Antivir Solution Pro

Dear GeekPolice

Recently picked up a virus on my computer called Antivir Solution Pro. Now i im unable to login, when i try it crashses and goes to blue screen. Sometimes i get past the login but crashes before anything loads.

Before this stage the virus was an icon in the system tray that pretended to be anti virus software, but i have McAfee. This all started about 5 days ago. Using a second computer atm, can you help?

Rob

Hello.

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

Belahzur

I used F12 when powering up and 'Last known good configuration'. This came up with Fatal system error C000021a, Windows logon process terminated 0xC0000005.

I powered up again and booted from the Windows recover Disk. Again winlogon.exe error and loads of other errors. However I managed to run OTL from the USB stick. As I am using another computer for comms to you. Notepad was not saving, so copied to Word. Xfered to this computer then back to notepad.

Here is OTL.txt

OTL logfile created on: 07/08/2010 14:51:41 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = F:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 210.00 Mb Available Physical Memory | 21.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.57 Gb Total Space | 3.08 Gb Free Space | 2.84% Space Free | Partition Type: NTFS
Drive D: | 37.23 Gb Total Space | 37.16 Gb Free Space | 99.83% Space Free | Partition Type: NTFS
Drive E: | 581.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.86 Gb Total Space | 1.86 Gb Free Space | 99.96% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROBS_PC
Current User Name: Rob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/07 13:32:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2010/08/02 07:56:11 | 000,060,004 | -H-- | M] () -- C:\Documents and Settings\Rob\Local Settings\Temp\install.exe
PRC - [2010/08/02 07:56:06 | 000,030,001 | -H-- | M] () -- C:\Documents and Settings\Rob\Local Settings\Temp\j9o5vm23.exe
PRC - [2010/07/21 21:03:31 | 000,048,644 | -H-- | M] () -- C:\Documents and Settings\Rob\Local Settings\Temp\smss.exe
PRC - [2010/07/07 18:10:26 | 000,048,644 | -H-- | M] () -- C:\Documents and Settings\Rob\Local Settings\Temp\wininst.exe
PRC - [2010/06/24 21:22:08 | 000,020,724 | -H-- | M] () -- C:\Documents and Settings\Rob\Local Settings\Temp\nvsvc32.exe
PRC - [2010/06/03 01:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/11/13 01:07:54 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/11/01 12:47:00 | 000,119,296 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
PRC - [2009/09/15 21:04:58 | 000,331,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2009/08/22 11:31:06 | 005,148,672 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2007/11/19 15:13:12 | 000,274,432 | ---- | M] () -- C:\Program Files\VentSrv\ventrilo_srv.exe
PRC - [2007/06/28 20:47:15 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/27 20:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 20:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/30 20:43:54 | 003,450,608 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2007/02/20 00:59:20 | 000,914,992 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
PRC - [2007/02/20 00:58:30 | 000,083,504 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2006/11/24 02:06:38 | 000,487,424 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
PRC - [2006/11/07 15:49:50 | 001,121,280 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
PRC - [2006/10/13 10:11:16 | 000,983,040 | R--- | M] (Obigo AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2006/09/27 14:33:19 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2006/01/02 17:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/11/11 17:00:56 | 001,005,096 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
PRC - [2005/11/11 16:43:04 | 000,548,864 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
PRC - [2005/11/11 16:42:12 | 000,524,288 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
PRC - [2005/10/13 19:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe
PRC - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/26 10:26:58 | 000,110,592 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKAgent.exe
PRC - [2005/09/22 18:29:08 | 000,303,104 | ---- | M] (McAfee, Inc) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/08/24 16:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe
PRC - [2005/08/11 22:02:44 | 000,053,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\VSO\oasclnt.exe
PRC - [2005/08/10 12:49:20 | 000,163,840 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\VSO\mcvsshld.exe
PRC - [2005/08/10 11:22:02 | 000,221,184 | ---- | M] (McAfee Inc.) -- c:\Program Files\McAfee.com\VSO\McShield.exe
PRC - [2005/08/04 03:42:00 | 000,528,384 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2005/08/04 03:42:00 | 000,028,160 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
PRC - [2005/07/13 21:18:10 | 000,065,536 | ---- | M] () -- C:\Program Files\VentSrv\ventrilo_svc.exe
PRC - [2005/07/08 18:16:16 | 000,483,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\VSO\McVSEscn.exe
PRC - [2005/07/01 20:43:00 | 000,299,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\VSO\mcvsftsn.exe
PRC - [2005/06/10 10:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/01/26 15:15:16 | 000,884,838 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WPN111\WPN111.exe
PRC - [2004/11/10 00:22:17 | 000,497,240 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
PRC - [2004/11/10 00:22:16 | 001,140,312 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe
PRC - [2004/03/19 14:17:00 | 000,078,960 | ---- | M] () -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe


========== Modules (SafeList) ==========

MOD - [2010/08/07 13:32:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2007/04/30 20:18:50 | 000,112,400 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
MOD - [2007/03/08 16:36:28 | 000,152,064 | ---- | M] () -- C:\WINDOWS\ajovupoqoxevuqa.dll
MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005/09/26 18:12:52 | 000,098,304 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\VSO\McVSSkt.Dll
MOD - [2005/08/17 10:38:00 | 000,143,360 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKOEPlg.dll
MOD - [2005/08/04 03:42:00 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll
MOD - [2005/08/04 03:42:00 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll
MOD - [2005/08/04 03:42:00 | 000,057,344 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2005/08/04 03:42:00 | 000,036,352 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\gamehook.dll
MOD - [2004/08/04 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/09/15 21:29:04 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2009/09/15 21:28:52 | 000,204,848 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2009/09/15 21:04:58 | 000,331,824 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/03/28 21:07:10 | 012,798,152 | RHS- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\NetMeeting\comp.exe -- (RPCER) Remote Procedure Call (HNM)
SRV - [2007/02/20 00:58:30 | 000,083,504 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2005/11/24 17:03:22 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/11/24 16:57:44 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/11/24 16:47:30 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/11/11 16:43:04 | 000,548,864 | ---- | M] (McAfee Corporation) [Auto | Running] -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService)
SRV - [2005/10/13 19:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe -- (McDetect.exe)
SRV - [2005/08/24 16:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe)
SRV - [2005/08/10 11:22:02 | 000,221,184 | ---- | M] (McAfee Inc.) [Auto | Running] -- c:\Program Files\McAfee.com\VSO\McShield.exe -- (McShield)
SRV - [2005/07/13 21:18:10 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\VentSrv\ventrilo_svc.exe -- (Ventrilo)
SRV - [2005/07/12 18:10:18 | 000,963,072 | ---- | M] (McAfee Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe -- (MskService)
SRV - [2005/07/01 19:22:50 | 000,245,760 | ---- | M] (McAfee, Inc) [On_Demand | Stopped] -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe)
SRV - [2004/11/10 00:22:16 | 001,140,312 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2010/07/09 00:06:28 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nocashio.sys -- (nocashio)
DRV - [2009/10/28 22:24:36 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\WINDOWS\system32\STEC3.sys -- (STEC3)
DRV - [2009/09/15 21:04:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/07/22 20:13:20 | 000,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/07/08 22:51:04 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/12/18 19:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/09/27 14:33:21 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/09/18 14:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)
DRV - [2006/09/18 14:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)
DRV - [2006/09/18 14:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)
DRV - [2006/09/18 14:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)
DRV - [2006/09/18 14:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2006/09/18 14:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2006/08/15 09:38:14 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/14 13:29:44 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/06/19 04:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/07 22:08:58 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/05/15 14:35:36 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/11/11 16:43:52 | 000,080,640 | ---- | M] (McAfee) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MpFirewall.sys -- (MPFIREWL)
DRV - [2005/09/26 16:02:50 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WPN111.sys -- (WPN111)
DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/08/10 11:22:10 | 000,114,464 | ---- | M] (McAfee Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)
DRV - [2005/07/23 00:41:46 | 000,026,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2005/07/23 00:41:42 | 000,068,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2004/08/12 17:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 23:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2003/01/10 22:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [1999/09/10 12:06:00 | 000,025,244 | R--- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6060927
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6060927
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/webhp?hl=en"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {6502847E-AD16-4D91-867A-4009295CF7C6}:1.9.1
FF - prefs.js..extensions.enabledItems: {3D8B6F79-97D7-40A1-85BB-DD2902F64883}:1.9.1
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q="


FF - HKLM\software\mozilla\Firefox\extensions\\{6502847E-AD16-4D91-867A-4009295CF7C6}: C:\Documents and Settings\Rob\Local Settings\Application Data\{6502847E-AD16-4D91-867A-4009295CF7C6} [2010/02/12 19:14:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3D8B6F79-97D7-40A1-85BB-DD2902F64883}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{3D8B6F79-97D7-40A1-85BB-DD2902F64883}\ [2010/02/15 09:23:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/26 20:39:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/26 20:39:42 | 000,000,000 | ---D | M]

[2009/04/09 00:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Mozilla\Extensions
[2009/04/09 00:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/08/02 21:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\xa62z737.default\extensions
[2009/09/02 14:37:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\xa62z737.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/02 05:38:51 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\xa62z737.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/07/20 03:28:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\xa62z737.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/10/02 17:43:56 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\xa62z737.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2009/04/08 18:46:06 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\xa62z737.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2008/06/13 00:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\xa62z737.default\extensions\NPDyyno@dyyno.com
[2010/08/02 21:04:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/05/10 16:44:13 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/09/04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/04/09 16:18:04 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll

O1 HOSTS File: ([2007/05/21 22:42:33 | 000,000,023 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (C:\WINDOWS\system32\qvedt7.dll) - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\WINDOWS\system32\qvedt7.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {DF4E7A0C-E233-4906-B4C1-A404356541FF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online, Inc)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
O4 - HKLM..\Run: [MSKAGENTEXE] C:\Program Files\McAfee\SpamKiller\MSKAgent.exe (McAfee Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [sylcysre] C:\Documents and Settings\Rob\Local Settings\Application Data\jqyuwnusn\xexcfqitssd.exe ()
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe (McAfee, Inc.)
O4 - HKLM..\Run: [VSOCheckTask] C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Ysegonejiqa] C:\WINDOWS\ajovupoqoxevuqa.DLL ()
O4 - HKCU..\Run: [{FF40DE1A-23CC-2F08-F36F-60B8E5FCF148}] C:\Documents and Settings\Rob\Application Data\Heriih\toup.exe (Wocrq Zpxzwf Ca Yv)
O4 - HKCU..\Run: [ahai2kjndfdfkjhsioudghd] C:\Documents and Settings\Rob\Local Settings\Temp\nvsvc32.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [hsehf98u34i9tjioaugy987iuegdsg] C:\Documents and Settings\Rob\Local Settings\Temp\smss.exe ()
O4 - HKCU..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\Documents and Settings\Rob\Local Settings\Temp\nvsvc32.exe ()
O4 - HKCU..\Run: [hsfe8owijfisjhgs7ye39gjsoighsd7y3eu] C:\Documents and Settings\Rob\Local Settings\Temp\j9o5vm23.exe ()
O4 - HKCU..\Run: [hsfg9w8gujsokgahi8gysgnsdgefshyjy] C:\Documents and Settings\Rob\Local Settings\Temp\install.exe ()
O4 - HKCU..\Run: [mcexecwin] C:\Documents and Settings\Rob\Local Settings\Temp\oggdw96sx.dll ()
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [Remote System Protection] C:\WINDOWS\System32\qvedt7.DLL ()
O4 - HKCU..\Run: [sdr8gdrgdrgke49orkgsjkjfjhsd] C:\Documents and Settings\Rob\Local Settings\Temp\wininst.exe ()
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [sylcysre] C:\Documents and Settings\Rob\Local Settings\Application Data\jqyuwnusn\xexcfqitssd.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk = C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O4 - Startup: C:\Documents and Settings\Rob\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\Program Files\McAfee\SpamKiller\McApfBHO.dll (McAfee, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: buy-internetsecurity10.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: buy-is2010.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: buy-internetsecurity10.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: buy-is2010.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: is10-soft-download.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: is-software-download25.com ([]http in Trusted sites)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.159.13.49 212.159.13.50
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - CLSID or File not found.
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O22 - SharedTaskScheduler: {2016a466-91a2-43c6-97d8-2fd380f065ef} - eitheror - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - 7whfiudhf8s7f3oifhif7syfdhsof - C:\WINDOWS\system32\qvedt7.dll ()
O22 - SharedTaskScheduler: {C7BA40A1-74F2-52BD-F411-04B15A2C8953} - har98fefiesjfs93s8i9sejsdf - C:\WINDOWS\system32\y0azio.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Rob\Local Settings\Application Data\Stardock\Fences\SolidColorBackgrounds\2\Solid Color.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rob\Local Settings\Application Data\Stardock\Fences\SolidColorBackgrounds\2\Solid Color.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/04 13:00:00 | 000,000,110 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0aa145b1-c920-11dc-8874-00184d36134e}\Shell - "" = AutoRun
O33 - MountPoints2\{0aa145b1-c920-11dc-8874-00184d36134e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{55d07e11-5e42-11dd-891a-00184d36134e}\Shell\AutoRun\command - "" = G:\AutoTransfer.exe -- File not found
O33 - MountPoints2\{66f8fbde-ff83-11dd-89fe-00184d36134e}\Shell - "" = AutoRun
O33 - MountPoints2\{66f8fbde-ff83-11dd-89fe-00184d36134e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{82f62235-180a-11df-8aca-00184d36134e}\Shell - "" = AutoRun
O33 - MountPoints2\{82f62235-180a-11df-8aca-00184d36134e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8642bc71-11d9-11df-8ac8-00184d36134e}\Shell - "" = AutoRun
O33 - MountPoints2\{8642bc71-11d9-11df-8ac8-00184d36134e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{903a3fbc-f2f2-11de-8ab4-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{903a3fbc-f2f2-11de-8ab4-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/04 03:05:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SeaPort
[2010/08/04 00:50:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\InstallShield Installation Information
[2010/08/03 22:52:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\My Documents\My Webs
[2010/08/02 08:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Local Settings\Application Data\jqyuwnusn
[2010/07/27 14:54:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Local Settings\Application Data\Windows Server
[2010/07/23 19:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/07/23 19:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/07/14 17:04:30 | 000,743,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Rob\My Documents\*.tmp files -> C:\Documents and Settings\Rob\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/07 14:38:07 | 022,020,096 | -H-- | M] () -- C:\Documents and Settings\Rob\NTUSER.DAT
[2010/08/07 14:36:56 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
[2010/08/07 14:36:40 | 000,118,336 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2010/08/07 14:35:26 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (ROBS_PC-Rob).job
[2010/08/07 14:35:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/07 14:35:09 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/07 14:33:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/07 14:33:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/07 14:33:05 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/03 22:52:55 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Rob\ntuser.ini
[2010/08/03 20:27:29 | 000,188,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/03 20:08:45 | 000,002,279 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\vba1.ini
[2010/08/03 19:13:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/03 10:12:33 | 000,000,107 | ---- | M] () -- C:\Documents and Settings\Rob\default.pls
[2010/08/03 10:09:53 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/03 02:04:08 | 000,043,576 | ---- | M] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/03 01:58:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ahucihehafileyo.dat
[2010/08/02 07:56:04 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\lmvji.dll
[2010/07/31 20:59:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/31 04:31:36 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/07/25 14:45:41 | 000,003,584 | -H-- | M] () -- C:\Documents and Settings\Rob\Application Data\dvd.bmk
[2010/07/23 16:45:44 | 000,001,463 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\DivX Movies.lnk
[2010/07/23 16:45:25 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/07/20 18:41:31 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/16 11:35:47 | 000,001,503 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\Paint.lnk
[2010/07/10 14:11:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Mjebupiyepete.bin
[2010/07/09 00:06:28 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\drivers\nocashio.sys
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Rob\My Documents\*.tmp files -> C:\Documents and Settings\Rob\My Documents\*.tmp -> ]

Part 2 of OTL.txt

========== Files Created - No Company Name ==========

[2010/08/03 22:56:13 | 1072,156,672 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/02 07:56:04 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\lmvji.dll
[2010/07/23 16:45:25 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/07/16 11:33:20 | 000,930,685 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\198-199.png
[2010/07/16 11:33:20 | 000,534,085 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\200.png
[2010/07/16 11:33:19 | 001,186,907 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\196-197.png
[2010/07/16 11:33:19 | 000,939,516 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\194.jpg
[2010/07/16 11:33:19 | 000,868,853 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\195.jpg
[2010/07/16 11:33:19 | 000,747,116 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\193.png
[2010/07/16 11:33:19 | 000,710,927 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\192.png
[2010/07/16 11:33:19 | 000,370,227 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\191.png
[2010/07/16 11:33:18 | 001,043,094 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\182-183.png
[2010/07/16 11:33:18 | 000,808,099 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\176.png
[2010/07/16 11:33:18 | 000,757,767 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\174.png
[2010/07/16 11:33:18 | 000,710,081 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\190.png
[2010/07/16 11:33:18 | 000,625,017 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\175.png
[2010/07/16 11:33:18 | 000,615,933 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\154-155.png
[2010/07/16 11:33:18 | 000,592,741 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\185.png
[2010/07/16 11:33:18 | 000,586,876 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\178.png
[2010/07/16 11:33:18 | 000,585,828 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\181.png
[2010/07/16 11:33:18 | 000,546,605 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\166.png
[2010/07/16 11:33:18 | 000,532,899 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\177.png
[2010/07/16 11:33:18 | 000,515,850 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\186.png
[2010/07/16 11:33:18 | 000,514,471 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\167.png
[2010/07/16 11:33:18 | 000,448,668 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\184.png
[2010/07/16 11:33:18 | 000,438,348 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\179.png
[2010/07/16 11:33:18 | 000,431,318 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\180.png
[2010/07/16 11:33:18 | 000,405,704 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\172.png
[2010/07/16 11:33:18 | 000,392,133 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\152.png
[2010/07/16 11:33:18 | 000,363,793 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\188.png
[2010/07/16 11:33:18 | 000,357,589 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\170.png
[2010/07/16 11:33:18 | 000,354,586 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\187.png
[2010/07/16 11:33:18 | 000,351,200 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\173.png
[2010/07/16 11:33:18 | 000,343,369 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\171.png
[2010/07/16 11:33:18 | 000,334,572 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\143.png
[2010/07/16 11:33:18 | 000,316,494 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\146.png
[2010/07/16 11:33:18 | 000,314,804 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\189.png
[2010/07/16 11:33:18 | 000,313,154 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\156.png
[2010/07/16 11:33:18 | 000,305,148 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\151.png
[2010/07/16 11:33:18 | 000,296,866 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\157.png
[2010/07/16 11:33:18 | 000,291,842 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\150.png
[2010/07/16 11:33:18 | 000,280,945 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\153.png
[2010/07/16 11:33:18 | 000,256,777 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\164.png
[2010/07/16 11:33:18 | 000,246,776 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\147.png
[2010/07/16 11:33:18 | 000,246,359 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\148.png
[2010/07/16 11:33:18 | 000,232,068 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\165.png
[2010/07/16 11:33:18 | 000,227,084 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\163.png
[2010/07/16 11:33:18 | 000,221,840 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\161.png
[2010/07/16 11:33:18 | 000,221,203 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\149.png
[2010/07/16 11:33:18 | 000,220,177 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\144-145.png
[2010/07/16 11:33:18 | 000,208,885 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\158-159.png
[2010/07/16 11:33:18 | 000,202,810 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\162.png
[2010/07/16 11:33:18 | 000,198,425 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\160.png
[2010/07/16 11:33:18 | 000,189,403 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\168-169.png
[2010/07/16 11:33:17 | 000,633,389 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\132-133.png
[2010/07/16 11:33:17 | 000,475,501 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\137.png
[2010/07/16 11:33:17 | 000,470,793 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\140-141.png
[2010/07/16 11:33:17 | 000,424,994 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\131.png
[2010/07/16 11:33:17 | 000,413,526 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\142.png
[2010/07/16 11:33:17 | 000,393,360 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\139.png
[2010/07/16 11:33:17 | 000,360,199 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\130.png
[2010/07/16 11:33:17 | 000,334,341 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\136.png
[2010/07/16 11:33:17 | 000,290,268 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\138.png
[2010/07/16 11:33:17 | 000,288,913 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\135.png
[2010/07/16 11:33:17 | 000,288,413 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\134.png
[2010/07/16 11:33:16 | 000,966,875 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\122-123.png
[2010/07/16 11:33:16 | 000,908,743 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\128-129.png
[2010/07/16 11:33:16 | 000,480,847 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\120.png
[2010/07/16 11:33:16 | 000,371,031 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\117.png
[2010/07/16 11:33:16 | 000,351,094 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\121.png
[2010/07/16 11:33:16 | 000,342,435 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\118.png
[2010/07/16 11:33:16 | 000,333,907 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\124.png
[2010/07/16 11:33:16 | 000,331,864 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\126.png
[2010/07/16 11:33:16 | 000,304,652 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\119.png
[2010/07/16 11:33:16 | 000,294,344 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\125.png
[2010/07/16 11:33:16 | 000,292,595 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\127.png
[2010/07/16 11:33:15 | 000,992,849 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\087.png
[2010/07/16 11:33:15 | 000,983,399 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\084.png
[2010/07/16 11:33:15 | 000,854,988 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\080-081.png
[2010/07/16 11:33:15 | 000,851,889 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\086.png
[2010/07/16 11:33:15 | 000,794,127 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\096.png
[2010/07/16 11:33:15 | 000,789,751 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\089.jpg
[2010/07/16 11:33:15 | 000,744,312 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\091.jpg
[2010/07/16 11:33:15 | 000,690,328 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\088.jpg
[2010/07/16 11:33:15 | 000,677,721 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\100.png
[2010/07/16 11:33:15 | 000,672,828 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\090.jpg
[2010/07/16 11:33:15 | 000,647,238 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\111.png
[2010/07/16 11:33:15 | 000,631,397 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\085.jpg
[2010/07/16 11:33:15 | 000,611,079 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\083.png
[2010/07/16 11:33:15 | 000,609,984 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\101.png
[2010/07/16 11:33:15 | 000,556,558 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\112.png
[2010/07/16 11:33:15 | 000,553,968 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\099.png
[2010/07/16 11:33:15 | 000,470,497 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\115.png
[2010/07/16 11:33:15 | 000,468,753 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\093.png
[2010/07/16 11:33:15 | 000,439,965 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\097.png
[2010/07/16 11:33:15 | 000,434,344 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\105.png
[2010/07/16 11:33:15 | 000,430,764 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\116.png
[2010/07/16 11:33:15 | 000,411,595 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\106.png
[2010/07/16 11:33:15 | 000,404,655 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\113.png
[2010/07/16 11:33:15 | 000,400,174 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\104.png
[2010/07/16 11:33:15 | 000,377,022 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\098.png
[2010/07/16 11:33:15 | 000,355,124 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\094.png
[2010/07/16 11:33:15 | 000,351,534 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\114.png
[2010/07/16 11:33:15 | 000,351,426 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\103.png
[2010/07/16 11:33:15 | 000,350,589 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\082.png
[2010/07/16 11:33:15 | 000,343,006 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\102.png
[2010/07/16 11:33:15 | 000,338,182 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\092.png
[2010/07/16 11:33:15 | 000,333,788 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\095.png
[2010/07/16 11:33:15 | 000,327,473 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\108.png
[2010/07/16 11:33:15 | 000,320,494 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\110.png
[2010/07/16 11:33:15 | 000,308,087 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\109.png
[2010/07/16 11:33:15 | 000,307,737 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\107.png
[2010/07/16 11:33:14 | 000,596,373 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\077.png
[2010/07/16 11:33:14 | 000,444,127 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\078.png
[2010/07/16 11:33:14 | 000,379,070 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\079.png
[2010/07/16 11:33:14 | 000,307,788 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\076.png
[2010/07/16 11:33:13 | 000,883,141 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\063.png
[2010/07/16 11:33:13 | 000,754,137 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\051.png
[2010/07/16 11:33:13 | 000,579,063 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\054.png
[2010/07/16 11:33:13 | 000,475,288 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\066.png
[2010/07/16 11:33:13 | 000,473,420 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\071.png
[2010/07/16 11:33:13 | 000,467,338 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\065.png
[2010/07/16 11:33:13 | 000,448,021 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\064.png
[2010/07/16 11:33:13 | 000,443,844 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\068.png
[2010/07/16 11:33:13 | 000,442,668 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\073.png
[2010/07/16 11:33:13 | 000,434,358 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\050.png
[2010/07/16 11:33:13 | 000,431,422 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\070.png
[2010/07/16 11:33:13 | 000,429,083 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\072.png
[2010/07/16 11:33:13 | 000,418,356 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\067.png
[2010/07/16 11:33:13 | 000,409,581 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\057.png
[2010/07/16 11:33:13 | 000,405,489 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\069.png
[2010/07/16 11:33:13 | 000,401,424 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\055.png
[2010/07/16 11:33:13 | 000,386,355 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\046.png
[2010/07/16 11:33:13 | 000,381,052 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\062.png
[2010/07/16 11:33:13 | 000,363,519 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\052.png
[2010/07/16 11:33:13 | 000,358,111 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\058.png
[2010/07/16 11:33:13 | 000,357,878 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\056.png
[2010/07/16 11:33:13 | 000,352,962 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\075.png
[2010/07/16 11:33:13 | 000,345,905 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\044.png
[2010/07/16 11:33:13 | 000,344,357 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\045.png
[2010/07/16 11:33:13 | 000,335,542 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\059.png
[2010/07/16 11:33:13 | 000,309,254 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\061.png
[2010/07/16 11:33:13 | 000,305,038 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\060.png
[2010/07/16 11:33:13 | 000,288,438 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\053.png
[2010/07/16 11:33:13 | 000,283,600 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\047.png
[2010/07/16 11:33:13 | 000,239,860 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\074.png
[2010/07/16 11:33:13 | 000,118,277 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\048.png
[2010/07/16 11:33:13 | 000,117,464 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\049.png
[2010/07/16 11:33:12 | 001,576,233 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\028-029.png
[2010/07/16 11:33:12 | 001,188,697 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\026-027.png
[2010/07/16 11:33:12 | 000,794,815 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\037.png
[2010/07/16 11:33:12 | 000,707,011 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\043.png
[2010/07/16 11:33:12 | 000,675,483 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\030.jpg
[2010/07/16 11:33:12 | 000,641,592 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\022-023.png
[2010/07/16 11:33:12 | 000,615,689 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\035.png
[2010/07/16 11:33:12 | 000,606,236 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\033.png
[2010/07/16 11:33:12 | 000,572,400 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\034.png
[2010/07/16 11:33:12 | 000,494,134 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\021.png
[2010/07/16 11:33:12 | 000,485,020 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\031.png
[2010/07/16 11:33:12 | 000,465,484 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\015.png
[2010/07/16 11:33:12 | 000,465,288 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\042.png
[2010/07/16 11:33:12 | 000,457,934 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\032.png
[2010/07/16 11:33:12 | 000,443,906 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\025.png
[2010/07/16 11:33:12 | 000,438,598 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\038.png
[2010/07/16 11:33:12 | 000,391,042 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\017.png
[2010/07/16 11:33:12 | 000,361,861 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\024.png
[2010/07/16 11:33:12 | 000,351,704 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\019.png
[2010/07/16 11:33:12 | 000,346,443 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\014.png
[2010/07/16 11:33:12 | 000,345,154 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\020.png
[2010/07/16 11:33:12 | 000,344,842 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\040.png
[2010/07/16 11:33:12 | 000,338,524 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\041.png
[2010/07/16 11:33:12 | 000,327,514 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\039.png
[2010/07/16 11:33:12 | 000,318,591 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\018.png
[2010/07/16 11:33:12 | 000,310,830 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\013.png
[2010/07/16 11:33:12 | 000,296,935 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\016.png
[2010/07/16 11:33:12 | 000,285,240 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\011.png
[2010/07/16 11:33:12 | 000,274,979 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\012.png
[2010/07/16 11:33:12 | 000,267,573 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\036.png
[2010/07/16 11:33:12 | 000,250,352 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\010.png
[2010/07/16 11:33:12 | 000,249,757 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\008.png
[2010/07/16 11:33:12 | 000,229,751 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\004-005.png
[2010/07/16 11:33:12 | 000,226,174 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\009.png
[2010/07/16 11:33:12 | 000,212,241 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\006.png
[2010/07/16 11:33:12 | 000,211,352 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\007.png
[2010/07/16 11:33:11 | 000,800,200 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\000a-001.png
[2010/07/16 11:33:11 | 000,709,567 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\000.jpg
[2010/07/16 11:33:11 | 000,530,402 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\002-003.png
[2010/07/09 00:06:28 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys
[2010/05/19 14:26:31 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\bri5b913.dll
[2010/05/19 12:09:41 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\smqdzle.dll
[2010/05/19 01:23:43 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\q7032w.dll
[2010/05/19 00:34:44 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\rk67xrw.dll
[2010/05/18 22:14:14 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\ho4ndjbsu.dll
[2010/05/18 15:09:37 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\t6ymgwvuzk.dll
[2010/05/18 12:47:28 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\kwok5s.dll
[2010/05/18 06:09:53 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\y0azio.dll
[2010/05/18 03:49:10 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\rrh7v.dll
[2010/05/18 01:28:13 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\mcuuxpbs.dll
[2010/05/17 23:07:35 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\xlt89.dll
[2010/05/17 20:46:56 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\x8bwdetn3x.dll
[2010/05/17 18:26:26 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\va7jms3j75.dll
[2010/05/17 16:05:30 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\d5ytv35.dll
[2010/05/17 11:24:31 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\niqscu.dll
[2010/05/17 09:04:06 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\tc5d5.dll
[2010/05/17 06:44:25 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\asmcu4fbq.dll
[2010/04/03 06:20:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/03/20 22:41:57 | 000,001,156 | ---- | C] () -- C:\WINDOWS\SSPRO.INI
[2010/02/14 03:25:35 | 000,020,000 | ---- | C] () -- C:\WINDOWS\System32\qvedt7.dll
[2010/02/08 15:00:19 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/10/28 22:25:40 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AlphaPlayer.INI
[2009/03/22 11:48:15 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/03/07 01:33:17 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/06 17:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/06/11 01:07:20 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/03/15 02:41:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2007/09/28 20:44:01 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/09/24 22:34:02 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2007/07/25 14:24:30 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/03/16 01:19:36 | 000,000,216 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/12/29 21:11:51 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\0CE0BC7103.sys
[2006/12/19 20:13:00 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\0371BCE00C.sys
[2006/10/05 18:30:05 | 000,000,248 | ---- | C] () -- C:\WINDOWS\RomeTW.ini
[2006/10/01 14:44:07 | 000,006,580 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/30 15:50:04 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/09/30 15:50:03 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/09/29 19:42:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/27 14:43:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/27 14:36:37 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/27 14:31:21 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/09/27 14:09:34 | 000,000,477 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/02/26 15:08:28 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/18 14:00:00 | 000,032,256 | -H-- | C] () -- C:\WINDOWS\System32\msls51.dll
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:51:27 | 000,152,064 | ---- | C] () -- C:\WINDOWS\ajovupoqoxevuqa.dll
[2002/10/15 23:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/08/01 16:35:04 | 000,002,831 | ---- | C] () -- C:\WINDOWS\wavemix.ini
[1999/03/22 02:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/14 01:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAAA7DD7
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AD27A66
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57DC3B52
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E758E1CB
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F04040
< End of report >

Extras.txt

OTL Extras logfile created on: 07/08/2010 14:51:41 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = F:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 210.00 Mb Available Physical Memory | 21.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.57 Gb Total Space | 3.08 Gb Free Space | 2.84% Space Free | Partition Type: NTFS
Drive D: | 37.23 Gb Total Space | 37.16 Gb Free Space | 99.83% Space Free | Partition Type: NTFS
Drive E: | 581.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.86 Gb Total Space | 1.86 Gb Free Space | 99.96% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROBS_PC
Current User Name: Rob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam Client -- (Valve Corporation)
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client -- File not found
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Disabled:Home Networking Application -- (SingleClick Systems)
"C:\World of Warcraft\Repair.exe" = C:\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility -- File not found
"C:\Program Files\Steam\steamapps\rob399\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\rob399\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Wyzo\wyzo.exe" = C:\Program Files\Wyzo\wyzo.exe:*:Enabled:Wyzo -- File not found
"C:\Program Files\VentSrv\ventrilo_srv.exe" = C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv -- ()
"C:\Program Files\Tortun\gui.exe" = C:\Program Files\Tortun\gui.exe:*:Enabled:gui -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Rob\Local Settings\Application Data\Dyyno Receiver\DPPM.exe" = C:\Documents and Settings\Rob\Local Settings\Application Data\Dyyno Receiver\DPPM.exe:*:Enabled:Dyyno P2P Receiver -- ()
"C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe" = C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe:*:Enabled:artpschd -- File not found
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Steam\steamapps\common\peggle deluxe\Peggle.exe" = C:\Program Files\Steam\steamapps\common\peggle deluxe\Peggle.exe:*:Enabled:Peggle Deluxe Demo -- ()
"C:\Program Files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe" = C:\Program Files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:*:Enabled:Peggle Extreme -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Age Of Empires 2 & The Conquerors Expansion - Full Game\age2_x1.exe" = C:\Program Files\Age Of Empires 2 & The Conquerors Expansion - Full Game\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Documents and Settings\Rob\My Documents\utorrent.exe" = C:\Documents and Settings\Rob\My Documents\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{12760E10-1413-4B35-91F4-7F5EB692B6E9}" = Autograph 3.20 (30-day)
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 14
"{2CA41BA1-9842-4819-8ABB-76FDC14AB9EA}" = ATI Catalyst Control Center
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3846E811-639D-4DE1-844B-30491C0A6C0C}" = Dell Support 3.2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{582E9125-32B6-4CBA-AB48-3E33CE3DB389}" = NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{75AE638F-750A-11DF-96D5-005056806466}" = Google Earth Plug-in
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B7443F5-E141-42A0-AB61-ED2331AAD606}" = 4oD
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD37EE3-50A7-45DB-97B9-1C8B900E9E8B}" = Movavi Video Converter 7
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7AC5A96-C8BC-431C-B661-27A09781DFA8}" = Wanadoo Europe Installer
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E9E3EE81-6E7F-47A3-8D38-3470256704DB}_is1" = Tortun 0.76
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"{FC906D5C-91F9-4DA4-A765-6DCBB669F317}" = Sony Ericsson PC Suite
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"4oD" = 4oD
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Age Of Empires 2 & The Conquerors Expansion - Full Game" = Age Of Empires 2 & The Conquerors Expansion - Full Game
"America Online uk" = AOL UK (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Spyware Protection" = AOL Spyware Protection
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AOLCoach uk" = AOL Coach Version 1.0(Build:20040229.1 uk)
"ATI Display Driver" = ATI Display Driver
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Bejeweled 2" = Bejeweled 2
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"Comanche 4" = Comanche 4
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DyynoPlayer" = DyynoPlayer 0.8.6f
"Fences" = Fences
"HotspotShield" = Hotspot Shield 1.30
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00
"LimeWire" = LimeWire 5.1.2
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Uninstall Utility" = McAfee Uninstaller
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ObjectDock" = ObjectDock
"OpenMG HotFix4.4-05-12-06-01" = OpenMG Limited Patch 4.4-06-13-19-01
"Peggle" = Peggle (remove only)
"PopCap Browser Plugin" = PopCap Browser Plugin
"Rainlendar2" = Rainlendar2 (remove only)
"Rainmeter" = Rainmeter (remove only)
"RealPlayer 6.0" = RealPlayer Basic
"Recover My Files_is1" = Recover My Files
"SearchAssist" = SearchAssist
"SinkSub Pro" = SinkSub Pro
"Steam App 220" = Half-Life 2
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 3482" = Peggle Deluxe Demo
"Steam App 3483" = Peggle Extreme
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"ViewpointMediaPlayer" = Viewpoint Media Player
"VobSub" = VobSub v2.23 (Remove Only)
"Wanadoo" = Wanadoo UK
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/08/2010 09:35:58 | Computer Name = ROBS_PC | Source = Application Error | ID = 1004
Description = Faulting application winlogon.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00572571.

Error - 07/08/2010 09:37:05 | Computer Name = ROBS_PC | Source = Application Error | ID = 1000
Description = Faulting application stsystra.exe, version 1.0.5143.0, faulting module
unknown, version 0.0.0.0, fault address 0x71aa1958.

Error - 07/08/2010 09:38:16 | Computer Name = ROBS_PC | Source = Application Error | ID = 1004
Description = Faulting application winlogon.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00572571.

Error - 07/08/2010 09:39:46 | Computer Name = ROBS_PC | Source = Application Error | ID = 1004
Description = Faulting application winlogon.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00572571.

Error - 07/08/2010 09:39:52 | Computer Name = ROBS_PC | Source = Application Error | ID = 1004
Description = Faulting application winlogon.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00572571.

Error - 07/08/2010 09:40:04 | Computer Name = ROBS_PC | Source = Application Error | ID = 1000
Description = Faulting application epmworker.exe, version 1.2.0.1219, faulting module
epmworker.exe, version 1.2.0.1219, fault address 0x0000332a.

Error - 07/08/2010 09:40:32 | Computer Name = ROBS_PC | Source = Application Error | ID = 1004
Description = Faulting application winlogon.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00572571.

Error - 07/08/2010 09:40:35 | Computer Name = ROBS_PC | Source = Application Error | ID = 1004
Description = Faulting application winlogon.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00572571.

Error - 07/08/2010 09:40:37 | Computer Name = ROBS_PC | Source = Application Error | ID = 1004
Description = Faulting application winlogon.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00572571.

Error - 07/08/2010 09:40:39 | Computer Name = ROBS_PC | Source = Application Error | ID = 1004
Description = Faulting application winlogon.exe, version 0.0.0.0, faulting module
msgina.dll, version 5.1.2600.2180, fault address 0x00008e1b.

[ Application Events ]
Error - 07/08/2010 09:35:58 | Computer Name = ROBS_PC | Source = Application Error | ID = 1004
Description = Faulting application winlogon.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00572571.

Error - 07/08/2010 09:37:05 | Computer Name = ROBS_PC | Source = Application Error | ID = 1000
Description = Faulting application stsystra.exe, version 1.0.5143.0, faulting module
unknown, version 0.0.0.0, fault address 0x71aa1958.

Error - 07/08/2010 09:38:16 | Computer Name = ROBS_PC | Source = Application Error | ID = 1004
Description = Faulting application winlogon.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00572571.

Error - 07/08/2010 09:39:46 | Computer Name = ROBS_PC | Source = Application Error | ID = 1004
Description = Faulting application winlogon.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00572571.

Error - 07/08/2010 09:39:52 | Computer Name = ROBS_PC | Source = Application Error | ID = 1004
Description = Faulting application winlogon.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00572571.

Error - 07/08/2010 09:40:04 | Computer Name = ROBS_PC | Source = Application Error | ID = 1000
Description = Faulting application epmworker.exe, version 1.2.0.1219, faulting module
epmworker.exe, version 1.2.0.1219, fault address 0x0000332a.

Error - 07/08/2010 09:40:32 | Computer Name = ROBS_PC | Source = Application Error | ID = 1004
Description = Faulting application winlogon.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00572571.

Error - 07/08/2010 09:40:35 | Computer Name = ROBS_PC | Source = Application Error | ID = 1004
Description = Faulting application winlogon.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00572571.

Error - 07/08/2010 09:40:37 | Computer Name = ROBS_PC | Source = Application Error | ID = 1004
Description = Faulting application winlogon.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00572571.

Error - 07/08/2010 09:40:39 | Computer Name = ROBS_PC | Source = Application Error | ID = 1004
Description = Faulting application winlogon.exe, version 0.0.0.0, faulting module
msgina.dll, version 5.1.2600.2180, fault address 0x00008e1b.

[ System Events ]
Error - 07/08/2010 09:33:54 | Computer Name = ROBS_PC | Source = Service Control Manager | ID = 7034
Description = The Remote Procedure Call (HNM) service terminated unexpectedly.
It has done this 1 time(s).

Error - 07/08/2010 09:38:19 | Computer Name = ROBS_PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service MskService
with arguments "" in order to run the server: {5109B8D8-73AF-4C41-A70E-73707E1F908A}

Error - 07/08/2010 09:38:20 | Computer Name = ROBS_PC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee SpamKiller Server
service to connect.

Error - 07/08/2010 09:38:20 | Computer Name = ROBS_PC | Source = Service Control Manager | ID = 7000
Description = The McAfee SpamKiller Server service failed to start due to the following
error: %%1053

Error - 07/08/2010 09:38:35 | Computer Name = ROBS_PC | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 ffffffd4, parameter2 00000000, parameter3
a7bf3582, parameter4 00000000.

Error - 07/08/2010 09:39:49 | Computer Name = ROBS_PC | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 ffffffd4, parameter2 00000000, parameter3
a81ff582, parameter4 00000000.

Error - 07/08/2010 09:39:51 | Computer Name = ROBS_PC | Source = System Error | ID = 1003
Description = Error code 00000027, parameter1 baad00a3, parameter2 f7089acc, parameter3
f70897c8, parameter4 a8227582.

Error - 07/08/2010 09:40:20 | Computer Name = ROBS_PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service MskService
with arguments "" in order to run the server: {5109B8D8-73AF-4C41-A70E-73707E1F908A}

Error - 07/08/2010 09:40:20 | Computer Name = ROBS_PC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee SpamKiller Server
service to connect.

Error - 07/08/2010 09:40:20 | Computer Name = ROBS_PC | Source = Service Control Manager | ID = 7000
Description = The McAfee SpamKiller Server service failed to start due to the following
error: %%1053


< End of report >

Hello.
Nasty infection you got here.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Belahzur
I had to boot from the recovery disk again and the Windows XP recovery seems to work better this time, but some files missing. Anyway here is Combo-Fix log

ComboFix 10-08-07.02 - Rob 08/08/2010 16:54:00.2.1 - x86
Running from: c:\documents and settings\Rob\Desktop\Combo-Fix.exe
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2010-07-08 to 2010-08-08 )))))))))))))))))))))))))))))))
.

2010-08-08 14:12 . 2010-08-08 14:12 -------- d-----w- c:\windows\dell
2010-08-08 13:38 . 2004-08-04 10:00 70144 -c--a-w- c:\windows\system32\dllcache\pintlphr.exe
2010-08-08 13:37 . 2004-08-04 10:00 18944 -c--a-w- c:\windows\system32\dllcache\cprofile.exe
2010-08-08 13:34 . 2004-08-04 10:00 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2010-08-08 13:25 . 2004-08-04 10:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-08-08 13:25 . 2004-08-04 10:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-08-08 13:25 . 2004-08-04 10:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-08-08 13:25 . 2004-08-04 10:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-08-04 02:05 . 2010-08-04 02:05 -------- d-----w- c:\windows\system32\SeaPort
2010-08-03 23:50 . 2010-08-03 23:50 -------- d-----w- c:\windows\system32\InstallShield Installation Information
2010-08-02 04:38 . 2010-07-23 16:22 1496064 ----a-w- c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\xa62z737.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-08-02 04:38 . 2010-07-23 16:22 43008 ----a-w- c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\xa62z737.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-08-02 04:38 . 2010-07-23 16:22 338944 ----a-w- c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\xa62z737.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-08-02 04:38 . 2010-07-23 16:22 346112 ----a-w- c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\xa62z737.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-07-23 18:52 . 2010-08-01 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-23 18:52 . 2010-07-23 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-07-23 15:45 . 2010-07-23 15:45 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-23 15:45 . 2010-07-23 15:45 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-23 15:45 . 2010-07-23 15:45 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-07-23 15:44 . 2010-07-23 15:44 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-23 15:27 . 2010-07-23 15:28 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 15:51 . 2008-12-30 04:36 -------- d--h--w- c:\documents and settings\Rob\Application Data\DNA
2010-08-08 15:42 . 2007-09-06 20:32 -------- d-----w- c:\program files\Steam
2010-08-08 15:42 . 2007-02-13 10:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-08 15:41 . 2008-12-30 04:36 -------- d-----w- c:\program files\DNA
2010-08-08 14:58 . 2006-09-29 18:32 43576 ----a-w- c:\documents and settings\Rob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-03 19:02 . 2010-04-07 22:57 -------- d-----w- c:\documents and settings\Rob\Application Data\Xoik
2010-08-03 00:58 . 2010-02-12 18:14 0 ----a-w- c:\windows\Ahucihehafileyo.dat
2010-08-01 16:39 . 2006-09-27 13:30 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-23 18:52 . 2006-09-27 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-23 16:18 . 2010-06-24 11:02 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-23 16:18 . 2010-06-24 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-23 15:45 . 2007-05-10 15:41 -------- d-----w- c:\program files\DivX
2010-07-23 15:27 . 2010-06-24 02:24 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-23 15:27 . 2010-06-24 02:24 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-23 02:35 . 2008-05-29 01:52 -------- d-----w- c:\documents and settings\Rob\Application Data\uTorrent
2010-07-10 13:11 . 2010-02-12 18:14 0 ----a-w- c:\windows\Mjebupiyepete.bin
2010-07-08 23:06 . 2010-07-08 23:06 4096 ----a-w- c:\windows\system32\drivers\nocashio.sys
2010-07-04 20:08 . 2006-09-27 13:37 -------- d-----w- c:\program files\Google
2010-06-28 04:52 . 2010-06-28 04:52 -------- d-----w- c:\program files\directx
2010-06-26 18:00 . 2009-06-11 15:36 64 ----a-w- c:\windows\popcinfot.dat
2010-06-24 02:24 . 2010-06-24 02:24 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-24 02:24 . 2010-06-24 02:24 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-24 02:24 . 2007-11-10 20:51 -------- d--h--w- c:\documents and settings\Rob\Application Data\DivX
2010-06-24 02:23 . 2010-06-24 02:23 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-24 02:23 . 2010-06-24 02:23 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-24 02:23 . 2010-06-24 02:23 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-24 02:23 . 2010-06-24 02:23 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-24 02:23 . 2010-06-24 02:23 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-06-24 02:23 . 2010-06-24 02:23 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-24 02:23 . 2010-06-24 02:23 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-24 02:23 . 2010-06-24 02:23 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-24 02:23 . 2010-06-24 02:23 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-24 02:23 . 2010-06-24 02:23 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-24 02:22 . 2010-06-24 02:22 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-06-24 02:22 . 2010-06-24 02:22 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-24 02:22 . 2010-06-24 02:22 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-06-21 17:21 . 2010-03-20 21:41 -------- d-----w- c:\program files\SSPRO
2010-06-21 17:21 . 2002-08-01 15:35 35328 ----a-w- c:\windows\system32\wavmix32.dll
2007-01-01 14:25 . 2007-01-01 14:25 283960 -c--a-w- c:\program files\dxwebsetup.exe
2006-12-19 19:17 . 2006-12-19 19:17 0 ----a-w- c:\program files\pspbrwse.jbf
2009-04-18 21:22 . 2006-12-19 19:13 56 --sh--r- c:\windows\system32\0371BCE00C.sys
2009-03-04 13:10 . 2006-12-29 20:11 88 --sh--r- c:\windows\system32\0CE0BC7103.sys
2009-04-18 21:22 . 2006-10-01 13:44 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Steam"="c:\program files\steam\steam.exe" [2010-05-07 1238352]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-04-09 228808]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-11-09 497240]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-09-27 26112]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 53248]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 1121280]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 110592]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 1005096]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 28160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 53760]

c:\documents and settings\Rob\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-1-6 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-9-27 7168]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-12-29 528384]
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2007-4-12 884838]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2009-11-1 119296]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Steam\\steamapps\\rob399\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Tortun\\gui.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Rob\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle deluxe\\Peggle.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Age Of Empires 2 & The Conquerors Expansion - Full Game\\age2_x1.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Rob\\My Documents\\utorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-08 721904]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
R2 RPCER;Remote Procedure Call (HNM);c:\program files\NetMeeting\comp.exe [2007-03-28 12798152]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [2003-07-24 17149]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys [2005-09-26 362944]

.
Contents of the 'Scheduled Tasks' folder

2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 03:53]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 03:53]

2010-08-08 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (ROBS_PC-Rob).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2006-09-27 17:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: is10-soft-download.com
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
FF - ProfilePath - c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\xa62z737.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - component: c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\xa62z737.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {3D8B6F79-97D7-40A1-85BB-DD2902F64883} - c:\documents and settings\Administrator\Local Settings\Application Data\{3D8B6F79-97D7-40A1-85BB-DD2902F64883}\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-08 16:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-147038334-2158946348-2334436982-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-147038334-2158946348-2334436982-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5e,3c,da,7b,39,6f,7f,b3,a4,e5,e1,c0,14,5f,93,01,18,dc,11,1c,85,19,a3,
ce,b2,85,42,49,fe,49,98,de,dd,51,fd,4c,11,2d,71,a6,f4,5e,f2,bf,ee,dd,ae,67,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-147038334-2158946348-2334436982-1006\Software\SecuROM\License information*]
"datasecu"=hex:e1,4d,2d,b6,16,e7,39,57,ab,55,5e,d8,87,ef,02,3e,9d,af,39,29,ab,
0d,62,cf,b5,b7,e4,f8,ee,43,8b,62,17,d2,54,64,dc,72,22,1b,6f,cd,0d,a6,72,62,\
"rkeysecu"=hex:5b,b1,f1,96,e6,e7,05,7e,0c,23,86,99,20,fc,03,4c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(568)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\progra~1\McAfee\SPAMKI~1\mskoeplg.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\progra~1\mcafee.com\vso\McVSSkt.dll
c:\windows\system32\ieframe.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-08 17:01:32
ComboFix-quarantined-files.txt 2010-08-08 16:01
ComboFix2.txt 2010-08-08 15:47

Pre-Run: 5,819,150,336 bytes free
Post-Run: 5,804,244,992 bytes free

Current=3 Default=3 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 0638627259793FA7AF2B85EF2FAA47F7

Hello.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Ensure all Firefox windows are closed.
  
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  
• When prompted to run the scan, click Yes.
  
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
  

---

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   Code:

   
KILLALL::

File::
c:\windows\Ahucihehafileyo.dat
c:\windows\Mjebupiyepete.bin

DDS::
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:5643

Firefox::
FF - ProfilePath - c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\xa62z737.default\
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=


Domains::

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.
   

Belahzur

GooredFix by jpshortstuff (03.07.10.1)
Log created at 21:42 on 09/08/2010 (Rob)
Firefox version 3.6.8 (en-US)

========== Script ==========

Deleting "KILLALL::
" -> Failed [1026]
Deleting "
" -> Failed [1026]
Deleting "File::
" -> Failed [1026]
Deleting "c:\windows\Ahucihehafileyo.dat
" -> Failed [1026]
Deleting "c:\windows\Mjebupiyepete.bin
" -> Failed [1026]
Deleting "
" -> Failed [1026]
Deleting "DDS::
" -> Failed [1026]
Deleting "uInternet Settings,ProxyOverride =
" -> Failed [1026]
Deleting "uInternet Settings,ProxyServer = http=127.0.0.1:5643
" -> Failed [1026]
Deleting "
" -> Failed [1026]
Deleting "Firefox::
" -> Failed [1026]
Deleting "FF - ProfilePath - c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\xa62z737.default\
" -> Failed [1026]
Deleting "FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
" -> Failed [1026]
Deleting "
" -> Failed [1026]
Deleting "
" -> Failed [1026]
Deleting "Domains::
" -> Failed [1026]

========== GooredScan ==========



ComboFix log output

ComboFix 10-08-07.02 - Rob 09/08/2010 21:47:10.3.1 - x86
Running from: c:\documents and settings\Rob\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Rob\Desktop\CFScript.txt.txt
* Created a new restore point

FILE ::
"c:\windows\Ahucihehafileyo.dat"
"c:\windows\Mjebupiyepete.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Ahucihehafileyo.dat
c:\windows\Mjebupiyepete.bin

.
((((((((((((((((((((((((( Files Created from 2010-07-09 to 2010-08-09 )))))))))))))))))))))))))))))))
.

2010-08-08 15:52 . 2010-08-08 16:01 -------- d-----w- C:\Combo-Fix
2010-08-08 14:12 . 2010-08-08 14:12 -------- d-----w- c:\windows\dell
2010-08-08 13:38 . 2004-08-04 10:00 70144 -c--a-w- c:\windows\system32\dllcache\pintlphr.exe
2010-08-08 13:37 . 2004-08-04 10:00 18944 -c--a-w- c:\windows\system32\dllcache\cprofile.exe
2010-08-08 13:34 . 2004-08-04 10:00 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2010-08-08 13:25 . 2004-08-04 10:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-08-08 13:25 . 2004-08-04 10:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-08-08 13:25 . 2004-08-04 10:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-08-08 13:25 . 2004-08-04 10:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-08-04 02:05 . 2010-08-04 02:05 -------- d-----w- c:\windows\system32\SeaPort
2010-08-03 23:50 . 2010-08-03 23:50 -------- d-----w- c:\windows\system32\InstallShield Installation Information
2010-08-02 04:38 . 2010-07-23 16:22 1496064 ----a-w- c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\xa62z737.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-08-02 04:38 . 2010-07-23 16:22 43008 ----a-w- c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\xa62z737.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-08-02 04:38 . 2010-07-23 16:22 338944 ----a-w- c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\xa62z737.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-08-02 04:38 . 2010-07-23 16:22 346112 ----a-w- c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\xa62z737.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-07-23 18:52 . 2010-08-01 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-23 18:52 . 2010-07-23 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-07-23 15:45 . 2010-07-23 15:45 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-23 15:45 . 2010-07-23 15:45 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-23 15:45 . 2010-07-23 15:45 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-07-23 15:44 . 2010-07-23 15:44 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-23 15:27 . 2010-07-23 15:28 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-09 20:58 . 2007-09-06 20:32 -------- d-----w- c:\program files\Steam
2010-08-09 20:58 . 2007-02-13 10:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-09 20:57 . 2008-12-30 04:36 -------- d--h--w- c:\documents and settings\Rob\Application Data\DNA
2010-08-09 20:57 . 2008-12-30 04:36 -------- d-----w- c:\program files\DNA
2010-08-08 14:58 . 2006-09-29 18:32 43576 ----a-w- c:\documents and settings\Rob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-03 19:02 . 2010-04-07 22:57 -------- d-----w- c:\documents and settings\Rob\Application Data\Xoik
2010-08-01 16:39 . 2006-09-27 13:30 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-23 18:52 . 2006-09-27 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-23 16:18 . 2010-06-24 11:02 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-23 16:18 . 2010-06-24 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-23 15:45 . 2007-05-10 15:41 -------- d-----w- c:\program files\DivX
2010-07-23 15:27 . 2010-06-24 02:24 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-23 15:27 . 2010-06-24 02:24 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-23 02:35 . 2008-05-29 01:52 -------- d-----w- c:\documents and settings\Rob\Application Data\uTorrent
2010-07-08 23:06 . 2010-07-08 23:06 4096 ----a-w- c:\windows\system32\drivers\nocashio.sys
2010-07-04 20:08 . 2006-09-27 13:37 -------- d-----w- c:\program files\Google
2010-06-28 04:52 . 2010-06-28 04:52 -------- d-----w- c:\program files\directx
2010-06-26 18:00 . 2009-06-11 15:36 64 ----a-w- c:\windows\popcinfot.dat
2010-06-24 02:24 . 2010-06-24 02:24 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-24 02:24 . 2010-06-24 02:24 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-24 02:24 . 2007-11-10 20:51 -------- d--h--w- c:\documents and settings\Rob\Application Data\DivX
2010-06-24 02:23 . 2010-06-24 02:23 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-24 02:23 . 2010-06-24 02:23 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-24 02:23 . 2010-06-24 02:23 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-24 02:23 . 2010-06-24 02:23 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-24 02:23 . 2010-06-24 02:23 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-06-24 02:23 . 2010-06-24 02:23 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-24 02:23 . 2010-06-24 02:23 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-24 02:23 . 2010-06-24 02:23 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-24 02:23 . 2010-06-24 02:23 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-24 02:23 . 2010-06-24 02:23 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-24 02:22 . 2010-06-24 02:22 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-06-24 02:22 . 2010-06-24 02:22 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-24 02:22 . 2010-06-24 02:22 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-06-21 17:21 . 2010-03-20 21:41 -------- d-----w- c:\program files\SSPRO
2010-06-21 17:21 . 2002-08-01 15:35 35328 ----a-w- c:\windows\system32\wavmix32.dll
2007-01-01 14:25 . 2007-01-01 14:25 283960 -c--a-w- c:\program files\dxwebsetup.exe
2006-12-19 19:17 . 2006-12-19 19:17 0 ----a-w- c:\program files\pspbrwse.jbf
2009-04-18 21:22 . 2006-12-19 19:13 56 --sh--r- c:\windows\system32\0371BCE00C.sys
2009-03-04 13:10 . 2006-12-29 20:11 88 --sh--r- c:\windows\system32\0CE0BC7103.sys
2009-04-18 21:22 . 2006-10-01 13:44 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Steam"="c:\program files\steam\steam.exe" [2010-05-07 1238352]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-04-09 228808]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-11-09 497240]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-09-27 26112]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 53248]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 1121280]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 110592]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 1005096]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 28160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 53760]

c:\documents and settings\Rob\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-1-6 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-9-27 7168]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-12-29 528384]
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2007-4-12 884838]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2009-11-1 119296]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Steam\\steamapps\\rob399\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Tortun\\gui.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Rob\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle deluxe\\Peggle.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Age Of Empires 2 & The Conquerors Expansion - Full Game\\age2_x1.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Rob\\My Documents\\utorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-08 721904]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
R2 RPCER;Remote Procedure Call (HNM);c:\program files\NetMeeting\comp.exe [2007-03-28 12798152]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [2003-07-24 17149]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys [2005-09-26 362944]

.
Contents of the 'Scheduled Tasks' folder

2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 03:53]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 03:53]

2010-08-09 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (ROBS_PC-Rob).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2006-09-27 17:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\xa62z737.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - component: c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\xa62z737.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-09 21:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-147038334-2158946348-2334436982-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-147038334-2158946348-2334436982-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5e,3c,da,7b,39,6f,7f,b3,a4,e5,e1,c0,14,5f,93,01,18,dc,11,1c,85,19,a3,
ce,b2,85,42,49,fe,49,98,de,dd,51,fd,4c,11,2d,71,a6,f4,5e,f2,bf,ee,dd,ae,67,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-147038334-2158946348-2334436982-1006\Software\SecuROM\License information*]
"datasecu"=hex:e1,4d,2d,b6,16,e7,39,57,ab,55,5e,d8,87,ef,02,3e,9d,af,39,29,ab,
0d,62,cf,b5,b7,e4,f8,ee,43,8b,62,17,d2,54,64,dc,72,22,1b,6f,cd,0d,a6,72,62,\
"rkeysecu"=hex:5b,b1,f1,96,e6,e7,05,7e,0c,23,86,99,20,fc,03,4c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1560)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\progra~1\McAfee\SPAMKI~1\mskoeplg.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\progra~1\mcafee.com\vso\McVSSkt.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\progra~1\mcafee.com\vso\mcshield.exe
c:\progra~1\mcafee.com\agent\mctskshd.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\VentSrv\ventrilo_svc.exe
c:\program files\VentSrv\ventrilo_srv.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\windows\stsystra.exe
c:\program files\Dell Network Assistant\ezi_hnm2.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\program files\Messenger\msmsgs.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2010-08-09 22:02:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-09 21:02
ComboFix2.txt 2010-08-08 16:01
ComboFix3.txt 2010-08-08 15:47

Pre-Run: 5,810,876,416 bytes free
Post-Run: 5,799,833,600 bytes free

Current=3 Default=3 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - AD54F0FEF08414205785049980D2B222

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

Belahzur

Combofix / uninstall did a re-scan, see log below
When I tried to run eset online scan using IE I got the following message 'The requested lookup key was not found in any active activation context'. So I ran eset online scan on another PC and took the .exe to my PC. Then it ran OK, downloaded stuff etc. Log output below.

ComboFix 10-08-07.02 - Rob 13/08/2010 14:27:49.4.1 - x86
Running from: c:\documents and settings\Rob\Desktop\Combo-Fix.exe
Command switches used :: / uninstall
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2010-07-13 to 2010-08-13 )))))))))))))))))))))))))))))))
.

2010-08-08 15:52 . 2010-08-08 16:01 -------- d-----w- C:\Combo-Fix
2010-08-08 14:12 . 2010-08-08 14:12 -------- d-----w- c:\windows\dell
2010-08-08 13:38 . 2004-08-04 10:00 70144 -c--a-w- c:\windows\system32\dllcache\pintlphr.exe
2010-08-08 13:37 . 2004-08-04 10:00 18944 -c--a-w- c:\windows\system32\dllcache\cprofile.exe
2010-08-08 13:34 . 2004-08-04 10:00 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2010-08-08 13:25 . 2004-08-04 10:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-08-08 13:25 . 2004-08-04 10:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-08-08 13:25 . 2004-08-04 10:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-08-08 13:25 . 2004-08-04 10:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-08-04 02:05 . 2010-08-04 02:05 -------- d-----w- c:\windows\system32\SeaPort
2010-08-03 23:50 . 2010-08-03 23:50 -------- d-----w- c:\windows\system32\InstallShield Installation Information
2010-08-02 04:38 . 2010-07-23 16:22 1496064 ----a-w- c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\xa62z737.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-08-02 04:38 . 2010-07-23 16:22 43008 ----a-w- c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\xa62z737.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-08-02 04:38 . 2010-07-23 16:22 338944 ----a-w- c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\xa62z737.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-08-02 04:38 . 2010-07-23 16:22 346112 ----a-w- c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\xa62z737.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-07-23 18:52 . 2010-08-01 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-23 18:52 . 2010-07-23 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-07-23 15:45 . 2010-07-23 15:45 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-23 15:45 . 2010-07-23 15:45 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-23 15:45 . 2010-07-23 15:45 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-07-23 15:44 . 2010-07-23 15:44 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-23 15:27 . 2010-07-23 15:28 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-13 13:25 . 2007-09-06 20:32 -------- d-----w- c:\program files\Steam
2010-08-13 13:25 . 2007-02-13 10:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-13 13:24 . 2008-12-30 04:36 -------- d--h--w- c:\documents and settings\Rob\Application Data\DNA
2010-08-13 13:24 . 2008-12-30 04:36 -------- d-----w- c:\program files\DNA
2010-08-08 14:58 . 2006-09-29 18:32 43576 ----a-w- c:\documents and settings\Rob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-03 19:02 . 2010-04-07 22:57 -------- d-----w- c:\documents and settings\Rob\Application Data\Xoik
2010-08-01 16:39 . 2006-09-27 13:30 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-23 18:52 . 2006-09-27 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-23 16:18 . 2010-06-24 11:02 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-23 16:18 . 2010-06-24 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-23 15:45 . 2007-05-10 15:41 -------- d-----w- c:\program files\DivX
2010-07-23 15:27 . 2010-06-24 02:24 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-23 15:27 . 2010-06-24 02:24 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-23 02:35 . 2008-05-29 01:52 -------- d-----w- c:\documents and settings\Rob\Application Data\uTorrent
2010-07-08 23:06 . 2010-07-08 23:06 4096 ----a-w- c:\windows\system32\drivers\nocashio.sys
2010-07-04 20:08 . 2006-09-27 13:37 -------- d-----w- c:\program files\Google
2010-06-28 04:52 . 2010-06-28 04:52 -------- d-----w- c:\program files\directx
2010-06-26 18:00 . 2009-06-11 15:36 64 ----a-w- c:\windows\popcinfot.dat
2010-06-24 02:24 . 2010-06-24 02:24 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-24 02:24 . 2010-06-24 02:24 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-24 02:24 . 2007-11-10 20:51 -------- d--h--w- c:\documents and settings\Rob\Application Data\DivX
2010-06-24 02:23 . 2010-06-24 02:23 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-24 02:23 . 2010-06-24 02:23 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-24 02:23 . 2010-06-24 02:23 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-24 02:23 . 2010-06-24 02:23 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-24 02:23 . 2010-06-24 02:23 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-06-24 02:23 . 2010-06-24 02:23 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-24 02:23 . 2010-06-24 02:23 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-24 02:23 . 2010-06-24 02:23 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-24 02:23 . 2010-06-24 02:23 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-24 02:23 . 2010-06-24 02:23 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-24 02:22 . 2010-06-24 02:22 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-06-24 02:22 . 2010-06-24 02:22 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-24 02:22 . 2010-06-24 02:22 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-06-21 17:21 . 2010-03-20 21:41 -------- d-----w- c:\program files\SSPRO
2010-06-21 17:21 . 2002-08-01 15:35 35328 ----a-w- c:\windows\system32\wavmix32.dll
2007-01-01 14:25 . 2007-01-01 14:25 283960 -c--a-w- c:\program files\dxwebsetup.exe
2006-12-19 19:17 . 2006-12-19 19:17 0 ----a-w- c:\program files\pspbrwse.jbf
2009-04-18 21:22 . 2006-12-19 19:13 56 --sh--r- c:\windows\system32\0371BCE00C.sys
2009-03-04 13:10 . 2006-12-29 20:11 88 --sh--r- c:\windows\system32\0CE0BC7103.sys
2009-04-18 21:22 . 2006-10-01 13:44 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-08-08_15.59.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-13 13:22 . 2010-08-13 13:22 16384 c:\windows\temp\Perflib_Perfdata_780.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Steam"="c:\program files\steam\steam.exe" [2010-05-07 1238352]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-04-09 228808]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-11-09 497240]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-09-27 26112]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 53248]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 1121280]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 110592]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 1005096]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 28160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 53760]

c:\documents and settings\Rob\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-1-6 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-9-27 7168]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-12-29 528384]
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2007-4-12 884838]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2009-11-1 119296]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Steam\\steamapps\\rob399\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Tortun\\gui.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Rob\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle deluxe\\Peggle.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Age Of Empires 2 & The Conquerors Expansion - Full Game\\age2_x1.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Rob\\My Documents\\utorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-08 721904]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
R2 RPCER;Remote Procedure Call (HNM);c:\program files\NetMeeting\comp.exe [2007-03-28 12798152]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [2003-07-24 17149]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys [2005-09-26 362944]

.
Contents of the 'Scheduled Tasks' folder

2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]

2010-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 03:53]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 03:53]

2010-08-13 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (ROBS_PC-Rob).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2006-09-27 17:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\xa62z737.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - component: c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\xa62z737.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-13 14:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-147038334-2158946348-2334436982-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-147038334-2158946348-2334436982-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5e,3c,da,7b,39,6f,7f,b3,a4,e5,e1,c0,14,5f,93,01,18,dc,11,1c,85,19,a3,
ce,b2,85,42,49,fe,49,98,de,dd,51,fd,4c,11,2d,71,a6,f4,5e,f2,bf,ee,dd,ae,67,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-147038334-2158946348-2334436982-1006\Software\SecuROM\License information*]
"datasecu"=hex:e1,4d,2d,b6,16,e7,39,57,ab,55,5e,d8,87,ef,02,3e,9d,af,39,29,ab,
0d,62,cf,b5,b7,e4,f8,ee,43,8b,62,17,d2,54,64,dc,72,22,1b,6f,cd,0d,a6,72,62,\
"rkeysecu"=hex:5b,b1,f1,96,e6,e7,05,7e,0c,23,86,99,20,fc,03,4c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2212)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\progra~1\McAfee\SPAMKI~1\mskoeplg.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\progra~1\mcafee.com\vso\McVSSkt.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-13 14:36:19
ComboFix-quarantined-files.txt 2010-08-13 13:36
ComboFix2.txt 2010-08-09 21:02
ComboFix3.txt 2010-08-08 16:01
ComboFix4.txt 2010-08-08 15:47

Pre-Run: 5,807,132,672 bytes free
Post-Run: 5,792,796,672 bytes free

Current=3 Default=3 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 02FFBC80CEA5F7EE0B5DDC4DB5FBDF80


ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=eb5c47f58ec9364695d2e7e20eb00a6f
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-13 03:16:56
# local_time=2010-08-13 04:16:56 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=2057
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=crash
# scanned=93739
# found=40
# cleaned=40
# scan_time=4034
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Desktop.htt Win32/TrojanDownloader.FakeAlert.ATP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Administrator\Local Settings\Application Data\av.exe a variant of Win32/Kryptik.CJV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Rob\Desktop\GooredFix Backups\C\Documents and Settings\Administrator\Local Settings\Application Data\{3D8B6F79-97D7-40A1-85BB-DD2902F64883}\chrome\content\overlay.xul probably a variant of Win32/Agent.NVQFFQI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Rob\My Documents\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\NetMeeting\comp.exe probably a variant of Win32/Genetik trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\generals.exe probably unknown NewHeur_PE virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Rob\autorun.inf.vir INF/Autorun virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Rob\Application Data\Heriih\toup.exe.vir Win32/Spy.Zbot.YW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Rob\Local Settings\Application Data\MSASCui.exe.vir a variant of Win32/Kryptik.CSB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Rob\Local Settings\Application Data\jqyuwnusn\xexcfqitssd.exe.vir Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Rob\Local Settings\Application Data\{6502847E-AD16-4D91-867A-4009295CF7C6}\chrome\content\overlay.xul.vir probably a variant of Win32/Agent.NVQFFQI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\DOCUME~1\Rob\LOCALS~1\Temp\oggdw96sx.dll.vir probably a variant of Win32/TrojanDownloader.Agent.HYQTCNO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\ajovupoqoxevuqa.dll.vir a variant of Win32/Cimag.BQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\asmcu4fbq.dll.vir a variant of Win32/TrojanDownloader.Small.NFD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\bri5b913.dll.vir probably a variant of Win32/TrojanDownloader.Agent.HYQTCNO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\d5ytv35.dll.vir a variant of Win32/TrojanDownloader.Small.NFD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\ho4ndjbsu.dll.vir probably a variant of Win32/TrojanDownloader.Agent.HYQTCNO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\kwok5s.dll.vir probably a variant of Win32/TrojanDownloader.Agent.HYQTCNO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\lmvji.dll.vir probably a variant of Win32/TrojanDownloader.Agent.HYQTCNO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\mcuuxpbs.dll.vir probably a variant of Win32/TrojanDownloader.Agent.HYQTCNO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\msls51.dll.vir a variant of Win32/Kryptik.CMD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\niqscu.dll.vir a variant of Win32/TrojanDownloader.Small.NFD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\q7032w.dll.vir probably a variant of Win32/TrojanDownloader.Agent.HYQTCNO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\qvedt7.dll.vir probably a variant of Win32/Agent.BUEJTQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\rk67xrw.dll.vir probably a variant of Win32/TrojanDownloader.Agent.HYQTCNO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\rrh7v.dll.vir probably a variant of Win32/TrojanDownloader.Agent.HYQTCNO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\smqdzle.dll.vir probably a variant of Win32/TrojanDownloader.Agent.HYQTCNO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\t6ymgwvuzk.dll.vir probably a variant of Win32/TrojanDownloader.Agent.HYQTCNO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\tc5d5.dll.vir a variant of Win32/TrojanDownloader.Small.NFD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\va7jms3j75.dll.vir a variant of Win32/TrojanDownloader.Small.NFD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\warning.html.vir Win32/TrojanDownloader.FakeAlert.ATP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\x8bwdetn3x.dll.vir probably a variant of Win32/TrojanDownloader.Agent.HYQTCNO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\xlt89.dll.vir probably a variant of Win32/TrojanDownloader.Agent.HYQTCNO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\y0azio.dll.vir probably a variant of Win32/TrojanDownloader.Agent.HYQTCNO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000385.exe a variant of Win32/Kryptik.CJV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000388.exe a variant of Win32/HotSpotShield application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000389.exe probably a variant of Win32/Genetik trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000390.exe probably unknown NewHeur_PE virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\hlp.dat Win32/Bamital.DP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

How is the machine running now?