files\mozilla firefox\components\FFSource.dll
2008-05-04 19:55 . 2008-02-17 08:40 120 --sha-w- c:\windows\S20D6ED6C(77).tmp
2008-05-04 19:55 . 2008-02-17 08:40 120 --sh--w- c:\windows\S20D6ED6C.tmp
2008-02-21 19:51 . 2008-02-21 19:06 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2008-02-21 19:51 . 2008-02-21 19:06 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2006-05-03 10:06 . 2008-03-26 13:57 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2008-03-26 13:57 31232 --sh--r- c:\windows\System32\msfDX.dll
2007-12-17 13:43 . 2008-03-26 13:57 27648 --sha-w- c:\windows\System32\Smab0.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-20_14.39.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-02-15 13:11 . 2009-10-20 06:49 97150 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-02-15 13:11 . 2009-10-21 07:07 97150 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-02-15 12:59 . 2009-10-21 07:07 20384 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-638123338-1822242044-3064731778-1000_UserData.bin
+ 2009-10-21 07:26 . 2009-10-21 07:26 85173 c:\windows\System32\Macromed\Flash\uninstall_plugin.exe
+ 2006-11-02 13:00 . 2009-10-21 07:21 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:00 . 2009-10-20 06:47 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:00 . 2009-10-21 07:21 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:00 . 2009-10-20 06:47 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-21 07:27 . 2009-10-21 07:27 87617 c:\windows\System32\Adobe\Shockwave 11\uninstaller.exe
+ 2009-07-21 08:02 . 2009-07-21 08:02 94208 c:\windows\System32\Adobe\Shockwave 11\SwMenu.dll
+ 2009-07-21 06:59 . 2009-07-21 06:59 79488 c:\windows\System32\Adobe\Shockwave 11\gtapi.dll
- 2008-08-04 21:39 . 2009-10-17 11:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-04 21:39 . 2009-10-21 07:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-04 21:39 . 2009-10-17 11:11 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-04 21:39 . 2009-10-21 07:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-04 21:39 . 2009-10-17 11:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-04 21:39 . 2009-10-21 07:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-21 08:04 . 2009-07-21 08:04 9216 c:\windows\System32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-02-16 09:35 . 2009-10-20 17:36 355304 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2006-11-02 13:03 . 2009-10-21 07:07 131890 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2009-10-21 07:09 602846 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-20 06:51 602846 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-20 06:51 106292 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-10-21 07:09 106292 c:\windows\System32\perfc009.dat
+ 2009-03-28 09:16 . 2009-10-21 07:03 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-03-28 09:16 . 2009-10-20 06:47 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-10-21 07:10 . 2009-10-21 07:10 262144 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2006-11-02 13:00 . 2009-10-20 06:47 131072 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:00 . 2009-10-21 07:21 131072 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-21 06:59 . 2009-07-21 06:59 132472 c:\windows\System32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 2009-07-21 08:07 . 2009-07-21 08:07 114688 c:\windows\System32\Adobe\Shockwave 11\SwInit.exe
+ 2009-07-21 08:17 . 2009-07-21 08:17 468408 c:\windows\System32\Adobe\Shockwave 11\SwHelper_1151601.exe
+ 2009-07-21 08:07 . 2009-07-21 08:07 446464 c:\windows\System32\Adobe\Shockwave 11\Proj.dll
+ 2009-07-21 08:02 . 2009-07-21 08:02 372736 c:\windows\System32\Adobe\Shockwave 11\Plugin.dll
+ 2009-07-21 06:59 . 2009-07-21 06:59 714752 c:\windows\System32\Adobe\Shockwave 11\gi.dll
+ 2009-07-21 08:04 . 2009-07-21 08:04 614400 c:\windows\System32\Adobe\Shockwave 11\Control.dll
+ 2009-07-21 08:18 . 2009-07-21 08:18 206264 c:\windows\System32\Adobe\Director\SwDir.dll
+ 2009-07-21 08:03 . 2009-07-21 08:03 131072 c:\windows\System32\Adobe\Director\np32dsw.dll
+ 2008-04-10 08:20 . 2008-04-10 08:20 638976 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA746454382090000000040\9.0.0\AdobeLinguistic.dll
+ 2009-07-21 07:07 . 2009-07-21 07:07 1011712 c:\windows\System32\Adobe\Shockwave 11\iml32.dll
+ 2009-07-21 06:59 . 2009-07-21 06:59 1886320 c:\windows\System32\Adobe\Shockwave 11\gt.exe
+ 2009-07-21 07:12 . 2009-07-21 07:12 1798144 c:\windows\System32\Adobe\Shockwave 11\dirapi.dll
+ 2009-10-21 07:25 . 2009-10-21 07:25 3940352 c:\windows\Installer\142ccf.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\windows sidebar\sidebar.exe" [2009-04-11 1233920]
"Xmarks"="c:\program files\Xmarks\IE Extension\xmarkssync.exe" [2009-05-08 1003520]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-07-18 160592]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-09 2595792]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-09 909208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-22 13535776]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-01-23 423200]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-04-13 1822720]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-04-23 4435968]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Belkin\Bluetooth Software\BTTray.exe [2007-2-27 715568]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-28 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave"=DrvTrNTm.dll
"mixer"=DrvTrNTm.dll
"aux5"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck PDBoot.exeautocheck PDBoot.exeautocheck autochk *autocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBSautocheck OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"RunSpySweeperScheduleAtStartup"="c:\windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{5D09E0E7-B3E8-4A61-ACED-F1A89CACBA16}
"HP Software Update Client"=c:\program files\HP\HP Software Update\HPWUCli.exe
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EasyTuneV"=c:\program files\Gigabyte\ET5\ETcall.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvSvc"=RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"OODefragTray"=c:\windows\system32\oodtray.exe
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"BDRegion"=c:\program files\Cyberlink\Shared Files\brs.exe
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"StartupDelayer"="c:\program files\Startup Delayer\Startup Launcher.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=c:\program files\Google\Gmail Notifier\gnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):36,57,fe,cf,cc,de,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-638123338-1822242044-3064731778-1000]
"EnableNotificationsRef"=dword:00000002

R0 MDFSYSNT;MacDrive file system driver;c:\windows\System32\drivers\MDFSYSNT.SYS [24/10/2008 07:53 293632]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [31/07/2009 22:28 206256]
R1 CbFs;CbFs;c:\windows\System32\drivers\cbfs.sys [30/05/2009 08:55 136744]
R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\elrawdsk.sys [20/05/2008 22:39 20392]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/03/2009 15:07 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/03/2009 15:07 72944]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [26/06/2008 10:26 141312]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 01:45 124832]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26/08/2009 14:41 108289]
R2 M4iPodWPDService;M4iPodWPDService;c:\program files\Common Files\Mediafour\iPod\M4iPodWPDService.exe [06/10/2008 09:12 211456]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business XII.SP2c\RpcAgentSrv.exe [19/10/2008 08:46 98488]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [12/04/2009 22:07 1153368]
R2 SymAFR;SymAFR;c:\windows\System32\drivers\SymAFR.sys [23/10/2008 20:45 15408]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [19/08/2009 16:37 92008]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [01/08/2009 14:50 604488]
R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [15/03/2009 22:16 30152]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\System32\drivers\TotRec7.sys [17/04/2008 01:34 120472]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [22/02/2007 19:53 2217416]
S2 gupdate1c99d18f856ec13;Google Update Service (gupdate1c99d18f856ec13);c:\program files\Google\Update\GoogleUpdate.exe [04/03/2009 23:31 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [11/02/2009 09:27 13224]
S3 kvpndev;Kerio VPN adapter;c:\windows\System32\drivers\kvpndrv.sys [16/01/2008 09:59 62464]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [06/11/2007 21:22 34064]
S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [31/07/2009 22:28 64392]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/03/2009 15:07 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [31/07/2009 22:28 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder

2009-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 22:31]

2009-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 22:31]

2009-10-21 c:\windows\Tasks\User_Feed_Synchronization-{5CF6F0F4-A371-46CA-A6D8-81A18C58F19A}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Lookup on Merriam Webster
IE: Lookup on Wikipedia
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - c:\program files\NewzCrawler\News.exe
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
FF - ProfilePath - c:\users\Tally\AppData\Roaming\Mozilla\Firefox\Profiles\wlfalu9w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\Mozilla Firefox\components\FFConnectorLauncher.dll
FF - component: c:\program files\Mozilla Firefox\components\FFSource.dll
FF - component: c:\users\Tally\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 09:10
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD�0.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Bike Stuff]
"Order"=hex:08,00,00,00,02,00,00,00,e4,09,00,00,01,00,00,00,11,00,00,00,ba,00,
00,00,00,00,00,00,ac,00,32,00,cd,00,00,00,00,79,bd,d7,20,00,41,42,55,53,20,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Bookmarks Toolbar Folder]
"Order"=hex:08,00,00,00,02,00,00,00,00,0d,00,00,01,00,00,00,19,00,00,00,6e,00,
00,00,00,00,00,00,60,00,32,00,cd,00,00,00,00,74,93,b3,20,00,41,4f,4c,20,45,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Broadband speed testers]
"Order"=hex:08,00,00,00,02,00,00,00,b0,02,00,00,01,00,00,00,05,00,00,00,7e,00,
00,00,00,00,00,00,70,00,32,00,cd,00,00,00,00,c0,50,1f,20,00,42,54,20,53,70,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Broadband speed testers & Stuff]
"Order"=hex:08,00,00,00,02,00,00,00,48,03,00,00,01,00,00,00,06,00,00,00,7e,00,
00,00,00,00,00,00,70,00,32,00,cd,00,00,00,00,f6,4b,e1,20,00,42,54,20,53,70,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Desktop Wallpapers]
"Order"=hex:08,00,00,00,02,00,00,00,1e,04,00,00,01,00,00,00,07,00,00,00,86,00,
00,00,00,00,00,00,78,00,32,00,cd,00,00,00,00,1e,29,57,20,00,44,65,73,6b,74,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Disposible Email Address Sites]
"Order"=hex:08,00,00,00,02,00,00,00,9a,01,00,00,01,00,00,00,02,00,00,00,de,00,
00,00,00,00,00,00,d0,00,32,00,b0,00,00,00,3e,3b,6f,35,20,20,47,75,65,72,72,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \DVD, CD & Games]
"Order"=hex:08,00,00,00,02,00,00,00,9e,0f,00,00,01,00,00,00,1a,00,00,00,74,00,
00,00,00,00,00,00,66,00,31,00,00,00,00,00,9e,3a,d0,a8,10,20,4d,75,73,69,63,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \DVD, CD & Games\Music Searching]
"Order"=hex:08,00,00,00,02,00,00,00,16,01,00,00,01,00,00,00,02,00,00,00,68,00,
00,00,00,00,00,00,5a,00,32,00,cd,00,00,00,00,61,01,c6,20,00,44,69,73,63,6f,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer]
"Order"=hex:08,00,00,00,02,00,00,00,2a,73,00,00,01,00,00,00,c6,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,88,3e,d2,10,00,42,69,6b,65,20,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Bike Stuff]
"Order"=hex:08,00,00,00,02,00,00,00,e4,09,00,00,01,00,00,00,11,00,00,00,ba,00,
00,00,00,00,00,00,ac,00,32,00,cd,00,00,00,00,1e,e2,d7,20,00,41,42,55,53,20,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Desktop Wallpapers]
"Order"=hex:08,00,00,00,02,00,00,00,ba,04,00,00,01,00,00,00,08,00,00,00,9c,00,
00,00,07,00,00,00,8e,00,32,00,cd,00,00,00,00,5c,0a,21,20,00,44,65,73,6b,74,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Disposible Email Sites]
"Order"=hex:08,00,00,00,02,00,00,00,c4,01,00,00,01,00,00,00,02,00,00,00,de,00,
00,00,01,00,00,00,d0,00,32,00,cd,00,00,00,00,7f,7f,ed,20,00,47,75,65,72,72,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\DVD, CD & Games]
"Order"=hex:08,00,00,00,02,00,00,00,9e,0f,00,00,01,00,00,00,1a,00,00,00,74,00,
00,00,17,00,00,00,66,00,31,00,00,00,00,00,00,ee,0b,8f,10,00,4d,75,73,69,63,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\DVD, CD & Games\Music Searching]
"Order"=hex:08,00,00,00,02,00,00,00,e6,01,00,00,01,00,00,00,02,00,00,00,38,01,
00,00,01,00,00,00,2a,01,32,00,cd,00,00,00,00,a5,87,ed,20,00,44,69,73,63,6f,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Home Shopping]
"Order"=hex:08,00,00,00,02,00,00,00,ec,13,00,00,01,00,00,00,1d,00,00,00,72,00,
00,00,00,00,00,00,64,00,31,00,00,00,00,00,00,8d,34,3f,10,00,42,6c,61,6e,6b,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Home Shopping\Blank CDs DVDs]
"Order"=hex:08,00,00,00,02,00,00,00,ba,07,00,00,01,00,00,00,0d,00,00,00,84,00,
00,00,00,00,00,00,76,00,32,00,cd,00,00,00,00,69,1b,41,20,00,42,69,67,50,6f,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Home Shopping\Blank CDs, DVDs]
"Order"=hex:08,00,00,00,02,00,00,00,24,08,00,00,01,00,00,00,0e,00,00,00,84,00,
00,00,00,00,00,00,76,00,32,00,cd,00,00,00,00,12,63,f3,20,00,42,69,67,50,6f,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Home Shopping\Ink Cartridges]
"Order"=hex:08,00,00,00,02,00,00,00,e4,06,00,00,01,00,00,00,0b,00,00,00,a8,00,
00,00,00,00,00,00,9a,00,32,00,cd,00,00,00,00,a0,e9,e6,20,00,41,6d,61,7a,6f,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Home Shopping\PC & Camera Accessory Shops etc]
"Order"=hex:08,00,00,00,02,00,00,00,c0,10,00,00,01,00,00,00,19,00,00,00,c6,00,
00,00,00,00,00,00,b8,00,32,00,cd,00,00,00,00,2d,55,3a,20,00,31,6d,6f,72,65,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Leannes Sites]
"Order"=hex:08,00,00,00,02,00,00,00,a0,02,00,00,01,00,00,00,05,00,00,00,72,00,
00,00,01,00,00,00,64,00,32,00,cd,00,00,00,00,2c,bb,0e,20,00,44,6f,67,73,20,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Newspapers & Magazines]
"Order"=hex:08,00,00,00,02,00,00,00,68,03,00,00,01,00,00,00,06,00,00,00,9e,00,
00,00,00,00,00,00,90,00,32,00,cd,00,00,00,00,e0,99,39,20,00,48,6f,6d,65,20,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Newspapers & Magazines]
"Order"=hex:08,00,00,00,02,00,00,00,68,03,00,00,01,00,00,00,06,00,00,00,9e,00,
00,00,00,00,00,00,90,00,32,00,cd,00,00,00,00,d2,c6,47,20,00,48,6f,6d,65,20,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Old Stuff]
"Order"=hex:08,00,00,00,02,00,00,00,6a,04,00,00,01,00,00,00,07,00,00,00,e0,00,
00,00,00,00,00,00,d2,00,32,00,cd,00,00,00,00,ed,31,93,20,00,32,30,74,68,20,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Old TV Program Sites]
"Order"=hex:08,00,00,00,02,00,00,00,ce,03,00,00,01,00,00,00,06,00,00,00,86,00,
00,00,00,00,00,00,78,00,32,00,cd,00,00,00,00,8c,d8,0b,20,00,47,72,61,6e,67,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\PC Info & Computer Magazines]
"Order"=hex:08,00,00,00,02,00,00,00,06,1a,00,00,01,00,00,00,2b,00,00,00,ba,00,
00,00,00,00,00,00,ac,00,32,00,cd,00,00,00,00,2e,8e,84,20,00,37,36,20,57,61,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Playstation 3 & DS Lite]
"Order"=hex:08,00,00,00,02,00,00,00,ca,06,00,00,01,00,00,00,0a,00,00,00,a4,00,
00,00,08,00,00,00,96,00,32,00,cd,00,00,00,00,1f,51,7c,20,00,43,48,45,41,54,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Ringtones Phone Stuff]
"Order"=hex:08,00,00,00,02,00,00,00,c4,0b,00,00,01,00,00,00,0f,00,00,00,38,01,
00,00,00,00,00,00,2a,01,32,00,cd,00,00,00,00,6f,2c,ea,20,00,43,65,6c,6c,20,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Security Software]
"Order"=hex:08,00,00,00,02,00,00,00,16,02,00,00,01,00,00,00,03,00,00,00,a2,00,
00,00,00,00,00,00,94,00,32,00,cd,00,00,00,00,68,a6,1e,20,00,42,69,74,44,65,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Sick Stuff & Funnies]
"Order"=hex:08,00,00,00,02,00,00,00,ac,0b,00,00,01,00,00,00,12,00,00,00,92,00,
00,00,00,00,00,00,84,00,32,00,cd,00,00,00,00,a5,79,c2,20,00,41,20,62,69,74,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \From Internet Explorer\Torrents,file sharing downloads Avater,CD DVD covers]
"Order"=hex:08,00,00,00,02,00,00,00,80,11,00,00,01,00,00,00,1d,00,00,00,74,00,
00,00,16,00,00,00,66,00,32,00,cd,00,00,00,00,e9,02,4f,20,00,41,6c,6c,43,44,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Home Shopping]
"Order"=hex:08,00,00,00,02,00,00,00,f6,12,00,00,01,00,00,00,1b,00,00,00,74,00,
00,00,00,00,00,00,66,00,31,00,00,00,00,00,9e,3a,d0,a8,10,20,42,6c,61,6e,6b,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Home Shopping\Blank CDs, DVDs]
"Order"=hex:08,00,00,00,02,00,00,00,20,08,00,00,01,00,00,00,0e,00,00,00,84,00,
00,00,00,00,00,00,76,00,32,00,cd,00,00,00,00,11,09,c1,20,00,42,69,67,50,6f,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Home Shopping\Ink Cartridges]
"Order"=hex:08,00,00,00,02,00,00,00,e4,06,00,00,01,00,00,00,0b,00,00,00,a8,00,
00,00,00,00,00,00,9a,00,32,00,cd,00,00,00,00,26,9a,70,20,00,41,6d,61,7a,6f,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Home Shopping\PC & Camera Accessory Shops etc]
"Order"=hex:08,00,00,00,02,00,00,00,18,10,00,00,01,00,00,00,18,00,00,00,c6,00,
00,00,00,00,00,00,b8,00,32,00,cd,00,00,00,00,fa,4f,cd,20,00,31,6d,6f,72,65,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Leannes Sites]
"Order"=hex:08,00,00,00,02,00,00,00,a0,02,00,00,01,00,00,00,05,00,00,00,72,00,
00,00,00,00,00,00,64,00,32,00,cd,00,00,00,00,c8,3c,26,20,00,44,6f,67,73,20,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Links]
"Order"=hex:08,00,00,00,02,00,00,00,ea,14,00,00,01,00,00,00,2b,00,00,00,6e,00,
00,00,00,00,00,00,60,00,32,00,cd,00,00,00,00,17,75,f4,20,00,41,4f,4c,20,45,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Microsoft Websites]
"Order"=hex:08,00,00,00,02,00,00,00,24,03,00,00,01,00,00,00,06,00,00,00,7e,00,
00,00,00,00,00,00,70,00,32,00,cd,00,00,00,00,c3,c4,49,20,00,49,45,20,41,64,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \MSN Websites]
"Order"=hex:08,00,00,00,02,00,00,00,ae,02,00,00,01,00,00,00,06,00,00,00,5c,00,
00,00,04,00,00,00,4e,00,32,00,cd,00,00,00,00,15,aa,5c,20,00,4d,53,4e,2e,75,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Newspapers & Magazines]
"Order"=hex:08,00,00,00,02,00,00,00,68,03,00,00,01,00,00,00,06,00,00,00,9e,00,
00,00,00,00,00,00,90,00,32,00,cd,00,00,00,00,6c,e6,b0,20,00,48,6f,6d,65,20,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Old Stuff]
"Order"=hex:08,00,00,00,02,00,00,00,6a,04,00,00,01,00,00,00,07,00,00,00,e0,00,
00,00,00,00,00,00,d2,00,32,00,cd,00,00,00,00,be,46,93,20,00,32,30,74,68,20,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Old TV Program Sites]
"Order"=hex:08,00,00,00,02,00,00,00,ce,03,00,00,01,00,00,00,06,00,00,00,86,00,
00,00,00,00,00,00,78,00,32,00,cd,00,00,00,00,47,43,0e,20,00,47,72,61,6e,67,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \PC Info & Computer Magazines]
"Order"=hex:08,00,00,00,02,00,00,00,34,19,00,00,01,00,00,00,2a,00,00,00,ba,00,
00,00,00,00,00,00,ac,00,32,00,cd,00,00,00,00,6a,6f,94,20,00,37,36,20,57,61,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Playstation 3 & DS Lite]
"Order"=hex:08,00,00,00,02,00,00,00,66,07,00,00,01,00,00,00,0b,00,00,00,a4,00,
00,00,05,00,00,00,96,00,32,00,cd,00,00,00,00,94,31,cf,20,00,43,48,45,41,54,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Ringtones Phone Stuff]
"Order"=hex:08,00,00,00,02,00,00,00,0e,0b,00,00,01,00,00,00,0e,00,00,00,38,01,
00,00,00,00,00,00,2a,01,32,00,cd,00,00,00,00,fe,ad,7c,20,00,43,65,6c,6c,20,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Security Software]
"Order"=hex:08,00,00,00,02,00,00,00,16,02,00,00,01,00,00,00,03,00,00,00,a2,00,
00,00,00,00,00,00,94,00,32,00,cd,00,00,00,00,d5,33,cd,20,00,42,69,74,44,65,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Sick Stuff & Funnies]
"Order"=hex:08,00,00,00,02,00,00,00,ac,0b,00,00,01,00,00,00,12,00,00,00,92,00,
00,00,00,00,00,00,84,00,32,00,cd,00,00,00,00,33,39,45,20,00,41,20,62,69,74,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Torrents,file sharing downloads Avater,CD DVD covers]
"Order"=hex:08,00,00,00,02,00,00,00,0c,14,00,00,01,00,00,00,21,00,00,00,74,00,
00,00,00,00,00,00,66,00,32,00,cd,00,00,00,00,07,00,ec,20,00,41,6c,6c,43,44,\

[HKEY_USERS\S-1-5-21-638123338-1822242044-3064731778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Windows Live]
"Order"=hex:08,00,00,00,02,00,00,00,32,02,00,00,01,00,00,00,04,00,00,00,84,00,
00,00,00,00,00,00,76,00,32,00,cd,00,00,00,00,b9,4a,bb,20,00,47,65,74,20,57,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}�00\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}�01\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}�02\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}�03\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}�04\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}�05\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}�06\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'Explorer.exe'(1608)
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\oodag.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Sunbelt Software\CounterSpy\SBCSSvc.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Raxco\PerfectDisk10\PDAgentS1.exe
c:\combofix\CF11476.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: ~,10time:~,-3machine was rebootedCombobatch-by
ComboFix-quarantined-files.txt 2009-10-21 08:14
ComboFix2.txt 2009-10-20 14:40

Pre-Run: 305,348,988,928 bytes free
Post-Run: 301,904,158,720 bytes free

- - End Of File - - FCA304427216E4181707AF474C559C5F
Upload was successful





Here is the DDS:


DDS (Ver_09-10-13.01) - NTFSx86
Run by Tally at 9:25:03.12 on 21/10/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.3582.2365 [GMT 1:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Sunbelt Software Sunbelt CounterSpy 2.5.1043 *disabled* (Outdated) {9817B764-AE4E-4B29-AEE7-725B7A50BD48}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Mediafour\iPod\M4iPodWPDService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\oodag.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Windows\System32\TUProgSt.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP2c\RpcAgentSrv.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\Symconsent.exe
C:\Windows\system32\DllHost.exe
C:\Users\Tally\Desktop\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FoxmarksDLLBHO Class: {a2a71aba-3939-43b2-bd8f-8c1767ef9020} - c:\program files\xmarks\ie extension\foxmarksdll.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: PDF-XChange Viewer IE-Plugin: {c5d07eb6-bbce-4dae-acbb-d13a8d28cb1f} - c:\program files\tracker software\pdf viewer\PDFXCviewIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [Xmarks] c:\program files\xmarks\ie extension\xmarkssync.exe -q
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Skytel] Skytel.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
mRun: [AcronisTimounterMonitor] "c:\program files\acronis\trueimagehome\TimounterMonitor.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /ns
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bluetooth.lnk - c:\program files\belkin\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hp digital imaging monitor.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logitech setpoint.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Lookup on Merriam Webster
IE: Lookup on Wikipedia
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - c:\program files\newzcrawler\News.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\belkin\bluetooth software\btsendto_ie.htm
IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_16.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\users\tally\appdata\roaming\mozilla\firefox\profiles\wlfalu9w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\mozilla firefox\components\FFConnectorLauncher.dll
FF - component: c:\program files\mozilla firefox\components\FFSource.dll
FF - component: c:\users\tally\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -

============= SERVICES / DRIVERS ===============

R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2008-10-24 293632]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-7-31 206256]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2009-5-30 136744]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-5-20 20392]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-6-26 141312]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd�0.fcl [2007-11-3 41456]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-11 124832]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-26 108289]
R2 M4iPodWPDService;M4iPodWPDService;c:\program files\common files\mediafour\ipod\M4iPodWPDService.exe [2008-10-6 211456]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra professional business xii.sp2c\RpcAgentSrv.exe [2008-10-19 98488]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-4-12 1153368]
R2 SymAFR;SymAFR;c:\windows\system32\drivers\SymAFR.sys [2008-10-23 15408]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-8-19 92008]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-8-1 604488]
R2 Viewpoint Service;Viewpoint Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-15 30152]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2008-4-17 120472]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;c:\program files\common files\acronis\acronis disk director\oss_reinstall_svc.exe [2007-2-22 2217416]
S2 gupdate1c99d18f856ec13;Google Update Service (gupdate1c99d18f856ec13);c:\program files\google\update\GoogleUpdate.exe [2009-3-4 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-2-11 13224]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [2008-1-16 62464]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-7-31 64392]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-7-31 348752]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-10-21 08:27 <DIR> --d----- c:\windows\system32\Adobe
2009-10-20 15:30 236,544 a------- c:\windows\PEV.exe
2009-10-20 15:30 161,792 a------- c:\windows\SWREG.exe
2009-10-20 15:30 98,816 a------- c:\windows\sed.exe
2009-10-13 22:17 <DIR> -cd-h--- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-13 22:17 <DIR> -cd-h--- c:\progra~2\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-13 07:13 69 a------- c:\windows\NeroDigital.ini
2009-10-10 23:18 <DIR> --d----- c:\users\tally\.get_iplayer
2009-10-10 22:48 <DIR> --d----- c:\programdata\Sky
2009-10-10 22:48 <DIR> --d----- c:\program files\Sky
2009-10-10 22:48 <DIR> --d----- c:\progra~2\Sky
2009-10-10 22:14 <DIR> --d----- c:\program files\FLVCodec
2009-10-10 22:14 <DIR> --d----- c:\program files\WinPcap
2009-10-10 22:14 <DIR> --d----- c:\program files\RipTiger
2009-10-10 22:13 <DIR> --d----- c:\users\tally\appdata\roaming\GetRightToGo
2009-10-10 17:36 640,512 a------- c:\windows\system32\gfbaksm.dat
2009-10-10 17:35 640,512 a------- c:\windows\system32\gfkernel.dll
2009-10-10 17:34 <DIR> --d----- c:\program files\GetFLV
2009-10-07 11:05 232,712 a------- c:\windows\system32\PDBoot.exe
2009-09-30 22:11 <DIR> --d----- c:\program files\VirtualDJ
2009-09-30 14:10 <DIR> --d----- c:\program files\Tracker Software
2009-09-30 14:08 <DIR> --d----- c:\users\tally\appdata\roaming\Foxit
2009-09-30 14:07 <DIR> --d----- c:\program files\Foxit Software
2009-09-30 13:59 <DIR> --d--r-- c:\users\tally\CD & DVD Covers
2009-09-30 13:50 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-30 08:22 <DIR> --d----- c:\program files\iPod

==================== Find3M ====================

2009-10-19 22:15 6,530 a------- c:\users\tally\appdata\roaming\wklnhst.dat
2009-10-15 20:34 143,360 a------- c:\windows\inf\infstrng.dat
2009-10-15 20:34 86,016 a------- c:\windows\inf\infpub.dat
2009-09-14 09:32 143,360 a------- c:\windows\inf\infstor.dat
2009-09-09 11:43 210,352 a------- c:\windows\system32\idmmbc.dll
2009-09-05 08:26 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-05 08:26 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-02 17:58 14,656 a------- c:\windows\gdrv.sys
2009-08-29 03:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-29 03:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-29 03:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-29 03:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-29 01:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 01:14 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-14 16:53 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 14:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:49 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 14:49 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 14:49 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:49 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 14:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:49 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 14:48 105,984 a------- c:\windows\system32\netiohlp.dll
2009-08-01 14:50 604,488 a------- c:\windows\system32\TUProgSt.exe
2009-08-01 14:50 361,288 a------- c:\windows\system32\TuneUpDefragService.exe
2009-07-27 09:10 25,158 a------- c:\users\tally\cc_20090727_091030.reg
2009-05-27 14:07 665,600 a------- c:\windows\inf\drvindex.dat
2008-03-19 09:38 174 a--sh--- c:\program files\desktop.ini
2008-03-07 09:13 47,360 a------- c:\users\tally\appdata\roaming\pcouffin.sys
2008-02-19 00:36 87,608 a------- c:\users\tally\appdata\roaming\ezpinst.exe
2006-11-02 13:40 287,440 a------- c:\windows\inf\perflib409\perfi.dat
2006-11-02 13:40 287,440 a------- c:\windows\inf\perflib409\perfh.dat
2006-11-02 13:40 30,674 a------- c:\windows\inf\perflib409\perfd.dat
2006-11-02 13:40 30,674 a------- c:\windows\inf\perflib409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib�00\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib�00\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib�00\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib�00\perfc.dat
2006-04-12 11:13 12,640 a------- c:\users\tally\Passwords.dat
2001-09-28 18:00 243,200 a------- c:\program files\UNWISE.EXE
2008-02-21 20:51 2,048 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\lastalive0.dat
2008-02-21 20:51 2,048 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\lastalive1.dat
2009-06-13 09:15 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-13 09:15 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-13 09:15 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2006-05-03 11:06 163,328 a--shr-- c:\windows\system32\flvDX.dll
2007-02-21 12:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2007-12-17 14:43 27,648 a--sh--- c:\windows\system32\Smab0.dll

============= FINISH: 9:25:31.14 ===============



The Combofix did need to upload a file for ananysis (or words to the affect) but it did not mention what it was, I don't know if this is any help?

Hi,

Yes, the upload was successful. Thank you

Are there still issues left?

Shall I try now to reinstall Adaware?

I was just waiting to see if there was anything else I needed to do before I tried to re-install Adaware again.

What was the file that got uploaded? has it didn't say what it was, it just said uploading file for analysis.

Please try. Those uploaded files were the ones you couldn't find for virustotal scan.

Or yeah, these ones?

c:\windows\System32\bbdfeaaceaa_z.dll
c:\windows\System32\bddc_z.dll
c:\windows\System32\ebaaee_r.dll


I'll try to re-install Adaware shortly. Thanks a lot for the help its much appreciated

I've just tried re-installing Adaware now but I get to the same point and get the error code 2343.

Hi,

I'm afraid to say but don't know what could be causing the issue . You have bunch of security programs installed but not sure if any of those could prevent installation from succeeding. Visitor asked you to PM him or one of other mods to re-open your other topic. You could send the PM and tell that we couldn't find out the issue causer.

ComboFix can be uninstalled at this point:

• Click START then RUN
• Now copy-paste "c:\users\Tally\Desktop\Downloads\ComboFix.exe" /uninstall in the runbox and click OK

Thanks immensely for the help you have given, its much appreciated

You're welcome. Hopefully culprit can be narrowed down