Please ignore previous post. Managed obtain both logs, as follows:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Gary at 22:16:53.96 on 27/04/2011
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1518 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Qcudoa.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Users\Gary\AppData\Local\temp\wrw94t6.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Users\Gary\AppData\Local\smo.exe
C:\Users\Gary\AppData\Local\temp\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Gary\AppData\Local\temp\ngnlaq7c.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Users\Gary\AppData\Local\temp\ngnlaq7c.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Users\Gary\AppData\Local\temp\mdm.exe
C:\Users\Gary\AppData\Local\temp\iexplarer.exe
C:\Users\Gary\AppData\Local\temp\wrw94t6.exe
C:\Users\Gary\AppData\Local\temp\system.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\attrib.exe
C:\Users\Gary\AppData\Local\temp\wrw94t6.exe
C:\Windows\login.exe
C:\Users\Gary\AppData\Local\temp\smss.exe
C:\Users\Gary\AppData\Local\temp\ngnlaq7c.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Users\Gary\AppData\Local\temp\ngnlaq7c.exe
C:\Users\Gary\AppData\Local\temp\wrw94t6.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Gary\AppData\Local\Temp\Qjw.exe
C:\Users\Gary\AppData\Local\Temp\Qju.exe
F:\dds.scr
F:\dds.scr
F:\dds.scr
F:\dds.scr
C:\Users\Gary\AppData\Local\temp\system.exe
C:\Users\Gary\AppData\Local\temp\system.exe
C:\Windows\system32\werfault.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\findstr.exe
C:\Windows\system32\findstr.exe
C:\Windows\system32\findstr.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page =
hxxp://news.bbc.co.uk/1/hi/business/default.stmmStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnbuInternet Settings,ProxyOverride = ;*.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\program files\acvtrwgg\iikgcwmw.exe
BHO: c:\windows\system32\h2y6sb2hgl.dll: {e1b220c3-a500-99bd-a121-04b53a2c8952} - c:\windows\system32\h2y6sb2hgl.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [Google Update] "c:\users\gary\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [D1T2EUR7FZ] c:\users\gary\appdata\local\temp\Qju.exe
uRun: [NtWqIVLZEWZU] c:\users\gary\appdata\local\temp\Qjw.exe
uRun: [dAmLSTWYyWMb] c:\programdata\dAmLSTWYyWMb.exe
uRun: [Oveyunazil] rundll32.exe "c:\users\gary\appdata\local\vcsret.dll",Startup
uRun: [LvdhiejlvFc] c:\users\gary\appdata\local\temp\wrw94t6.exe
uRun: [Mqsrc] c:\windows\login.exe
uRun: [Lvdhiejlrf] c:\users\gary\appdata\local\temp\smss.exe
uRun: [MqrMc] c:\windows\gdi32.exe
uRun: [LvdhiejlsPc] c:\users\gary\appdata\local\temp\nvsvc32.exe
uRun: [Mqva] c:\windows\win.exe
uRun: [Lvdhiejlqc] c:\users\gary\appdata\local\temp\win.exe
uRun: [Mqvpe] c:\windows\winamp.exe
uRun: [Lvdhiejlndb] c:\users\gary\appdata\local\temp\ngnlaq7c.exe
uRun: [LvdhiejlqZ] c:\users\gary\appdata\local\temp\msmgm.exe
uRun: [Mqvre] c:\windows\wininst.exe
uRun: [Lvdhiejlk+] c:\users\gary\appdata\local\temp\gdi32.exe
uRun: [Lvdhiejlotc] c:\users\gary\appdata\local\temp\hexdump.exe
uRun: [Lvdhiejlhb] c:\users\gary\appdata\local\temp\debug.exe
uRun: [Lvdhiejloc] c:\users\gary\appdata\local\temp\avp.exe
uRun: [Lvdhiejlna] c:\users\gary\appdata\local\temp\login.exe
uRun: [Lvdhiejlpsc] c:\users\gary\appdata\local\temp\taskmgr.exe
uRun: [Mqvsc] c:\windows\winlogon.exe
uRun: [Lvdhiejlqvc] c:\users\gary\appdata\local\temp\svchost.exe
uRun: [Lvdhiejlmc] c:\users\gary\appdata\local\temp\mdm.exe
uRun: [MqpSc] c:\windows\avp32.exe
uRun: [Lvdhiejlqe] c:\users\gary\appdata\local\temp\setup.exe
uRun: [MqqZ] c:\windows\cmd.exe
uRun: [MqsZ] c:\windows\mdm.exe
uRun: [Lvdhiejlrxc] c:\users\gary\appdata\local\temp\spoolsv.exe
uRun: [Lvdhiejlupc] c:\users\gary\appdata\local\temp\sysedit.exe
uRun: [Mqrta] c:\windows\install.exe
uRun: [LvdhiejlqW] c:\users\gary\appdata\local\temp\drweb.exe
uRun: [Lvdhiejlq+] c:\users\gary\appdata\local\temp\win32.exe
uRun: [Lvdhiejlqse] c:\users\gary\appdata\local\temp\winlogon.exe
uRun: [Lvdhiejlpe] c:\users\gary\appdata\local\temp\csrss.exe
uRun: [Lvdhiejlqb] c:\users\gary\appdata\local\temp\winamp.exe
uRun: [Mqqoc] c:\windows\debug.exe
uRun: [Mque] c:\windows\user.exe
uRun: [Lvdhiejlqf] c:\users\gary\appdata\local\temp\user.exe
uRun: [2EOETFM3W2] c:\windows\Qcudoa.exe
uRun: [Mqruqc] c:\windows\iexplarer.exe
uRun: [Lvdhiejlo+] c:\users\gary\appdata\local\temp\avp32.exe
uRun: [Lvdhiejlkc] c:\users\gary\appdata\local\temp\cmd.exe
uRun: [Mqrtc] c:\windows\hexdump.exe
uRun: [Lvdhiejlora] c:\users\gary\appdata\local\temp\iexplarer.exe
uRun: [Mqpe] c:\windows\avp.exe
uRun: [Lvdhiejtpe] c:\users\gary\appdata\local\temp\csrss.exe
uRun: [Lvdhiejthb] c:\users\gary\appdata\local\temp\debug.exe
uRun: [Lvdhiejtupc] c:\users\gary\appdata\local\temp\sysedit.exe
uRun: [Lvdhiejtqvc] c:\users\gary\appdata\local\temp\wininst.exe
uRun: [Lvdhiejto+] c:\users\gary\appdata\local\temp\avp32.exe
uRun: [LvdhiejtqW] c:\users\gary\appdata\local\temp\drweb.exe
uRun: [LvdhiejtsPc] c:\users\gary\appdata\local\temp\nvsvc32.exe
uRun: [Lvdhiejtpsc] c:\users\gary\appdata\local\temp\taskmgr.exe
uRun: [LvdhiejtqZ] c:\users\gary\appdata\local\temp\msmgm.exe
uRun: [Lvdhiejtna] c:\users\gary\appdata\local\temp\login.exe
uRun: [Lvdhiejtk+] c:\users\gary\appdata\local\temp\gdi32.exe
uRun: [Lvdhiejtndb] c:\users\gary\appdata\local\temp\ngnlaq7c.exe
uRun: [Lvdhiejtq+] c:\users\gary\appdata\local\temp\win32.exe
uRun: [Lvdhiejtqc] c:\users\gary\appdata\local\temp\win.exe
uRun: [Lvdhiejtrf] c:\users\gary\appdata\local\temp\smss.exe
uRun: [Lvdhiejtqf] c:\users\gary\appdata\local\temp\user.exe
uRun: [Lvdhiejtotc] c:\users\gary\appdata\local\temp\hexdump.exe
uRun: [Lvdhiejtkc] c:\users\gary\appdata\local\temp\cmd.exe
uRun: [Lvdhiejtrxc] c:\users\gary\appdata\local\temp\spoolsv.exe
uRun: [Lvdhiejtoc] c:\users\gary\appdata\local\temp\avp.exe
uRun: [Lvdhiejtqb] c:\users\gary\appdata\local\temp\winamp.exe
uRun: [Lvdhiejtqse] c:\users\gary\appdata\local\temp\winlogon.exe
uRun: [Lvdhiejtora] c:\users\gary\appdata\local\temp\iexplarer.exe
uRun: [Lvdhiejtmc] c:\users\gary\appdata\local\temp\mdm.exe
uRun: [LvdhiejtvFc] c:\users\gary\appdata\local\temp\wrw94t6.exe
uRun: [Lvdhiejtqe] c:\users\gary\appdata\local\temp\setup.exe
uRun: [MqvPc] c:\windows\win16.exe
uRun: [Lvdhiejlub] c:\users\gary\appdata\local\temp\sysmgm.exe
uRun: [Lvdhiejlne] c:\users\gary\appdata\local\temp\lsass.exe
uRun: [Lvdhiejtub] c:\users\gary\appdata\local\temp\sysmgm.exe
uRun: [Lvdhiejtne] c:\users\gary\appdata\local\temp\lsass.exe
uRun: [Lvdhiejlprc] c:\users\gary\appdata\local\temp\install.exe
uRun: [Lvdhiejlppf] c:\users\gary\appdata\local\temp\services.exe
uRun: [Mqqsc] c:\windows\drweb.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Lvdhiejlud] c:\users\gary\appdata\local\temp\system.exe
uRun: [Lvdhiejtppf] c:\users\gary\appdata\local\temp\services.exe
uRun: [Lvdhiejtud] c:\users\gary\appdata\local\temp\system.exe
uRun: [Lvdhiejtprc] c:\users\gary\appdata\local\temp\install.exe
uRun: [Mquvc] c:\windows\setup.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [TSMAgent] "c:\program files\hewlett-packard\touchsmart\media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\program files\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
mRun: [UCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" update "software\hewlett-packard\media\Webcam"
mRun: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [TVAgent] "c:\program files\hewlett-packard\media\tv\TVAgent.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [
]
mRun: [LvdhiejlvFc] c:\users\gary\appdata\local\temp\wrw94t6.exe
mRun: [Mqsrc] c:\windows\login.exe
mRun: [Lvdhiejlrf] c:\users\gary\appdata\local\temp\smss.exe
mRun: [MqrMc] c:\windows\gdi32.exe
mRun: [LvdhiejlsPc] c:\users\gary\appdata\local\temp\nvsvc32.exe
mRun: [Mqva] c:\windows\win.exe
mRun: [Lvdhiejlqc] c:\users\gary\appdata\local\temp\win.exe
mRun: [Mqvpe] c:\windows\winamp.exe
mRun: [Lvdhiejlndb] c:\users\gary\appdata\local\temp\ngnlaq7c.exe
mRun: [LvdhiejlqZ] c:\users\gary\appdata\local\temp\msmgm.exe
mRun: [Mqvre] c:\windows\wininst.exe
mRun: [Lvdhiejlk+] c:\users\gary\appdata\local\temp\gdi32.exe
mRun: [Lvdhiejlotc] c:\users\gary\appdata\local\temp\hexdump.exe
mRun: [Lvdhiejlhb] c:\users\gary\appdata\local\temp\debug.exe
mRun: [Lvdhiejloc] c:\users\gary\appdata\local\temp\avp.exe
mRun: [Lvdhiejlna] c:\users\gary\appdata\local\temp\login.exe
mRun: [Lvdhiejlpsc] c:\users\gary\appdata\local\temp\taskmgr.exe
mRun: [Mqvsc] c:\windows\winlogon.exe
mRun: [Lvdhiejlqvc] c:\users\gary\appdata\local\temp\svchost.exe
mRun: [Lvdhiejlmc] c:\users\gary\appdata\local\temp\mdm.exe
mRun: [MqpSc] c:\windows\avp32.exe
mRun: [Lvdhiejlqe] c:\users\gary\appdata\local\temp\setup.exe
mRun: [MqqZ] c:\windows\cmd.exe
mRun: [MqsZ] c:\windows\mdm.exe
mRun: [Lvdhiejlrxc] c:\users\gary\appdata\local\temp\spoolsv.exe
mRun: [Lvdhiejlupc] c:\users\gary\appdata\local\temp\sysedit.exe
mRun: [Mqrta] c:\windows\install.exe
mRun: [LvdhiejlqW] c:\users\gary\appdata\local\temp\drweb.exe
mRun: [Eyedejef] rundll32.exe "c:\users\gary\appdata\local\usucoxicak.dll",Startup
mRun: [Lvdhiejlq+] c:\users\gary\appdata\local\temp\win32.exe
mRun: [Lvdhiejlqse] c:\users\gary\appdata\local\temp\winlogon.exe
mRun: [Lvdhiejlpe] c:\users\gary\appdata\local\temp\csrss.exe
mRun: [Lvdhiejlqb] c:\users\gary\appdata\local\temp\winamp.exe
mRun: [Mqqoc] c:\windows\debug.exe
mRun: [Mque] c:\windows\user.exe
mRun: [Lvdhiejlqf] c:\users\gary\appdata\local\temp\user.exe
mRun: [Mqruqc] c:\windows\iexplarer.exe
mRun: [Lvdhiejlo+] c:\users\gary\appdata\local\temp\avp32.exe
mRun: [Lvdhiejlkc] c:\users\gary\appdata\local\temp\cmd.exe
mRun: [Mqrtc] c:\windows\hexdump.exe
mRun: [Lvdhiejlora] c:\users\gary\appdata\local\temp\iexplarer.exe
mRun: [Mqpe] c:\windows\avp.exe
mRun: [Lvdhiejtpe] c:\users\gary\appdata\local\temp\csrss.exe
mRun: [Lvdhiejthb] c:\users\gary\appdata\local\temp\debug.exe
mRun: [Lvdhiejtupc] c:\users\gary\appdata\local\temp\sysedit.exe
mRun: [Lvdhiejtqvc] c:\users\gary\appdata\local\temp\wininst.exe
mRun: [Lvdhiejto+] c:\users\gary\appdata\local\temp\avp32.exe
mRun: [LvdhiejtqW] c:\users\gary\appdata\local\temp\drweb.exe
mRun: [LvdhiejtsPc] c:\users\gary\appdata\local\temp\nvsvc32.exe
mRun: [Lvdhiejtpsc] c:\users\gary\appdata\local\temp\taskmgr.exe
mRun: [LvdhiejtqZ] c:\users\gary\appdata\local\temp\msmgm.exe
mRun: [Lvdhiejtna] c:\users\gary\appdata\local\temp\login.exe
mRun: [Lvdhiejtk+] c:\users\gary\appdata\local\temp\gdi32.exe
mRun: [Lvdhiejtndb] c:\users\gary\appdata\local\temp\ngnlaq7c.exe
mRun: [Lvdhiejtq+] c:\users\gary\appdata\local\temp\win32.exe
mRun: [Lvdhiejtqc] c:\users\gary\appdata\local\temp\win.exe
mRun: [Lvdhiejtrf] c:\users\gary\appdata\local\temp\smss.exe
mRun: [Lvdhiejtqf] c:\users\gary\appdata\local\temp\user.exe
mRun: [Lvdhiejtotc] c:\users\gary\appdata\local\temp\hexdump.exe
mRun: [Lvdhiejtkc] c:\users\gary\appdata\local\temp\cmd.exe
mRun: [Lvdhiejtrxc] c:\users\gary\appdata\local\temp\spoolsv.exe
mRun: [Lvdhiejtoc] c:\users\gary\appdata\local\temp\avp.exe
mRun: [Lvdhiejtqb] c:\users\gary\appdata\local\temp\winamp.exe
mRun: [Lvdhiejtqse] c:\users\gary\appdata\local\temp\winlogon.exe
mRun: [Lvdhiejtmc] c:\users\gary\appdata\local\temp\mdm.exe
mRun: [Lvdhiejtora] c:\users\gary\appdata\local\temp\iexplarer.exe
mRun: [LvdhiejtvFc] c:\users\gary\appdata\local\temp\wrw94t6.exe
mRun: [Lvdhiejtqe] c:\users\gary\appdata\local\temp\setup.exe
mRun: [MqvPc] c:\windows\win16.exe
mRun: [Lvdhiejlub] c:\users\gary\appdata\local\temp\sysmgm.exe
mRun: [Lvdhiejlne] c:\users\gary\appdata\local\temp\lsass.exe
mRun: [Lvdhiejtub] c:\users\gary\appdata\local\temp\sysmgm.exe
mRun: [Lvdhiejtne] c:\users\gary\appdata\local\temp\lsass.exe
mRun: [Lvdhiejlprc] c:\users\gary\appdata\local\temp\install.exe
mRun: [Lvdhiejlppf] c:\users\gary\appdata\local\temp\services.exe
mRun: [Mqqsc] c:\windows\drweb.exe
mRun: [Lvdhiejlud] c:\users\gary\appdata\local\temp\system.exe
mRun: [Lvdhiejtppf] c:\users\gary\appdata\local\temp\services.exe
mRun: [Lvdhiejtud] c:\users\gary\appdata\local\temp\system.exe
mRun: [Lvdhiejtprc] c:\users\gary\appdata\local\temp\install.exe
mRun: [Mquvc] c:\windows\setup.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-explorer: HideSCAHealth = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-gb\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxp://email.sjp.co.uk/exchweb/controls/DAX.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://neo3.sjp.co.uk/dana-cached/sc/JuniperSetupClient.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
STS: c:\windows\system32\h2y6sb2hgl.dll: {e1b220c3-a500-99bd-a121-04b53a2c8952} - c:\windows\system32\h2y6sb2hgl.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gary\appdata\roaming\mozilla\firefox\profiles\nwemyndf.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/1/hi/business/default.stm
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\gary\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {793F27D7-D86E-433A-8440-72EA535BA2C0} - c:\users\gary\appdata\local\{793F27D7-D86E-433A-8440-72EA535BA2C0}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R? AntiVirSchedulerService;Avira AntiVir Scheduler
R? AntiVirService;Avira AntiVir Guard
R? avgntflt;avgntflt
R? BBSvc;Bing Bar Update Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? ggflt;SEMC USB Flash Driver Filter
R? JMCR;JMCR
R? McComponentHostService;McAfee Security Scan Component Host Service
R? mferkdet;McAfee Inc. mferkdet
R? Micorsoft Windows Service;Micorsoft Windows Service
R? s0016bus;Sony Ericsson Device 0016 driver (WDM)
R? s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter
R? s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver
R? s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
R? s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
R? s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface
R? s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
R? wlcrasvc;Windows Live Mesh remote connections service
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/03/06 09:07:44]
S? AESTFilters;Andrea ST Filters Service
S? avgio;avgio
S? Com4QLBEx;Com4QLBEx
S? enecir;ENE CIR Receiver
S? FontCache;Windows Font Cache Service
S? hpsrv;HP Service
S? McAfeeEngineService;McAfee Engine Service
S? McAfeeFramework;McAfee Framework Service
S? McShield;McAfee McShield
S? McTaskManager;McAfee Task Manager
S? mfeavfk;McAfee Inc. mfeavfk
S? mfebopk;McAfee Inc. mfebopk
S? mfehidk;McAfee Inc. mfehidk
S? mfevtp;McAfee Validation Trust Protection Service
S? Net6IM;Net6
S? nsverctl;Citrix Secure Access Client Service
S? OMSI download service;Sony Ericsson OMSI download service
S? RapportBuka;RapportBuka
S? RapportCerberus_25973;RapportCerberus_25973
S? RapportKELL;RapportKELL
S? RapportPG;RapportPG
S? Recovery Service for Windows;Recovery Service for Windows
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? seehcri;Sony Ericsson seehcri Device Driver
S? TVCapSvc;TV Background Capture Service (TVBCS)
S? TVSched;TV Task Scheduler (TVTS)
S? usbfilter;AMD USB Filter Driver
.
=============== Created Last 30 ================
.
2011-04-23 10:54:06 15968 ---h--w- c:\windows\setup.exe
2011-04-23 08:51:19 192512 --sha-w- c:\windows\system32\o4g8s.dll
2011-04-23 08:51:17 516096 --sha-w- c:\users\gary\appdata\local\smo.exe
2011-04-23 08:36:31 16188 ---h--w- c:\windows\drweb.exe
2011-04-23 01:13:34 16188 ---h--w- c:\windows\win16.exe
2011-04-23 01:12:58 730454 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-04-23 01:06:39 487424 ---ha-w- c:\progra~2\44031752.exe
2011-04-22 23:59:11 15936 ---h--w- c:\windows\hexdump.exe
2011-04-22 23:59:10 15936 ---h--w- c:\windows\avp.exe
2011-04-22 23:59:02 16188 ---h--w- c:\windows\iexplarer.exe
2011-04-22 23:58:25 -------- d--h--w- c:\program files\acvtrwgg
2011-04-22 23:46:08 0 ---ha-w- c:\users\gary\appdata\local\Pzujexamecus.bin
2011-04-22 23:45:59 -------- d--h--w- c:\users\gary\appdata\local\{793F27D7-D86E-433A-8440-72EA535BA2C0}
2011-04-22 23:43:07 15936 ---h--w- c:\windows\user.exe
2011-04-22 23:43:06 16188 ---h--w- c:\windows\debug.exe
2011-04-22 23:37:37 16188 ---h--w- c:\windows\winlogon.exe
2011-04-22 23:37:35 15936 ---h--w- c:\windows\cmd.exe
2011-04-22 23:37:25 15936 ---h--w- c:\windows\install.exe
2011-04-22 23:37:23 15936 ---h--w- c:\windows\avp32.exe
2011-04-22 23:37:22 16188 ---h--w- c:\windows\mdm.exe
2011-04-22 23:37:14 16188 ---h--w- c:\windows\win.exe
2011-04-22 23:37:10 16188 ---h--w- c:\windows\wininst.exe
2011-04-22 23:37:06 15936 ---h--w- c:\windows\gdi32.exe
2011-04-22 23:37:04 16188 ---h--w- c:\windows\winamp.exe
2011-04-22 23:37:03 15968 ---h--w- c:\windows\login.exe
2011-04-22 23:36:43 50000 ---ha-w- c:\windows\system32\h2y6sb2hgl.dll
2011-04-22 23:36:34 -------- d--h--w- c:\users\gary\appdata\roaming\Ufisva
2011-04-22 23:36:34 -------- d--h--w- c:\users\gary\appdata\roaming\Mola
2011-04-22 23:36:23 569344 ---ha-w- c:\progra~2\dAmLSTWYyWMb.exe
2011-04-22 23:36:21 116224 ---ha-w- c:\windows\Qcudoa.exe
2011-04-22 23:36:19 -------- d--h--w- c:\users\gary\appdata\roaming\Voroy
2011-04-22 23:36:19 -------- d--h--w- c:\users\gary\appdata\roaming\Osysu
2011-04-22 23:36:17 -------- d--h--w- c:\users\gary\appdata\roaming\Yhxumo
2011-04-22 23:36:17 -------- d--h--w- c:\users\gary\appdata\roaming\Foux
2011-04-22 23:36:16 50000 ---ha-w- c:\windows\system32\tnp93gtmzj.dll
2011-04-22 23:35:48 106496 --sha-r- c:\windows\system32\hpf3l082R.dll
2011-04-22 23:13:34 -------- d--h--w- c:\users\gary\appdata\local\{7758A47C-C86B-4E2C-83E6-79E58AAEBF9A}
2011-04-22 12:56:36 7071056 ---ha-w- c:\progra~2\microsoft\windows defender\definition updates\{994595f2-d7f2-4230-935a-f2afa5bc8dc8}\mpengine.dll
2011-04-21 06:33:31 -------- d--h--w- c:\users\gary\appdata\local\{3EC1E9C4-A524-42BD-938B-3171D89737EF}
2011-04-16 10:35:25 -------- d--h--w- c:\users\gary\appdata\roaming\eBookPro6
2011-04-15 06:35:46 -------- d--h--w- c:\users\gary\appdata\local\Trusteer
2011-04-14 19:41:50 -------- d--h--w- c:\users\gary\appdata\local\{9FAB8413-801F-4239-896A-4421DA68A31D}
2011-04-14 07:00:34 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-04-14 07:00:33 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-14 07:00:10 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-14 07:00:10 638232 ----a-w- c:\program files\internet explorer\iexplore.exe
2011-04-14 07:00:09 247808 ----a-w- c:\program files\internet explorer\ieproxy.dll
2011-04-14 07:00:09 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-14 07:00:08 743424 ----a-w- c:\program files\internet explorer\iedvtool.dll
2011-04-14 07:00:08 385024 ----a-w- c:\windows\system32\html.iec
2011-04-14 07:00:07 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-14 07:00:07 129536 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-04-14 07:00:06 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-04-14 07:00:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-14 07:00:06 197632 ----a-w- c:\program files\internet explorer\IEShims.dll
2011-04-14 07:00:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-14 07:00:05 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-14 07:00:00 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 06:59:59 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 06:59:59 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-14 06:59:59 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-14 06:58:58 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-14 06:58:57 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-04-14 06:58:26 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-14 06:58:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-14 06:58:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-14 06:57:54 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-14 06:57:53 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-14 06:57:22 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 06:56:49 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-14 06:56:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-14 06:56:13 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-04-13 06:36:49 -------- d--h--w- c:\users\gary\appdata\local\{3D0D1CA9-EC5C-4FC5-BF88-8941531D629A}
2011-04-12 06:42:04 -------- d--h--w- c:\users\gary\appdata\local\{401CFF5A-57AB-489C-9687-79DF50A3CE5F}
2011-04-11 16:53:57 -------- d--h--w- c:\users\gary\appdata\local\{2046F1F7-BF64-4BAF-B369-6BB40CC5088C}
2011-04-11 16:53:05 -------- d--h--w- c:\program files\Avanquest update
2011-04-11 16:53:04 -------- d--h--w- c:\progra~2\Avanquest
2011-04-09 07:40:20 -------- d--h--w- c:\users\gary\appdata\local\{31CF7293-F09D-4F7A-AC8A-00AD9AEDA83D}
2011-04-05 07:21:58 -------- d--h--w- c:\users\gary\appdata\local\{BD4D0FD9-1A21-4B76-A336-2198CC08ACBB}
2011-04-04 06:21:49 -------- d--h--w- c:\users\gary\appdata\local\{6FF39C19-0B69-4053-8035-77C0BDE8BB2A}
2011-04-03 09:08:31 -------- d--h--w- c:\windows\Hewlett-Packard
2011-04-03 08:58:11 -------- d--h--w- c:\users\gary\appdata\local\{AF919ACD-E643-46DD-BD62-B841B8BF3439}
2011-04-02 07:47:45 -------- d--h--w- c:\users\gary\appdata\local\{0299F461-CBAB-48BA-B34B-76DA633D2DFF}
2011-04-01 17:30:59 -------- d--h--w- c:\users\gary\appdata\roaming\HpUpdate
2011-03-30 09:08:23 -------- d--h--w- c:\users\gary\appdata\local\{376AA7A2-EF79-4739-A3F3-CAF7B0C18E79}
.
==================== Find3M ====================
.
2011-04-11 17:03:25 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-02 17:11:20 222080 ---h--w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 22:26:26.49 ===============