Help - Search - Members
Full Version: Search Engines not working correctly
Piriform Community Forums > Computer Help and Discussion > Spyware Hell
Keithuk
Aug 26 2009, 02:55 PM
Hi guys/gals.

I made a post in The Lounge yesterday about this subject and Hazel suggested I read and follow each instruction in then Before You Post ! topic. I've read and followed all instructions in the text. Note: The download Malwarebytes' Anti-Malware link doesn't work or a http://www.malwarebytes.org/ direct link doesn't work.

I've had this problem for the past week. The search engines haven't been working, as they should do. I use Google as my home page and what normally happens is you enter some words to search for and you get the results listed below. If you click on one of the links the same tab opens that site up and you click the back button and you go back to the original list. What has been happening recently is you click on a link and a new window opens and you get some obscure search engine up or you get porn. I don't mind the porn only when I'm searching for it. biggrin.gif

These are mainly forums that I visit and sometimes I get a warning come up (picture attached). I didn't know I had any Microsoft Internet Security installed or is this just a scam? If I ok the site it wants to download a setup.exe which I did once then scanned it but I haven't bothered to install it until I know what is happening. You know on a normal search engine as you type away you get a list of words associated with to help the search I don't see that anymore.

I use the Yahoo toolbar so I installed the Anti-Spyware program and did a full scan but nothing showed up. I've done a couple of full scans with Avast and nothing shows there either.

Anyway I've run The_Comedian.exe, funny. I've run TFC.exe, Rooter.exe, OTL.exe and RootRepeal.exe and here are their reports.

Rooter_1.txt
QUOTE
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 16 Model 4 Stepping 2, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 7.0.5730.13
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:465 Go - Free:298 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
.
Scan : 14:53.57
Path : C:\CD\Malware\Rooter.exe
User : Keith ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (728)
______ \??\C:\WINDOWS\system32\csrss.exe (780)
______ \??\C:\WINDOWS\system32\winlogon.exe (816)
______ C:\WINDOWS\system32\services.exe (860)
______ C:\WINDOWS\system32\lsass.exe (872)
______ C:\WINDOWS\system32\Ati2evxx.exe (1048)
______ C:\WINDOWS\system32\svchost.exe (1064)
______ C:\WINDOWS\system32\svchost.exe (1136)
______ C:\WINDOWS\System32\svchost.exe (1244)
______ C:\WINDOWS\system32\svchost.exe (1364)
______ C:\WINDOWS\system32\svchost.exe (1440)
______ C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (1484)
______ C:\Program Files\Alwil Software\Avast4\ashServ.exe (1532)
______ C:\WINDOWS\system32\Ati2evxx.exe (1600)
______ C:\WINDOWS\Explorer.EXE (1856)
______ C:\WINDOWS\RTHDCPL.EXE (244)
______ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (568)
______ C:\WINDOWS\system32\spoolsv.exe (576)
______ C:\WINDOWS\system32\ctfmon.exe (620)
______ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (688)
______ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe (1088)
______ C:\WINDOWS\system32\svchost.exe (1920)
______ C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe (1372)
______ C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (1716)
______ C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE (1796)
______ C:\Program Files\Common Files\Motive\McciCMService.exe (1892)
______ c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (2152)
______ c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (2352)
______ C:\WINDOWS\system32\wdfmgr.exe (2408)
______ \\?\globalroot\systemroot\system32\msihost.exe (2496)
______ C:\WINDOWS\system32\NOTEPAD.EXE (3048)
______ C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (3124)
______ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (3224)
______ C:\WINDOWS\system32\wscntfy.exe (3340)
______ C:\WINDOWS\System32\alg.exe (3868)
______ C:\PROGRA~1\Yahoo!\browser\ycommon.exe (2576)
______ C:\CD\Malware\Rooter.exe (3464)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:500096991744)
\Device\Harddisk0\Partition2 (Start_Offset:500097024000 | Length:8225280)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\DOCUME~1\Keith\Favorites\Misc\Administrator password crack.url
==> Cracks & Keygens <==
.
----------------------\\ Scan completed at 14:53.59
.
C:\Rooter$\Rooter_1.txt - (26/08/2009 | 14:53.59).c


OTL.Txt
QUOTE
OTL logfile created on: 26/08/2009 14:59:27 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\CD\Malware
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 298.39 Gb Free Space | 64.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ULTIMA-WARLORD
Current User Name: Keith
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/07/02 18:04:08 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2009/08/17 16:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/17 17:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/07/02 18:04:08 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/01/13 07:37:06 | 18,084,864 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2009/08/17 17:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/04/22 17:38:50 | 00,065,536 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2009/04/22 17:37:16 | 00,065,536 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
PRC - [2002/01/29 13:33:14 | 00,077,824 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
PRC - [2002/07/17 02:03:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2009/02/05 13:43:26 | 00,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
PRC - [2008/12/18 17:23:46 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2007/02/10 14:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2007/02/10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - File not found --
PRC - [2009/08/17 17:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/08/17 17:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/04/14 05:42:42 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2009/02/06 11:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/08/26 12:14:44 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\CD\Malware\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/17 16:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/07/02 18:04:08 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/07/02 12:12:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2009/08/17 17:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/08/17 17:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/08/17 17:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2002/01/29 13:33:14 | 00,077,824 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService [Auto | Running])
SRV - [2002/07/17 02:03:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2 [Auto | Running])
SRV - [2009/02/05 13:43:26 | 00,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/14 05:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/12/18 17:23:46 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService [Auto | Running])
SRV - [2007/02/10 14:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [Auto | Running])
SRV - [2005/10/14 11:50:19 | 00,045,272 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2007/01/15 17:14:38 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [Disabled | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/01/15 16:01:56 | 00,266,240 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [Disabled | Stopped])
SRV - [2007/05/18 20:53:29 | 00,407,152 | ---- | M] (CODEMASTERS) -- C:\WINDOWS\System32\pr2ah4nc.exe -- (pr2ah4nc [Auto | Stopped])
SRV - [2007/02/10 14:29:47 | 00,242,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Disabled | Stopped])
SRV - [2007/02/10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
SRV - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - File not found -- -- (Windows MSI [Auto | Start_Pending])
SRV - [2003/05/19 16:07:38 | 00,086,016 | ---- | M] (Yahoo! Inc.) -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/08/17 17:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2007/04/16 16:46:34 | 00,033,792 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdPPM.sys -- (AmdPPM [System | Running])
DRV - [2009/08/17 17:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/08/17 17:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/08/17 17:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/08/17 17:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/08/17 17:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2009/07/02 18:49:32 | 04,125,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2009/08/26 14:49:56 | 00,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Running])
DRV - [2008/04/13 22:06:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/08/15 11:08:26 | 00,005,888 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv [Boot | Running])
DRV - [2005/08/15 11:08:26 | 00,127,488 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv [Boot | Running])
DRV - [2009/01/20 11:53:06 | 05,027,840 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [1998/07/01 14:28:20 | 00,005,088 | ---- | M] (TTR Technologies Ltd.) -- C:\WINDOWS\System32\drivers\IosLink.sys -- (IOSLINK [Auto | Running])
DRV - [2008/11/04 03:21:04 | 00,083,296 | R--- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID [Boot | Running])
DRV - [2004/01/06 16:57:24 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2009/03/25 11:50:02 | 00,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50 [On_Demand | Stopped])
DRV - [2009/03/25 11:49:57 | 00,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50 [On_Demand | Stopped])
DRV - [2009/08/09 00:49:43 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
DRV - [2007/05/18 20:53:01 | 00,064,880 | ---- | M] (CODEMASTERS) -- C:\WINDOWS\system32\drivers\pe3ah4nc.sys -- (pe3ah4nc [Boot | Running])
DRV - [2004/08/09 12:29:28 | 00,053,920 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06 [System | Running])
DRV - [2004/08/09 12:33:26 | 00,114,016 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02 [Boot | Running])
DRV - [2004/07/19 15:49:54 | 00,007,040 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1 [Boot | Running])
DRV - [2007/05/18 20:52:38 | 00,055,160 | ---- | M] (CODEMASTERS) -- C:\WINDOWS\system32\drivers\ps6ah4nc.sys -- (ps6ah4nc [Boot | Running])
DRV - [2004/08/04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/12/25 10:32:32 | 03,721,664 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService [On_Demand | Running])
DRV - [2008/10/30 14:14:20 | 00,117,888 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])
DRV - [2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2003/12/01 16:20:52 | 00,004,832 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01 [Boot | Running])
DRV - [2004/01/06 16:57:24 | 00,887,431 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\winachcf.sys -- (Winachcf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?p=us
IE - URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\System32\dvmurl.dll (DeviceVM Inc.)
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/06 09:28:53 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (2nd &Speech Center) - {CFE40ED8-564E-4693-A9D9-80DB70C8E460} - C:\Program Files\2nd Speech Center\tts4ie.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Digital Video Driver] File not found
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunServices: [Digital Video Driver] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Explorer.lnk = C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Keith\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab (Installation Support)
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} http://esupport.epson-europe.com/selftest/...rg/ESTPTest.cab (EPSON Web Printer-SelfTest Control Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll (YahooYMailTo Class)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/installs/yab_af.cab (YAddBook Class)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (Reg Error: Key error.)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} https://register.btinternet.com/templates/b...bcontrol028.cab (webhelper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.85,85.255.112.180
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/25 11:11:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e3207750-9026-11de-a2c2-00241d74369b}\Shell - "" = AutoRun
O33 - MountPoints2\{e3207750-9026-11de-a2c2-00241d74369b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e3207750-9026-11de-a2c2-00241d74369b}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: wuauserv - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/08/26 14:53:58 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/08/26 14:44:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/26 14:44:06 | 00,000,777 | ---- | C] () -- C:\Documents and Settings\Keith\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/26 14:43:57 | 00,000,621 | ---- | C] () -- C:\Documents and Settings\Keith\Desktop\NTREGOPT.lnk
[2009/08/26 14:43:57 | 00,000,602 | ---- | C] () -- C:\Documents and Settings\Keith\Desktop\ERUNT.lnk
[2009/08/26 14:43:56 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/25 17:58:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CA
[2009/08/25 17:50:58 | 00,000,000 | ---D | C] -- C:\Program Files\CA Yahoo! Anti-Spy
[2009/08/25 17:46:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2009/08/24 20:13:58 | 00,000,000 | ---D | C] -- C:\My Documents
[2009/08/24 14:49:24 | 00,000,000 | ---D | C] -- C:\Program Files\Hasbro
[2009/08/24 09:46:56 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Keith\Application Data\SecuROM
[2009/08/24 09:46:55 | 00,108,144 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2009/08/24 09:45:55 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tomb Raider - Anniversary.lnk
[2009/08/24 09:42:28 | 00,000,000 | ---D | C] -- C:\Program Files\Tomb Raider - Anniversary
[2009/08/24 08:34:33 | 00,143,360 | ---- | C] (Nero AG) -- C:\WINDOWS\System32\ImageDrive.cpl
[2009/08/23 13:09:22 | 00,001,697 | ---- | C] () -- C:\Documents and Settings\Keith\Desktop\Colin McRae Rally 4.lnk
[2009/08/23 13:05:54 | 00,000,000 | ---D | C] -- C:\Program Files\Colin McRae Rally 4
[2009/08/23 12:22:54 | 00,000,000 | ---D | C] -- C:\VB.Net
[2009/08/23 12:08:56 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/08/23 12:06:51 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2009/08/23 12:06:01 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2009/08/23 12:03:31 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2009/08/23 12:03:31 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/08/23 12:02:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Local Settings\Application Data\Microsoft Help
[2009/08/23 12:01:34 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/08/23 12:01:34 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009/08/23 12:01:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/08/23 12:01:15 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2009/08/21 07:54:46 | 00,206,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WinFXDocObj.exe
[2009/08/21 07:54:46 | 00,001,988 | ---- | C] () -- C:\WINDOWS\System32\ticrf.rat
[2009/08/21 07:54:45 | 00,458,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2009/08/21 07:54:45 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2009/08/21 07:54:45 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe
[2009/08/21 07:54:44 | 00,266,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iertutil.dll
[2009/08/21 07:54:44 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieui.dll
[2009/08/21 07:54:41 | 06,049,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/08/21 07:54:41 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2009/08/21 07:54:41 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icardie.dll
[2009/08/21 07:54:39 | 00,765,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\VGX.dll
[2009/08/21 07:54:39 | 00,231,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2009/08/21 07:54:38 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2009/08/21 07:54:38 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdc.ocx
[2009/08/21 07:54:37 | 00,670,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2009/08/21 07:54:37 | 00,475,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2009/08/21 07:54:37 | 00,474,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2009/08/21 07:54:37 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2009/08/21 07:54:37 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2009/08/21 07:54:37 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmler.dll
[2009/08/21 07:54:37 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2009/08/21 07:54:36 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.tlb
[2009/08/21 07:54:32 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshta.exe
[2009/08/21 07:54:32 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2009/08/21 07:54:32 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2009/08/21 07:54:31 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inseng.dll
[2009/08/21 07:54:28 | 01,817,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2009/08/21 07:54:28 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imgutil.dll
[2009/08/21 07:54:27 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2009/08/21 07:54:27 | 00,191,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2009/08/21 07:54:27 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iesetup.dll
[2009/08/21 07:54:27 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2009/08/21 07:54:26 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe
[2009/08/21 07:54:25 | 00,382,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2009/08/21 07:54:25 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2009/08/21 07:54:24 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2009/08/21 07:54:24 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2009/08/21 07:54:24 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2009/08/21 07:54:24 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2009/08/21 07:54:24 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2009/08/21 07:54:23 | 00,346,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2009/08/21 07:54:23 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2009/08/21 07:54:21 | 01,022,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2009/08/21 07:54:21 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2009/08/21 07:54:20 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admparse.dll
[2009/08/21 07:38:27 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/21 07:38:27 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/21 07:38:27 | 00,001,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/08/21 07:38:26 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/21 07:38:22 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/21 07:38:22 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/08/21 07:38:22 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/21 07:38:21 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/21 07:38:21 | 00,093,392 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/21 07:38:09 | 01,279,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/21 07:38:09 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/08/21 07:28:03 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Messenger
[2009/08/20 22:48:57 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2009/08/20 15:00:06 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/08/20 15:00:06 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/08/20 14:56:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/08/20 13:18:35 | 00,084,992 | ---- | C] () -- C:\WINDOWS\System32\msihost.exe
[2009/08/20 02:10:37 | 00,000,857 | ---- | C] () -- C:\Documents and Settings\Keith\Desktop\Unreal Tournament 2004.lnk
[2009/08/20 01:55:54 | 00,000,000 | ---D | C] -- C:\Program Files\Unreal Tournament 2004
[2009/08/19 11:32:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Local Settings\Application Data\Codemasters
[2009/08/19 11:23:00 | 00,001,598 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Colin McRae DiRT.lnk
[2009/08/19 11:11:59 | 00,000,000 | ---D | C] -- C:\Program Files\Colin McRae Dirt
[2009/08/19 11:05:05 | 00,000,678 | ---- | C] () -- C:\Documents and Settings\Keith\Desktop\F1 2006.lnk
[2009/08/19 11:03:24 | 00,000,000 | ---D | C] -- C:\Program Files\F1_2006
[2009/08/18 21:55:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/08/18 21:54:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Jasc Software Inc
[2009/08/18 21:54:45 | 00,000,000 | ---D | C] -- C:\Program Files\Jasc Software Inc
[2009/08/18 21:54:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Application Data\Jasc Software Inc
[2009/08/18 20:59:56 | 00,013,576 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2009/08/17 22:19:42 | 00,000,847 | ---- | C] () -- C:\Documents and Settings\Keith\Desktop\Unreal Tournament 3.lnk
[2009/08/17 11:45:03 | 00,309,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmv8dmod.dll
[2009/08/17 11:45:03 | 00,245,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mp4sds32.ax
[2009/08/17 11:38:23 | 00,001,475 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Colin McRae Rally 2005.lnk
[2009/08/17 11:38:14 | 00,000,000 | ---D | C] -- C:\Program Files\Colin McRae Rally 2005
[2009/08/15 22:35:31 | 00,000,000 | ---D | C] -- C:\Program Files\Driver Genius
[2009/08/15 22:10:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2009/08/15 20:57:10 | 01,686,016 | ---- | C] (Clever Components) -- C:\WINDOWS\System32\clinetsuitex6.ocx
[2009/08/15 20:57:10 | 00,427,864 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedZip.dll
[2009/08/15 19:59:48 | 00,000,000 | ---D | C] -- C:\Program Files\Driver Detective
[2009/08/15 19:59:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Local Settings\Application Data\Downloaded Installations
[2009/08/15 19:44:27 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smb3w.dll
[2009/08/15 19:44:27 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll
[2009/08/15 19:44:27 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smb0w.dll
[2009/08/15 19:44:27 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll
[2009/08/15 19:44:27 | 00,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smbbatt.sys
[2009/08/15 19:44:27 | 00,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smbclass.sys
[2009/08/15 19:44:27 | 00,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smbhc.sys
[2009/08/15 17:39:26 | 00,000,000 | ---D | C] -- C:\Program Files\Flash Saving Plugin
[2009/08/15 11:29:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Application Data\WinRAR
[2009/08/14 20:30:24 | 00,001,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth Pro.lnk
[2009/08/14 20:26:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Application Data\Google
[2009/08/14 19:26:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Application Data\InstallShield Installation Information
[2009/08/13 16:31:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Local Settings\Application Data\Google
[2009/08/13 16:24:31 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/08/13 15:43:07 | 00,000,000 | ---D | C] -- C:\Program Files\Unreal Tournament 3
[2009/08/13 00:05:51 | 00,060,928 | ---- | C] () -- C:\WINDOWS\System32\ieframe.oca
[2009/08/12 16:21:17 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2009/08/12 16:21:15 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/08/11 17:12:00 | 00,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quake 4.lnk
[2009/08/11 17:08:18 | 00,000,000 | ---D | C] -- C:\Program Files\Quake 4
[2009/08/11 17:04:34 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2009/08/11 15:02:19 | 00,000,357 | ---- | C] () -- C:\WINDOWS\pdf2word.INI
[2009/08/11 15:01:03 | 00,000,000 | ---D | C] -- C:\Program Files\VeryPDF PDF2Word v3.0
[2009/08/11 08:43:13 | 00,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/08/11 08:43:12 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\ESQULzxspectrum
[2009/08/11 00:47:08 | 00,138,975 | ---- | C] () -- C:\WINDOWS\System32\calc32
[2009/08/11 00:43:14 | 01,343,532 | ---- | C] () -- C:\WINDOWS\System32\calc32.exe
[2009/08/09 14:10:51 | 00,000,720 | ---- | C] () -- C:\Documents and Settings\Keith\Desktop\Half-Life 2.lnk
[2009/08/09 14:02:59 | 00,000,000 | ---D | C] -- C:\Program Files\Steam
[2009/08/09 14:02:45 | 00,000,000 | ---D | C] -- C:\Program Files\Half Life 2
[2009/08/09 00:49:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/09 00:49:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\wpcap.dll
[2009/08/09 00:49:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\packet.dll
[2009/08/09 00:49:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\npf.sys
[2009/08/08 15:01:07 | 00,000,657 | ---- | C] () -- C:\Documents and Settings\Keith\Desktop\Doom 3.lnk
[2009/08/08 15:00:37 | 01,230,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidctl.dll
[2009/08/08 15:00:37 | 01,179,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d8.dll
[2009/08/08 15:00:37 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/08/08 15:00:37 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2009/08/08 15:00:37 | 00,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2009/08/08 15:00:37 | 00,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2009/08/08 15:00:37 | 00,265,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddraw.dll
[2009/08/08 15:00:37 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2009/08/08 15:00:37 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2009/08/08 15:00:37 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nabtsfec.sys
[2009/08/08 15:00:37 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2009/08/08 15:00:37 | 00,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2009/08/08 15:00:37 | 00,052,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2009/08/08 15:00:37 | 00,052,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdv.sys
[2009/08/08 15:00:37 | 00,052,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2009/08/08 15:00:37 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstdecod.dll
[2009/08/08 15:00:37 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2009/08/08 15:00:37 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2009/08/08 15:00:37 | 00,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2009/08/08 15:00:37 | 00,030,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2009/08/08 15:00:37 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wstcodec.sys
[2009/08/08 15:00:37 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2009/08/08 15:00:37 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2009/08/08 15:00:37 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bdaplgin.ax
[2009/08/08 15:00:37 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ccdecode.sys
[2009/08/08 15:00:37 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2009/08/08 15:00:37 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys
[2009/08/08 15:00:37 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2009/08/08 15:00:37 | 00,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\streamip.sys
[2009/08/08 15:00:37 | 00,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2009/08/08 15:00:37 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2009/08/08 15:00:37 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2009/08/08 15:00:37 | 00,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys
[2009/08/08 15:00:37 | 00,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2009/08/08 15:00:37 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\slip.sys
[2009/08/08 15:00:37 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2009/08/08 15:00:37 | 00,010,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisip.sys
[2009/08/08 15:00:37 | 00,010,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2009/08/08 15:00:36 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxdiag.exe
[2009/08/08 15:00:36 | 00,524,800 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedit.dll
[2009/08/08 15:00:36 | 00,382,976 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2009/08/08 15:00:36 | 00,377,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnet.dll
[2009/08/08 15:00:36 | 00,363,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound.dll
[2009/08/08 15:00:36 | 00,276,480 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdv.dll
[2009/08/08 15:00:36 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\joy.cpl
[2009/08/08 15:00:36 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvoice.dll
[2009/08/08 15:00:36 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/08 15:00:36 | 00,177,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qcap.dll
[2009/08/08 15:00:36 | 00,168,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dinput8.dll
[2009/08/08 15:00:36 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dinput.dll
[2009/08/08 15:00:36 | 00,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.dll
[2009/08/08 15:00:36 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmoprp.dll
[2009/08/08 15:00:36 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpwsockx.dll
[2009/08/08 15:00:36 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\dllcache\devenum.dll
[2009/08/08 15:00:36 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pid.dll
[2009/08/08 15:00:36 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpmodemx.dll
[2009/08/08 15:00:36 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnsvr.exe
[2009/08/08 15:00:36 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksolay.ax
[2009/08/08 15:00:36 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d8thk.dll
[2009/08/08 15:00:36 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mstee.sys
[2009/08/08 15:00:36 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2009/08/08 15:00:35 | 01,294,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound3d.dll
[2009/08/08 15:00:35 | 01,189,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx8vb.dll
[2009/08/08 15:00:35 | 00,797,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dim700.dll
[2009/08/08 15:00:35 | 00,733,184 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2009/08/08 15:00:35 | 00,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx7vb.dll
[2009/08/08 15:00:35 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplayx.dll
[2009/08/08 15:00:35 | 00,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmo.dll
[2009/08/08 15:00:35 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmime.dll
[2009/08/08 15:00:35 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax
[2009/08/08 15:00:35 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvvox.dll
[2009/08/08 15:00:35 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmsynth.dll
[2009/08/08 15:00:35 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmstyle.dll
[2009/08/08 15:00:35 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvsetup.exe
[2009/08/08 15:00:35 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmscript.dll
[2009/08/08 15:00:35 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnhupnp.dll
[2009/08/08 15:00:35 | 00,064,512 | ---- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll
[2009/08/08 15:00:35 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmcompos.dll
[2009/08/08 15:00:35 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdllreg.exe
[2009/08/08 15:00:35 | 00,034,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mciqtz32.dll
[2009/08/08 15:00:35 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmloader.dll
[2009/08/08 15:00:35 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnhpast.dll
[2009/08/08 15:00:35 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplaysvr.exe
[2009/08/08 15:00:35 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmband.dll
[2009/08/08 15:00:35 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddrawex.dll
[2009/08/08 15:00:35 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvacm.dll
[2009/08/08 15:00:35 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dswave.dll
[2009/08/08 15:00:35 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll
[2009/08/08 15:00:35 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnlobby.dll
[2009/08/08 15:00:35 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnaddr.dll
[2009/08/08 14:50:10 | 00,000,000 | ---D | C] -- C:\Program Files\Doom 3
[2009/08/08 11:29:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Application Data\Windows Search
[2009/08/08 11:18:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/08/08 11:17:47 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2009/08/08 11:17:47 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2009/08/08 11:17:47 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2009/08/08 01:08:28 | 00,000,000 | ---D | C] -- C:\Program Files\ScanSoft
[2009/08/08 01:05:03 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft AutoRoute
[2009/08/07 10:58:19 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/08/07 10:58:19 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2009/08/07 10:57:44 | 00,018,816 | ---- | C] (Bytemobile, Inc.) -- C:\WINDOWS\System32\drivers\tcpipBM.sys
[2009/08/07 10:57:43 | 00,719,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bmutil.dll
[2009/08/07 10:57:43 | 00,475,136 | ---- | C] (Bytemobile, Inc.) -- C:\WINDOWS\System32\bmnet.dll
[2009/08/07 10:57:43 | 00,270,336 | ---- | C] (Bytemobile, Inc.) -- C:\WINDOWS\System32\bminstall.dll
[2009/08/07 10:57:43 | 00,126,976 | ---- | C] (Bytemobile, Inc.) -- C:\WINDOWS\System32\bmdumpd.bin
[2009/08/07 10:57:43 | 00,008,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sporder.dll
[2009/08/06 20:52:23 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/08/06 20:43:59 | 00,028,672 | ---- | C] (Keith Stanier) -- C:\Documents and Settings\Keith\Desktop\Memory Checker.exe
[2009/08/06 09:28:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/08/06 09:28:17 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/08/06 09:28:13 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/08/06 09:27:57 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/08/06 09:27:57 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/08/06 09:27:57 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/08/06 09:27:57 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/08/06 09:27:57 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/08/06 09:27:57 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/08/06 09:27:57 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/08/05 23:04:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2009/08/05 23:03:49 | 00,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/08/05 23:03:44 | 00,311,296 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2009/08/05 23:03:44 | 00,018,333 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2009/08/05 23:03:41 | 00,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIDEMGX.dll
[2009/08/05 23:03:40 | 00,007,167 | R--- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2009/08/05 23:03:39 | 00,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/08/05 23:03:39 | 00,219,120 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2009/08/05 23:03:38 | 00,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/08/05 23:03:37 | 03,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/08/05 23:03:37 | 00,197,654 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/08/05 23:03:18 | 00,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2009/08/05 20:57:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Local Settings\Application Data\PCHealth
[2009/08/05 20:28:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/08/05 00:18:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2009/08/05 00:18:15 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/08/05 00:18:11 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2009/08/05 00:09:30 | 00,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2009/08/04 20:08:00 | 00,000,640 | ---- | C] () -- C:\Documents and Settings\Keith\Desktop\µTorrent.lnk
[2009/08/04 20:08:00 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/08/04 20:07:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Application Data\uTorrent
[2009/08/04 19:44:25 | 00,000,000 | ---D | C] -- C:\Program Files\isoHunt
[2009/08/04 19:44:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Local Settings\Application Data\Conduit
[2009/08/04 17:23:13 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/08/04 17:23:13 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/08/04 17:23:13 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/08/04 17:23:13 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/08/04 17:23:13 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/08/04 17:23:13 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/08/04 17:23:13 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/08/04 17:23:13 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/08/04 17:23:12 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/08/04 16:17:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Epson
[2009/08/04 16:09:12 | 00,000,000 | ---D | C] -- C:\Downloads
[2009/08/04 15:06:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/08/04 15:06:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Application Data\Sun
[2009/08/04 15:06:10 | 00,127,078 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/04 15:06:10 | 00,053,346 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/04 15:06:10 | 00,049,265 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\jpicpl32.cpl
[2009/08/04 15:06:10 | 00,049,248 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/04 15:05:48 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/08/04 15:05:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2009/08/04 13:43:33 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2009/08/04 13:43:33 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2009/08/04 13:43:33 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2009/08/04 13:43:33 | 01,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2009/08/04 13:43:33 | 00,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2009/08/04 13:43:33 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2009/08/04 13:43:33 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2009/08/04 13:43:33 | 00,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2009/08/04 13:43:33 | 00,069,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2009/08/04 13:43:33 | 00,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2009/08/04 13:43:32 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2009/08/04 13:43:32 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2009/08/04 13:43:32 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2009/08/04 13:43:32 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2009/08/04 13:43:32 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2009/08/04 13:43:32 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2009/08/04 13:43:32 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2009/08/04 13:43:32 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2009/08/04 13:43:32 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2009/08/04 13:43:32 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2009/08/04 13:43:31 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2009/08/04 13:43:31 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2009/08/04 13:43:31 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2009/08/04 13:43:31 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2009/08/04 13:43:31 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2009/08/04 13:43:31 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2009/08/04 13:43:31 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2009/08/04 13:43:31 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2009/08/04 13:43:31 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2009/08/04 13:43:31 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2009/08/04 13:43:31 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2009/08/04 13:43:31 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2009/08/04 13:43:30 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2009/08/04 13:43:30 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2009/08/04 13:43:30 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2009/08/04 13:43:30 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2009/08/04 13:43:30 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2009/08/04 13:43:30 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2009/08/04 13:43:30 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2009/08/04 13:43:30 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2009/08/04 13:43:29 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2009/08/04 13:43:29 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2009/08/04 13:43:29 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2009/08/04 13:43:29 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2009/08/04 13:43:29 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2009/08/04 13:43:29 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2009/08/04 13:43:29 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2009/08/04 13:43:28 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2009/08/04 13:43:27 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2009/08/04 13:43:27 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2009/08/04 13:43:26 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2009/08/04 13:43:26 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2009/08/04 13:43:26 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2009/08/04 13:43:26 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2009/08/04 13:43:26 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2009/08/04 13:43:25 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2009/08/04 13:43:25 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2009/08/04 13:43:25 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2009/08/04 13:43:25 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2009/08/04 13:43:25 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2009/08/04 13:43:24 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2009/08/04 13:43:24 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2009/08/04 13:43:20 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2009/08/04 13:43:20 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2009/08/04 13:43:20 | 00,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2009/08/04 13:43:20 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2009/08/04 13:43:19 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2009/08/04 13:43:19 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2009/08/04 13:43:19 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2009/08/04 13:43:19 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2009/08/04 13:43:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2009/08/04 12:51:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Application Data\Motive
[2009/08/04 12:51:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motive
[2009/08/04 12:50:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2009/08/04 12:50:48 | 00,000,000 | ---D | C] -- C:\Program Files\BT Broadband Desktop Help
[2009/08/04 12:50:21 | 00,218,496 | ---- | C] (British Telecommunications Plc) -- C:\WINDOWS\System32\BTEmailConfig.dll
[2009/08/04 12:50:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\BTV.0000
[2009/08/04 12:49:55 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ATL71.DLL
[2009/08/04 12:49:21 | 00,000,000 | ---D | C] -- C:\Program Files\BTHomeHub
[2009/08/04 07:57:07 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/08/03 23:02:47 | 00,005,088 | ---- | C] (TTR Technologies Ltd.) -- C:\WINDOWS\System32\drivers\IosLink.sys
[2009/08/03 22:58:40 | 00,136,192 | ---- | C] (QSound Labs, Inc.) -- C:\WINDOWS\System32\QMixer.dll
[2009/08/03 22:58:40 | 00,021,126 | ---- | C] () -- C:\WINDOWS\System32\Anc32.vxd
[2009/08/03 22:56:55 | 00,143,872 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iacenc.dll
[2009/08/03 22:04:54 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/08/03 22:04:54 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/08/03 22:04:54 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/08/03 22:00:01 | 00,001,441 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Colin McRae Rally 2.lnk
[2009/08/03 21:59:58 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSOSS.DLL
[2009/08/03 21:59:28 | 00,000,000 | ---D | C] -- C:\Program Files\Colin McRae Rally 2
[2009/08/03 01:00:10 | 00,001,596 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CyberLink PowerDVD.lnk
[2009/08/03 00:55:51 | 00,000,000 | ---D | C] -- C:\Program Files\IcoFX 1.6
[2009/08/02 23:09:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/08/02 21:59:43 | 00,010,304 | ---- | C] () -- C:\WINDOWS\MSOPrefs.232
[2009/08/02 21:59:43 | 00,004,544 | ---- | C] () -- C:\WINDOWS\MSOClip.232
[2009/08/02 21:51:58 | 07,780,724 | ---- | C] () -- C:\WINDOWS\Scrsave.zip
[2009/08/02 21:19:48 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Assembly
[2009/08/02 21:19:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2009/08/02 21:19:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/08/02 11:46:46 | 00,000,000 | ---D | C] -- C:\Program Files\PowerDVD 6.0
[2009/08/02 11:29:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Application Data\IcoFX
[2009/08/01 20:19:33 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2009/08/01 20:19:22 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2009/07/31 10:55:26 | 00,001,590 | ---- | C] () -- C:\Documents and Settings\Keith\Desktop\HijackThis.lnk
[2009/07/31 10:55:26 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2009/07/29 17:39:59 | 00,172,032 | ---- | C] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\WINDOWS\System32\AniGIF.ocx
[2009/07/28 12:17:36 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/07/28 12:14:52 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/07/28 12:14:52 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/07/28 12:14:51 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/07/28 00:29:48 | 00,295,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpeffects.dll
[2009/07/28 00:12:06 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/07/27 16:11:41 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/07/26 00:25:15 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2009/07/24 16:00:59 | 00,000,259 | ---- | C] () -- C:\WINDOWS\QBASIC.INI
[2009/07/24 15:31:20 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\INPOUT32.DLL
[2009/07/23 10:38:57 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/22 23:49:55 | 00,000,108 | ---- | C] () -- C:\WINDOWS\HWEDITOR.INI
[2009/07/22 23:45:47 | 00,001,354 | ---- | C] () -- C:\WINDOWS\Helpwrit.ini
[2009/07/22 23:44:36 | 00,000,057 | ---- | C] () -- C:\WINDOWS\apiload.ini
[2009/07/22 22:49:52 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2009/07/22 22:49:52 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2009/07/22 22:49:52 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2009/07/22 22:46:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2009/07/22 22:36:29 | 00,000,365 | ---- | C] () -- C:\WINDOWS\infoview.ini
[2009/07/22 22:36:28 | 00,000,189 | ---- | C] () -- C:\WINDOWS\VBA.INI
[2009/07/22 22:09:45 | 00,001,260 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/07/22 22:09:42 | 00,000,262 | ---- | C] () -- C:\WINDOWS\WINHELP.INI
[2009/07/22 22:09:29 | 00,003,638 | ---- | C] () -- C:\WINDOWS\SETUPWIZ.INI
[2009/07/22 20:39:01 | 00,000,211 | ---- | C] () -- C:\WINDOWS\Imagedit.ini
[2009/07/22 20:39:01 | 00,000,184 | ---- | C] () -- C:\WINDOWS\Atomic Clock.ini
[2009/07/22 20:39:01 | 00,000,056 | ---- | C] () -- C:\WINDOWS\Soko.ini
[2009/07/22 20:39:01 | 00,000,032 | ---- | C] () -- C:\WINDOWS\SOL.INI
[2009/07/22 20:39:00 | 00,002,351 | ---- | C] () -- C:\WINDOWS\Cdplayer.ini
[2009/07/22 20:39:00 | 00,000,436 | ---- | C] () -- C:\WINDOWS\CDLABEL.INI
[2009/07/22 20:39:00 | 00,000,436 | ---- | C] () -- C:\WINDOWS\CD Case Labeller.ini
[2004/08/04 13:00:00 | 00,004,744 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 13:00:00 | 00,000,233 | ---- | C] () -- C:\WINDOWS\system.ini
[1999/01/22 19:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/06/10 00:00:00 | 00,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/03/22 13:50:02 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[1997/03/09 22:56:52 | 00,194,048 | ---- | C] () -- C:\WINDOWS\System32\QCARD32.DLL
[1996/11/18 22:15:56 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\u2ddisk.dll
[1996/11/18 22:15:52 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\p2sodbc.dll
[1996/11/18 22:15:50 | 00,054,272 | ---- | C] () -- C:\WINDOWS\System32\p2irdao.dll
[1996/11/18 22:15:50 | 00,050,176 | ---- | C] () -- C:\WINDOWS\System32\p2ctdao.dll
[1996/11/18 22:15:50 | 00,036,352 | ---- | C] () -- C:\WINDOWS\System32\p2bbnd.dll
[1996/11/18 22:15:46 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[1996/11/18 22:15:28 | 00,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll

========== Files - Modified Within 30 Days ==========

[2009/08/26 15:00:00 | 00,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/08/26 14:54:12 | 00,663,076 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/26 14:54:12 | 00,545,860 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/26 14:54:12 | 00,105,534 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/26 14:49:58 | 00,219,120 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2009/08/26 14:49:56 | 00,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2009/08/26 14:49:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/26 14:49:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/26 14:44:06 | 00,000,777 | ---- | M] () -- C:\Documents and Settings\Keith\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/26 14:43:57 | 00,000,621 | ---- | M] () -- C:\Documents and Settings\Keith\Desktop\NTREGOPT.lnk
[2009/08/26 14:43:57 | 00,000,602 | ---- | M] () -- C:\Documents and Settings\Keith\Desktop\ERUNT.lnk
[2009/08/26 12:50:20 | 00,001,697 | ---- | M] () -- C:\Documents and Settings\Keith\Desktop\Colin McRae Rally 4.lnk
[2009/08/25 17:27:04 | 00,013,792 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/25 15:36:56 | 00,009,728 | ---- | M] () -- C:\Documents and Settings\Keith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/25 11:36:53 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2009/08/24 20:37:07 | 00,706,871 | ---- | M] () -- C:\My Documents.zip
[2009/08/24 09:46:55 | 00,108,144 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2009/08/24 09:45:55 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tomb Raider - Anniversary.lnk
[2009/08/24 08:47:21 | 00,000,357 | ---- | M] () -- C:\WINDOWS\pdf2word.INI
[2009/08/23 16:08:45 | 00,000,211 | ---- | M] () -- C:\WINDOWS\Imagedit.ini
[2009/08/23 11:50:33 | 00,001,590 | ---- | M] () -- C:\Documents and Settings\Keith\Desktop\Defraggler.lnk
[2009/08/22 13:12:27 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/22 03:16:55 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/08/21 10:26:59 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/08/21 10:26:59 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/08/21 10:26:33 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/08/21 07:38:27 | 00,001,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/08/21 07:33:25 | 00,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/08/21 07:33:25 | 00,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/08/21 07:33:25 | 00,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/08/20 14:59:54 | 00,004,744 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/20 13:18:35 | 00,084,992 | ---- | M] () -- C:\WINDOWS\System32\msihost.exe
[2009/08/20 02:10:37 | 00,000,857 | ---- | M] () -- C:\Documents and Settings\Keith\Desktop\Unreal Tournament 2004.lnk
[2009/08/19 11:28:40 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\Keith\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/19 11:28:33 | 00,153,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/19 11:23:00 | 00,001,598 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Colin McRae DiRT.lnk
[2009/08/19 11:05:30 | 00,000,678 | ---- | M] () -- C:\Documents and Settings\Keith\Desktop\F1 2006.lnk
[2009/08/19 02:38:24 | 06,363,430 | -H-- | M] () -- C:\Documents and Settings\Keith\Local Settings\Application Data\IconCache.db
[2009/08/17 22:19:42 | 00,000,847 | ---- | M] () -- C:\Documents and Settings\Keith\Desktop\Unreal Tournament 3.lnk
[2009/08/17 17:10:20 | 01,279,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/17 17:06:54 | 00,093,392 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/17 17:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/17 17:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/17 17:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/17 17:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/17 17:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/17 17:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/17 17:02:50 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/08/17 11:38:23 | 00,001,475 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Colin McRae Rally 2005.lnk
[2009/08/17 11:05:28 | 00,001,581 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quake 4.lnk
[2009/08/14 20:30:24 | 00,001,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth Pro.lnk
[2009/08/13 15:42:43 | 00,000,223 | RHS- | M] () -- C:\boot.ini
[2009/08/13 00:05:51 | 00,060,928 | ---- | M] () -- C:\WINDOWS\System32\ieframe.oca
[2009/08/12 21:30:59 | 00,000,436 | ---- | M] () -- C:\WINDOWS\CDLABEL.INI
[2009/08/12 21:19:32 | 00,000,056 | ---- | M] () -- C:\WINDOWS\Soko.ini
[2009/08/12 16:16:54 | 00,138,975 | ---- | M] () -- C:\WINDOWS\System32\calc32
[2009/08/12 15:44:51 | 00,000,184 | ---- | M] () -- C:\WINDOWS\Atomic Clock.ini
[2009/08/11 08:43:12 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\ESQULzxspectrum
[2009/08/11 00:46:15 | 01,343,532 | ---- | M] () -- C:\WINDOWS\System32\calc32.exe
[2009/08/09 21:49:05 | 00,000,720 | ---- | M] () -- C:\Documents and Settings\Keith\Desktop\Half-Life 2.lnk
[2009/08/09 00:49:43 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\wpcap.dll
[2009/08/09 00:49:43 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\packet.dll
[2009/08/09 00:49:43 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\npf.sys
[2009/08/08 15:01:07 | 00,000,657 | ---- | M] () -- C:\Documents and Settings\Keith\Desktop\Doom 3.lnk
[2009/08/05 23:49:09 | 00,000,436 | ---- | M] () -- C:\WINDOWS\CD Case Labeller.ini
[2009/08/05 22:53:58 | 00,000,010 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/08/05 00:09:31 | 00,002,560 | ---- | M] () -- C:\WINDOWS\_MSRSTRT.EXE
[2009/08/04 20:08:00 | 00,000,640 | ---- | M] () -- C:\Documents and Settings\Keith\Desktop\µTorrent.lnk
[2009/08/03 22:00:01 | 00,001,441 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Colin McRae Rally 2.lnk
[2009/08/03 15:53:24 | 00,005,441 | ---- | M] () -- C:\WINDOWS\vb.ini
[2009/08/03 15:47:03 | 00,000,189 | ---- | M] () -- C:\WINDOWS\VBA.INI
[2009/08/03 01:00:10 | 00,001,596 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CyberLink PowerDVD.lnk
[2009/08/02 21:59:47 | 00,010,304 | ---- | M] () -- C:\WINDOWS\MSOPrefs.232
[2009/08/02 21:59:47 | 00,004,544 | ---- | M] () -- C:\WINDOWS\MSOClip.232
[2009/08/02 21:52:00 | 07,780,724 | ---- | M] () -- C:\WINDOWS\Scrsave.zip
[2009/07/31 10:55:26 | 00,001,590 | ---- | M] () -- C:\Documents and Settings\Keith\Desktop\HijackThis.lnk
[2009/07/30 20:59:48 | 00,163,840 | ---- | M] (Keith Stanier) -- C:\WINDOWS\System32\PixSS.scr
[2009/07/30 13:10:29 | 00,001,558 | ---- | M] () -- C:\Documents and Settings\Keith\Desktop\CCleaner.lnk
[2009/07/29 17:39:59 | 00,172,032 | ---- | M] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\WINDOWS\System32\AniGIF.ocx
[2009/07/28 23:52:41 | 00,003,539 | ---- | M] () -- C:\WINDOWS\System32\PixSS.cfg
[2009/07/28 21:15:32 | 00,230,912 | ---- | M] () -- C:\WINDOWS\System32\wmp.oca
[2009/07/27 23:33:12 | 00,001,354 | ---- | M] () -- C:\WINDOWS\Helpwrit.ini
[2009/07/27 23:32:28 | 00,000,108 | ---- | M] () -- C:\WINDOWS\HWEDITOR.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC680CD1
< End of report >


Extras.Txt
QUOTE
OTL Extras logfile created on: 26/08/2009 14:59:27 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\CD\Malware
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 298.39 Gb Free Space | 64.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ULTIMA-WARLORD
Current User Name: Keith
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Doom 3\DOOM3.exe" = C:\Program Files\Doom 3\DOOM3.exe:*:Disabled:Doom_3-1 -- (id Software)
"C:\Program Files\Doom 3\DOOM3DED.exe" = C:\Program Files\Doom 3\DOOM3DED.exe:*:Disabled:Doom_3-2 -- (id Software)
"C:\Program Files\Doom 3\D3ROE3_C.EXE" = C:\Program Files\Doom 3\D3ROE3_C.EXE:*:Disabled:Doom_3-3 -- ()
"C:\Program Files\DAP\DAP.exe" = C:\Program Files\DAP\DAP.exe:*:Disabled:Download Accelerator Plus -- File not found
"C:\Program Files\Half Life 2\hl2.exe" = C:\Program Files\Half Life 2\hl2.exe:*:Disabled:Half-Life_2 -- ()
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- File not found
"C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe" = C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal_Tournament_1 -- ()
"C:\Program Files\Unreal Tournament 3\Binaries\UnrealFrontend.exe" = C:\Program Files\Unreal Tournament 3\Binaries\UnrealFrontend.exe:*:Enabled:Unreal_Tournament_2 -- ()
"C:\Program Files\Unreal Tournament 3\Binaries\UnrealConsole.exe" = C:\Program Files\Unreal Tournament 3\Binaries\UnrealConsole.exe:*:Enabled:Unreal_Tournament_3 -- (Epic Games)
"C:\Program Files\Colin McRae Dirt\DiRT.exe" = C:\Program Files\Colin McRae Dirt\DiRT.exe:*:Enabled:DiRT Executable -- (Codemasters)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0205.1
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{090765EE-74A0-4ABB-9B15-4C1F80AB3E10}" = Catalyst Control Center Graphics Full Existing
"{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4™
"{19B72AA9-985A-11D4-9C8A-00D0B75D1498}" = Colin McRae Rally 2
"{1F133B63-B8DD-414D-BF41-7764DFF4374A}_is1" = Colin McRae Rally 4 v1.1
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{24960CD0-661D-4957-9D5F-D2905A30EDB1}" = Jasc Paint Shop Photo Album 5
"{25331195-4E18-11D7-9D73-0008C7223F91}" = Zoom V.92 PCI Voice Faxmodem
"{2576C501-677F-3206-C73C-E4F90F9433C4}" = ccc-core-preinstall
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390B21DF-7C00-8CE2-B205-B199BADCC4B7}" = Catalyst Control Center Graphics Previews Common
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4C35A5B5-940E-B44D-1ADA-52F1FE501FC7}" = Catalyst Control Center Graphics Full New
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}" = DiRT
"{66B4E395-38E3-D233-FB72-EB81DF545985}" = Catalyst Control Center Graphics Light
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3
"{8913BD67-274C-0581-203B-9DA14CE43175}" = ccc-core-static
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9578C0CD-8108-4379-9026-4601F59859A0}" = Google Earth Pro
"{9C2DC81B-8114-37D9-A922-95E460A1FAFB}" = Microsoft Visual Basic 2008 Express Edition - ENU
"{A182077A-8D6B-4194-B48A-B4DC37C69907}" = RealSpeak Solo for UK English Emily
"{A25947EB-D9C2-4D6E-8051-810C913211B5}_is1" = ApiViewer 2004
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A79E6F7D-002A-9B6C-7CB9-60CED94201DA}" = CCC Help English
"{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}" = MSN Messenger 7.0
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4C0A315-07FB-39F9-85CD-8CE20C019350}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C7D27207-0F86-4B6F-859C-21800A2C592E}" = Grand Prix 4
"{C82185E8-C27B-4EF4-2007-3333BC2C2B6D}" = Microsoft AutoRoute 2007
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CC67770B-581D-4E96-B72A-A7907CE18725}" = Colin McRae Rally 2005
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}" = BT Broadband Support Tools
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{DB5443C9-A1C7-302A-1C1D-E24191B0E63D}" = Catalyst Control Center HydraVision Full
"{DF38F332-2AC3-37FF-9FDC-8C4C80E531FB}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"{E17E6A29-9FC8-30D8-8A33-0614F616A552}" = Catalyst Control Center Core Implementation
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FC98FBE9-E931-494C-8717-497185371033}" = Nero 7 Ultra Edition
"{FE6D6D42-6AE2-A259-F8C2-193CCE10C569}" = ccc-utility
"2nd Speech Center_is1" = 2nd Speech Center V3.00.050830
"ActiveX Manager" = ActiveX Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"API-Guide" = API-Guide (remove only)
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BT Wireless Connection Manager" = BT Wireless Connection Manager
"BT Yahoo! Applications" = BT Yahoo! Applications
"BTHomeHub" = BTHomeHub
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CCleaner" = CCleaner (remove only)
"CrystalReports" = Crystal Reports
"Defraggler" = Defraggler (remove only)
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"IcoFX_is1" = IcoFX 1.6.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4™
"LHTTSENG" = L&H TTS3000 British English
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Developer Network - Visual Studio 6.0a" = MSDN Library - Visual Studio 6.0a
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2008 Express Edition - ENU" = Microsoft Visual Basic 2008 Express Edition - ENU
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSDN Library for Microsoft Visual Studio 2008 Express Editions" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MVApplication1" = DesignExpress for PressIT 32 bit
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Recuva" = Recuva (remove only)
"Tomb Raider: Anniversary" = Tomb Raider: Anniversary 1.0
"Train Simulator 1.0" = Microsoft Train Simulator
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Uninstall Manager_is1" = Uninstall Manager v4.30
"VeryPDF PDF2Word v3.0_is1" = VeryPDF PDF2Word v3.0
"Visual Basic 6.0 Professional Edition" = Microsoft Visual Basic 6.0 Professional Edition
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WinZip Self-Extractor" = WinZip Self-Extractor
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 21/08/2009 02:14:09 | Computer Name = ULTIMA-WARLORD | Source = avast! | ID = 33554522
Description = AAVM - initialization error: AavmStart: avworkInitialize failed, 0000A438.


[ Application Events ]
Error - 10/08/2009 19:41:32 | Computer Name = ULTIMA-WARLORD | Source = Application Error | ID = 1000
Description = Faulting application winrar380pro.exe, version 0.0.0.0, faulting module
winrar380pro.exe, version 0.0.0.0, fault address 0x00000a89.

Error - 10/08/2009 19:41:32 | Computer Name = ULTIMA-WARLORD | Source = Application Error | ID = 1000
Description = Faulting application winrar380pro.exe, version 0.0.0.0, faulting module
winrar380pro.exe, version 0.0.0.0, fault address 0x00000a89.

Error - 10/08/2009 19:41:32 | Computer Name = ULTIMA-WARLORD | Source = Application Error | ID = 1000
Description = Faulting application winrar380pro.exe, version 0.0.0.0, faulting module
winrar380pro.exe, version 0.0.0.0, fault address 0x00000a89.

Error - 10/08/2009 19:41:33 | Computer Name = ULTIMA-WARLORD | Source = Application Error | ID = 1000
Description = Faulting application winrar380pro.exe, version 0.0.0.0, faulting module
winrar380pro.exe, version 0.0.0.0, fault address 0x00000a89.

Error - 10/08/2009 19:41:33 | Computer Name = ULTIMA-WARLORD | Source = Application Error | ID = 1000
Description = Faulting application winrar380pro.exe, version 0.0.0.0, faulting module
winrar380pro.exe, version 0.0.0.0, fault address 0x00000a89.

Error - 10/08/2009 19:41:34 | Computer Name = ULTIMA-WARLORD | Source = Application Error | ID = 1000
Description = Faulting application winrar380pro.exe, version 0.0.0.0, faulting module
winrar380pro.exe, version 0.0.0.0, fault address 0x00000a89.

Error - 10/08/2009 19:41:35 | Computer Name = ULTIMA-WARLORD | Source = Application Error | ID = 1000
Description = Faulting application winrar380pro.exe, version 0.0.0.0, faulting module
winrar380pro.exe, version 0.0.0.0, fault address 0x00000a89.

Error - 10/08/2009 19:41:36 | Computer Name = ULTIMA-WARLORD | Source = Application Error | ID = 1000
Description = Faulting application winrar380pro.exe, version 0.0.0.0, faulting module
winrar380pro.exe, version 0.0.0.0, fault address 0x00000a89.

Error - 10/08/2009 19:41:36 | Computer Name = ULTIMA-WARLORD | Source = Application Error | ID = 1000
Description = Faulting application winrar380pro.exe, version 0.0.0.0, faulting module
winrar380pro.exe, version 0.0.0.0, fault address 0x00000a89.

Error - 10/08/2009 19:41:37 | Computer Name = ULTIMA-WARLORD | Source = Application Error | ID = 1000
Description = Faulting application winrar380pro.exe, version 0.0.0.0, faulting module
winrar380pro.exe, version 0.0.0.0, fault address 0x00000a89.

[ System Events ]
Error - 26/08/2009 09:14:59 | Computer Name = ULTIMA-WARLORD | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 26/08/2009 09:47:31 | Computer Name = ULTIMA-WARLORD | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).

Error - 26/08/2009 09:47:32 | Computer Name = ULTIMA-WARLORD | Source = Service Control Manager | ID = 7034
Description = The EpsonBidirectionalService service terminated unexpectedly. It
has done this 1 time(s).

Error - 26/08/2009 09:47:32 | Computer Name = ULTIMA-WARLORD | Source = Service Control Manager | ID = 7034
Description = The ES lite Service for program management. service terminated unexpectedly.
It has done this 1 time(s).

Error - 26/08/2009 09:47:32 | Computer Name = ULTIMA-WARLORD | Source = Service Control Manager | ID = 7034
Description = The EPSON Printer Status Agent2 service terminated unexpectedly.
It has done this 1 time(s).

Error - 26/08/2009 09:47:32 | Computer Name = ULTIMA-WARLORD | Source = Service Control Manager | ID = 7034
Description = The McciCMService service terminated unexpectedly. It has done this
1 time(s).

Error - 26/08/2009 09:47:33 | Computer Name = ULTIMA-WARLORD | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).

Error - 26/08/2009 09:47:33 | Computer Name = ULTIMA-WARLORD | Source = Service Control Manager | ID = 7034
Description = The Windows User Mode Driver Framework service terminated unexpectedly.
It has done this 1 time(s).

Error - 26/08/2009 09:47:33 | Computer Name = ULTIMA-WARLORD | Source = Service Control Manager | ID = 7034
Description = The Windows MSI service terminated unexpectedly. It has done this
1 time(s).

Error - 26/08/2009 09:47:33 | Computer Name = ULTIMA-WARLORD | Source = Service Control Manager | ID = 7034
Description = The SQL Server (SQLEXPRESS) service terminated unexpectedly. It has
done this 1 time(s).


< End of report >


See what you guys/gals think?

I will be very grateful for help you can give me. wink.gif
Keithuk
Aug 26 2009, 08:11 PM
I don't believe this s**t. I've just spent 20 minutes making a reply, I click on Preview and lost the lot so here is a brief version.

I found Malwarebytes Anti-Malware 1.40 FileHippo. I downloaded installed and did a full scan.

Now I'm not sure how it works as I'm supposedly scanning for malware but occasionally Avast pops up with a virus warning. I click Delete and another massage come up Delete now with a checkbox saying Delete on next startup. I click OK and it continues. Now the report says 8 Files Infected by Avast poped up 10 or 12 times.

mbam-log-2009-08-26 (18-43-47).txt
QUOTE
Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

26/08/2009 18:43:58
mbam-log-2009-08-26 (18-43-47).txt

Scan type: Full Scan (C:\|)
Objects scanned: 323026
Time elapsed: 1 hour(s), 33 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ESQULserv.sys (Trojan.Agent) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.85,85.255.112.180 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{affa0d9d-e116-4cf2-96ab-f01a661bccda}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.85,85.255.112.180 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.85,85.255.112.180 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{affa0d9d-e116-4cf2-96ab-f01a661bccda}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.85,85.255.112.180 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.85,85.255.112.180 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{affa0d9d-e116-4cf2-96ab-f01a661bccda}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.85,85.255.112.180 -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Downloads\Adobe CS4 Master Collection\Adobe CS4 Keygen.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{1E527E85-FFAB-4048-970F-5B44F102EE17}\RP185\A0062719.exe (Trojan.VbInject) -> No action taken.
C:\System Volume Information\_restore{1E527E85-FFAB-4048-970F-5B44F102EE17}\RP185\A0063725.exe (Trojan.VbInject) -> No action taken.
C:\System Volume Information\_restore{1E527E85-FFAB-4048-970F-5B44F102EE17}\RP185\A0063726.exe (Trojan.VbInject) -> No action taken.
C:\System Volume Information\_restore{1E527E85-FFAB-4048-970F-5B44F102EE17}\RP185\A0063730.exe (Trojan.VbInject) -> No action taken.
C:\System Volume Information\_restore{1E527E85-FFAB-4048-970F-5B44F102EE17}\RP185\A0064735.exe (Rootkit.Dropper) -> No action taken.
C:\WINDOWS\system32\calc32.exe (Trojan.VbInject) -> No action taken.
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> No action taken.


The report says No action taken. I told Avast to delete.

I've deleted calc32.exe and removed ESQULserv.sys (Trojan.Agent) from the registry. I'm not sure about the Tcpip\Parameters in the registry. If I delete those have I lost my connection?

I did a restart and scanned C:\System Volume Information folder again with Avast and it found 2 most virus's. No I'm not sure what is in C:\System Volume Information folder because I don't have access to it, I think its system restore data. I'm surprised that Defragler and Avast have access to move and delete files.

Anyway thats the shortened version. wink.gif
Keithuk
Aug 27 2009, 03:02 PM
Ok new update. I've deleted everything listed in Malwarebytes and my browser is back to working as it should do. Thought I did have 1 of those popup warnings this morning but I haven't see any since. The browser was the biggest problem.

I would like to thank the one helper is this situation and I think that person knows would they are. wink.gif
Keithuk
Aug 30 2009, 11:11 PM
Ok another update.

I was still having the occational glitch with the search engines so I did another search for the this warning message and there are quite a few answers on another forum I use http://www.bleepingcomputer.com/forums/. They suggested downloading ComboFix.exe which you can Google for.

I disabled Avast and ran ComboFix.exe. It does a lot of checks under cmd then forces a restart then shows you a log file when it starts up.
CODE
c:\documents and settings\Keith\Favorites\Games.url
c:\recycler\S-1-5-21-9675919055-4621072700-746916928-7219
c:\windows\Fonts\Circlett.ttf
c:\windows\system\VBRAA83.DLL
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
c:\windows\winhelp.ini


Now I don't know what was wromg with my Games.url thats an old site I've have for a couple of years. The same goes for Circlett.ttf I've had that font for a few years. VBRAA83.DLL is used in the older VB apps and I don't know whats wrong with winhelp.ini?

It also shows whats been installed and when.

Anyway every web search I do and I click on the link it starts a new page in that tab and no funny sites up to yet anyway. wink.gif
SpySentinel
Aug 31 2009, 12:26 AM
If you are getting help at Bleeping Computer I can close this topic for you. If not, and you would like help, please post the ComboFix log here.

Thanks,
Spy
Keithuk
Aug 31 2009, 10:58 AM
Hi Spy.

Well I've been using BC for 3 or 4 years years and I haven't really search on there for this problem. I did a general web search for the words in Warning.jpg and there were 2 or 3 links to that forum so I just clicked on and had a read. BC Search. They suggested using ComboFix.exe.

Another forum TechSupportForum shows the same warning picture that I get and they suggest ComboFix.exe so I tried it.

To be honest with you your the only person that answered this topic and 132 have read it. I had a little help of Hazel initially saying please read the Before You Post ! topic which I did and followed all instructions but I still had the same problem.

I did an update to this topic yesterday after using ComboFix and my web browsers search were working as they should do. I'm after any help I can get on this subject, if you don't like me mensioning other computer forums or you think its Resolved then you can close this topic.

I'm still not convinced its fixed. sad.gif

ComboFix log
CODE
ComboFix 09-08-29.01 - Keith 30/08/2009 22:31.1.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.2814.2271 [GMT 1:00]
Running from: c:\cd\Malware\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090830-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Keith\Favorites\Games.url
c:\recycler\S-1-5-21-9675919055-4621072700-746916928-7219
c:\windows\Fonts\Circlett.ttf
c:\windows\system\VBRAA83.DLL
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
c:\windows\winhelp.ini

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


(((((((((((((((((((((((((   Files Created from 2009-07-28 to 2009-08-30  )))))))))))))))))))))))))))))))
.

2009-08-30 14:17 . 2009-08-30 14:17    --------    d-----w-    c:\program files\Sun
2009-08-30 14:17 . 2009-08-30 14:17    411368    ----a-w-    c:\windows\system32\deploytk.dll
2009-08-30 14:17 . 2009-08-30 14:17    --------    d-----w-    c:\program files\Java
2009-08-30 11:22 . 1998-10-29 15:45    306688    ----a-w-    c:\windows\IsUninst.exe
2009-08-27 20:49 . 2009-08-30 11:39    --------    d-----w-    c:\temp\Tomb Raider Underworld
2009-08-27 19:06 . 2009-08-27 19:06    14460    ----a-w-    c:\temp\cc_20090827_200606.reg
2009-08-27 11:50 . 2009-08-27 12:03    --------    d-----w-    c:\temp\Hex Editor4
2009-08-27 11:50 . 2009-08-27 12:02    --------    d-----w-    c:\temp\Hex Editor3
2009-08-27 11:50 . 2009-08-27 20:52    --------    d-----w-    c:\temp\Hex Editor2
2009-08-27 11:50 . 2006-04-17 15:11    81762    ----a-w-    c:\temp\HexEditor4.zip
2009-08-27 11:50 . 2006-04-17 15:11    30194    ----a-w-    c:\temp\HexEditor3.zip
2009-08-27 11:50 . 2003-04-21 21:30    27999    ----a-w-    c:\temp\HexEditor2.zip
2009-08-26 21:03 . 2008-02-22 11:30    334792    ----a-w-    c:\windows\system32\_AxShlEx.dll
2009-08-26 21:02 . 2009-08-26 21:32    --------    d-----w-    c:\program files\Alcohol 120
2009-08-26 21:00 . 2009-08-26 21:00    716272    ----a-w-    c:\windows\system32\drivers\sptd.sys
2009-08-26 16:07 . 2009-08-26 16:07    --------    d-----w-    c:\docume~1\Keith\APPLIC~1\Malwarebytes
2009-08-26 16:07 . 2009-08-03 12:36    38160    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-26 16:07 . 2009-08-26 17:45    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2009-08-26 16:07 . 2009-08-26 16:07    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-26 16:07 . 2009-08-03 12:36    19096    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-08-26 14:20 . 2009-08-26 14:20    34816    ----a-w-    c:\windows\system32\drivers\rootrepeal.sys
2009-08-26 13:43 . 2009-08-26 13:44    --------    d-----w-    c:\program files\ERUNT
2009-08-25 16:58 . 2009-08-25 16:58    --------    d-----w-    c:\documents and settings\All Users\Application Data\CA
2009-08-25 16:50 . 2009-08-25 16:53    --------    d-----w-    c:\program files\CA Yahoo! Anti-Spy
2009-08-25 16:46 . 2009-08-25 16:50    --------    d-----w-    c:\program files\Common Files\Scanner
2009-08-24 19:13 . 2009-08-30 20:07    --------    d-----w-    C:\My Documents
2009-08-24 13:57 . 2009-08-24 13:57    --------    d-----w-    c:\temp\New Folder
2009-08-24 13:49 . 2009-08-24 13:49    --------    d-----w-    c:\program files\Hasbro
2009-08-24 08:46 . 2009-08-24 08:46    --------    d--h--r-    c:\docume~1\Keith\APPLIC~1\SecuROM
2009-08-24 08:46 . 2009-08-24 08:46    108144    ----a-w-    c:\windows\system32\CmdLineExt.dll
2009-08-23 15:00 . 2009-08-29 19:50    --------    d-----w-    c:\temp\CMR4
2009-08-23 11:22 . 2009-08-23 11:29    --------    d-----w-    C:\VB.Net
2009-08-23 11:08 . 2009-08-23 11:08    --------    d-----w-    c:\program files\Microsoft Silverlight
2009-08-23 11:06 . 2009-08-23 11:06    --------    d-----w-    c:\program files\MSXML 6.0
2009-08-23 11:06 . 2009-08-23 11:08    --------    d-----w-    c:\program files\Microsoft SQL Server
2009-08-23 11:03 . 2009-08-23 11:03    --------    d-----w-    c:\program files\Microsoft Synchronization Services
2009-08-23 11:03 . 2009-08-23 11:03    --------    d-----w-    c:\program files\Microsoft SQL Server Compact Edition
2009-08-23 11:03 . 2009-08-23 11:03    187808    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2009-08-23 11:02 . 2009-08-23 11:02    416    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-08-23 11:02 . 2009-08-23 11:02    --------    d-----w-    c:\documents and settings\Keith\Local Settings\Application Data\Microsoft Help
2009-08-23 11:01 . 2009-08-23 11:07    --------    d-----w-    c:\program files\Microsoft.NET
2009-08-23 11:01 . 2009-08-23 11:03    --------    d-----w-    c:\program files\Microsoft Visual Studio 9.0
2009-08-23 11:01 . 2009-08-23 11:04    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-23 11:01 . 2009-08-23 11:01    --------    d-----w-    c:\program files\Microsoft SDKs
2009-08-21 06:38 . 2009-08-17 16:04    51376    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2009-08-21 06:38 . 2009-08-17 16:04    23152    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2009-08-21 06:38 . 2009-08-17 16:03    26944    ----a-w-    c:\windows\system32\drivers\aavmker4.sys
2009-08-21 06:38 . 2009-08-17 16:05    114768    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2009-08-21 06:38 . 2009-08-17 16:05    20560    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2009-08-21 06:38 . 2009-08-17 16:02    97480    ----a-w-    c:\windows\system32\AvastSS.scr
2009-08-21 06:38 . 2009-08-17 16:06    93392    ----a-w-    c:\windows\system32\drivers\aswmon.sys
2009-08-21 06:38 . 2009-08-17 16:06    94160    ----a-w-    c:\windows\system32\drivers\aswmon2.sys
2009-08-21 06:38 . 2009-08-17 16:10    1279456    ----a-w-    c:\windows\system32\aswBoot.exe
2009-08-21 06:28 . 2009-08-21 06:28    --------    d-----w-    c:\windows\system32\wbem\Repository
2009-08-21 06:28 . 2009-08-21 06:28    --------    d-----w-    c:\program files\MSN Messenger
2009-08-20 00:55 . 2009-08-21 06:26    --------    d-----w-    c:\program files\Unreal Tournament 2004
2009-08-19 17:47 . 2009-08-19 17:48    185820    ----a-w-    c:\temp\Ut3.zip
2009-08-19 16:08 . 2009-08-19 17:54    97563    ----a-w-    c:\temp\Microsoft Internet Explorer 7.0.zip
2009-08-19 10:32 . 2009-08-19 10:32    --------    d-----w-    c:\documents and settings\Keith\Local Settings\Application Data\Codemasters
2009-08-19 10:11 . 2009-08-21 06:23    --------    d-----w-    c:\program files\Colin McRae Dirt
2009-08-19 10:03 . 2009-08-19 10:04    --------    d-----w-    c:\program files\F1_2006
2009-08-18 20:55 . 2009-08-18 20:55    --------    d-----w-    c:\documents and settings\All Users\Application Data\InstallShield
2009-08-18 20:54 . 2009-08-18 20:55    --------    d-----w-    c:\program files\Common Files\Jasc Software Inc
2009-08-18 20:54 . 2009-08-18 20:56    --------    d-----w-    c:\program files\Jasc Software Inc
2009-08-18 20:54 . 2009-08-18 20:54    --------    d-----w-    c:\docume~1\Keith\APPLIC~1\Jasc Software Inc
2009-08-18 19:59 . 2008-01-21 16:43    13576    ----a-w-    c:\windows\system32\wnaspi32.dll
2009-08-17 20:28 . 2009-08-19 17:48    --------    d-----w-    c:\temp\UT3
2009-08-17 10:45 . 2001-05-16 16:54    309616    ----a-w-    c:\windows\system32\wmv8dmod.dll
2009-08-17 10:38 . 2004-08-26 21:41    13902186    ----a-w-    c:\temp\protect.dll
2009-08-17 10:38 . 2004-08-26 21:36    2554368    ----a-w-    c:\temp\CMR5.EXE
2009-08-17 10:38 . 2009-08-17 10:46    --------    d-----w-    c:\program files\Colin McRae Rally 2005
2009-08-15 21:35 . 2009-08-15 22:10    --------    d-----w-    c:\program files\Driver Genius
2009-08-15 21:10 . 2009-08-15 21:10    --------    d-----w-    c:\documents and settings\All Users\Application Data\ATI
2009-08-15 19:57 . 2004-06-14 13:56    427864    ----a-w-    c:\windows\system32\XceedZip.dll
2009-08-15 18:59 . 2009-08-17 16:14    --------    d-----w-    c:\documents and settings\Keith\Local Settings\Application Data\Downloaded Installations
2009-08-15 18:44 . 2004-08-03 22:07    6912    ----a-w-    c:\windows\system32\smbclass.sys
2009-08-15 18:44 . 2004-08-03 22:07    16128    ----a-w-    c:\windows\system32\smbbatt.sys
2009-08-15 18:44 . 2001-08-17 21:36    45568    -c--a-w-    c:\windows\system32\dllcache\smb3w.dll
2009-08-15 18:44 . 2001-08-17 21:36    45568    ----a-w-    c:\windows\system32\smb3w.dll
2009-08-15 18:44 . 2001-08-17 21:36    33792    -c--a-w-    c:\windows\system32\dllcache\smb0w.dll
2009-08-15 18:44 . 2001-08-17 21:36    33792    ----a-w-    c:\windows\system32\smb0w.dll
2009-08-15 18:44 . 2001-08-17 12:57    6784    ----a-w-    c:\windows\system32\smbhc.sys
2009-08-14 18:26 . 2009-08-14 18:26    --------    d-----w-    c:\docume~1\Keith\APPLIC~1\InstallShield Installation Information
2009-08-14 15:13 . 2009-08-14 15:13    --------    d-----w-    c:\temp\Water Effect
2009-08-13 15:31 . 2009-08-27 06:54    --------    d-----w-    c:\documents and settings\Keith\Local Settings\Application Data\Google
2009-08-13 15:24 . 2009-08-27 06:48    --------    d-----w-    c:\program files\Google
2009-08-13 14:43 . 2009-08-17 21:07    --------    d-----w-    c:\program files\Unreal Tournament 3
2009-08-13 13:07 . 2009-05-09 10:14    3248128    ----a-w-    c:\temp\LauncherDialogDLL.dll
2009-08-12 23:05 . 2009-08-12 23:05    --------    d-----w-    c:\temp\Visual Basic 6 Black Book Source Code
2009-08-12 15:21 . 2003-03-18 19:20    1060864    ----a-w-    c:\windows\system32\MFC71.dll
2009-08-12 15:21 . 2009-08-12 15:21    --------    d-----w-    c:\program files\Alwil Software
2009-08-11 16:08 . 2009-08-11 16:11    --------    d-----w-    c:\program files\Quake 4
2009-08-11 16:04 . 2009-08-11 16:04    --------    d-sh--w-    c:\windows\ftpcache
2009-08-11 14:01 . 2009-08-11 14:01    --------    d-----w-    c:\program files\VeryPDF PDF2Word v3.0
2009-08-11 08:00 . 2009-08-30 11:51    --------    d-----w-    c:\temp\CDLabel Pics
2009-08-11 07:43 . 2009-08-11 07:43    --------    d-----w-    c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-08-11 00:10 . 2009-08-15 21:28    62960    ----a-w-    c:\temp\Address Book.zip
2009-08-10 16:30 . 2009-08-10 18:16    --------    d-----w-    c:\temp\Hanoi Puzzle
2009-08-10 13:24 . 2009-08-10 18:21    --------    d-----w-    c:\temp\Resize Controls2
2009-08-09 13:42 . 2009-08-27 20:57    --------    d-----w-    c:\temp\Doom3
2009-08-09 13:02 . 2009-08-09 13:40    --------    d-----w-    c:\program files\Steam
2009-08-09 13:02 . 2009-08-09 13:10    --------    d-----w-    c:\program files\Half Life 2
2009-08-09 00:18 . 2002-12-01 11:13    35497    ----a-w-    c:\temp\Hanoi Puzzle.zip
2009-08-08 23:49 . 2009-08-25 11:25    --------    d---a-w-    c:\documents and settings\All Users\Application Data\TEMP
2009-08-08 13:50 . 2009-08-08 14:01    --------    d-----w-    c:\program files\Doom 3
2009-08-08 10:29 . 2009-08-08 10:29    --------    d-----w-    c:\docume~1\Keith\APPLIC~1\Windows Search
2009-08-08 10:18 . 2009-08-08 10:18    --------    d-----w-    c:\windows\system32\GroupPolicy
2009-08-08 10:17 . 2008-03-07 17:02    98304    -c----w-    c:\windows\system32\dllcache\nlhtml.dll
2009-08-08 10:17 . 2008-03-07 17:02    29696    -c----w-    c:\windows\system32\dllcache\mimefilt.dll
2009-08-08 10:17 . 2008-03-07 17:02    192000    -c----w-    c:\windows\system32\dllcache\offfilt.dll
2009-08-08 00:08 . 2009-08-08 00:08    --------    d-----w-    c:\program files\ScanSoft
2009-08-08 00:05 . 2009-08-08 00:05    --------    d-----w-    c:\program files\Microsoft AutoRoute
2009-08-07 18:36 . 2009-08-07 18:36    23856    ----a-w-    c:\temp\Water Effect.zip
2009-08-07 09:58 . 2008-04-13 23:15    32128    -c--a-w-    c:\windows\system32\dllcache\usbccgp.sys
2009-08-07 09:58 . 2008-04-13 23:15    32128    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2009-08-07 09:57 . 2008-02-11 16:07    18816    ----a-w-    c:\windows\system32\drivers\tcpipBM.sys
2009-08-07 09:57 . 2008-02-11 16:08    475136    ----a-w-    c:\windows\system32\bmnet.dll
2009-08-07 09:57 . 2008-02-11 16:08    270336    ----a-w-    c:\windows\system32\bminstall.dll
2009-08-07 09:57 . 2008-02-11 16:08    126976    ----a-w-    c:\windows\system32\bmdumpd.bin
2009-08-07 09:57 . 2008-02-11 16:05    8464    ----a-w-    c:\windows\system32\sporder.dll
2009-08-07 09:57 . 2008-02-11 16:05    719360    ----a-w-    c:\windows\system32\bmutil.dll
2009-08-06 08:28 . 2009-08-06 08:28    --------    d-----w-    c:\windows\system32\XPSViewer
2009-08-06 08:28 . 2009-08-06 08:28    --------    d-----w-    c:\program files\MSBuild
2009-08-06 08:28 . 2009-08-06 08:28    --------    d-----w-    c:\program files\Reference Assemblies
2009-08-06 08:27 . 2008-07-06 12:06    89088    -c----w-    c:\windows\system32\dllcache\filterpipelineprintproc.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-30 21:36 . 2009-07-23 13:20    16608    ----a-w-    c:\windows\gdrv.sys
2009-08-30 11:31 . 2009-07-22 18:10    --------    d--h--w-    c:\program files\InstallShield Installation Information
2009-08-25 22:36 . 2009-07-22 22:40    143456    ----a-w-    c:\documents and settings\Keith\Favorites.zip
2009-08-25 16:50 . 2009-07-25 23:25    --------    d-----w-    c:\program files\Yahoo!
2009-08-24 19:37 . 2009-07-23 14:52    706871    ----a-w-    C:\My Documents.zip
2009-08-24 16:11 . 2009-07-22 17:38    --------    d-----w-    c:\program files\My Documents
2009-08-23 11:51 . 2009-07-22 22:31    --------    d-----w-    c:\program files\API-Guide
2009-08-21 06:27 . 2009-07-26 08:58    --------    d-----w-    c:\program files\Windows Media Connect 2
2009-08-19 10:28 . 2009-07-22 18:15    33280    ----a-w-    c:\documents and settings\Keith\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-18 20:54 . 2009-07-22 18:09    --------    d-----w-    c:\program files\Common Files\InstallShield
2009-08-17 20:44 . 2009-07-22 18:50    --------    d-----w-    c:\program files\Common Files\Adobe
2009-08-14 13:32 . 2009-07-22 20:36    --------    d-----w-    c:\program files\Realtek
2009-08-14 13:22 . 2009-07-23 13:21    --------    d-----w-    c:\program files\Gigabyte
2009-07-30 19:59 . 2009-07-22 18:56    163840    ----a-w-    c:\windows\system32\PixSS.scr
2009-07-27 13:40 . 2009-07-22 16:47    86327    ----a-w-    c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-26 14:23 . 2009-07-26 14:03    --------    d-----w-    c:\program files\Grand Prix 4
2009-07-26 09:31 . 2009-07-26 09:24    --------    d-----w-    c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-07-26 09:27 . 2009-07-26 09:24    --------    d-----w-    c:\documents and settings\All Users\Application Data\Yahoo!
2009-07-26 09:24 . 2009-07-26 09:24    --------    d-----w-    c:\docume~1\Keith\APPLIC~1\Yahoo!
2009-07-24 19:20 . 2009-07-24 19:20    --------    d-----w-    c:\program files\NetWaiting
2009-07-24 19:19 . 2009-07-24 19:19    --------    d-----w-    c:\program files\Zoom
2009-07-24 14:10 . 2009-07-22 18:33    --------    d-----w-    c:\program files\Recuva
2009-07-24 11:40 . 2009-07-22 21:08    --------    d-----w-    c:\program files\VB3 Decompiler
2009-07-24 11:07 . 2009-07-24 11:07    --------    d-----w-    c:\program files\Microsoft Games
2009-07-23 16:45 . 2009-07-23 16:45    --------    d-----w-    c:\docume~1\Keith\APPLIC~1\CyberLink
2009-07-23 16:44 . 2009-07-23 16:44    --------    d-----w-    c:\documents and settings\All Users\Application Data\CyberLink
2009-07-23 13:22 . 2009-07-23 13:22    --------    d-----w-    c:\program files\AMD
2009-07-23 13:22 . 2009-07-23 13:22    --------    d-----w-    c:\docume~1\Keith\APPLIC~1\InstallShield
2009-07-23 11:18 . 2009-07-22 22:10    --------    d-----w-    c:\program files\Web Publish
2009-07-23 09:33 . 2009-07-23 09:31    --------    d-----w-    c:\program files\Uninstall Manager
2009-07-22 22:52 . 2009-07-22 18:02    --------    d-----w-    c:\program files\Serials 2000 7.2
2009-07-22 22:35 . 2009-07-22 22:35    --------    d-----w-    c:\program files\XMgr
2009-07-22 22:33 . 2009-07-22 22:32    --------    d-----w-    c:\program files\ApiViewer 2004
2009-07-22 22:16 . 2009-07-22 22:16    123143    ----a-w-    c:\windows\Help\hhcolreg.dat
2009-07-22 22:06 . 2009-07-22 22:06    --------    d-----w-    c:\program files\Press It
2009-07-22 21:49 . 2009-07-22 21:49    --------    d-----w-    c:\program files\Common Files\EPSON
2009-07-22 21:48 . 2009-07-22 21:48    --------    d-----w-    c:\program files\EPSON
2009-07-22 21:45 . 2009-07-22 21:45    --------    d-----w-    c:\program files\Snapshot Viewer
2009-07-22 21:44 . 2009-07-22 21:44    --------    d-----w-    c:\docume~1\Keith\APPLIC~1\Microsoft Web Folders
2009-07-22 21:44 . 2009-07-22 16:47    --------    d-----w-    c:\program files\microsoft frontpage
2009-07-22 20:11 . 2009-07-22 20:11    --------    d-----w-    c:\program files\2nd Speech Center
2009-07-22 19:55 . 2009-07-22 19:55    --------    d-----w-    c:\docume~1\Keith\APPLIC~1\Ahead
2009-07-22 19:54 . 2009-07-22 19:54    --------    d-----w-    c:\program files\Nero
2009-07-22 19:35 . 2009-07-22 19:35    --------    d-----w-    c:\program files\Biorhythms
2009-07-22 19:32 . 2009-07-22 18:33    --------    d-----w-    c:\program files\CCleaner
2009-07-22 18:39 . 2009-07-22 18:33    --------    d-----w-    c:\program files\Defraggler
2009-07-22 18:35 . 2009-07-22 18:35    --------    d-----w-    c:\program files\Process Explorer
2009-07-22 18:15 . 2009-07-22 18:15    --------    d-----w-    c:\docume~1\Keith\APPLIC~1\ATI
2009-07-22 18:15 . 2009-07-22 18:15    0    ----a-w-    c:\windows\ativpsrm.bin
2009-07-22 18:01 . 2009-07-22 18:01    1510252    ----a-w-    c:\program files\Serials 2000 7.2.zip
2009-07-22 17:58 . 2009-07-22 17:58    --------    d-----w-    c:\program files\Serials 2000
2009-07-22 17:58 . 2009-07-22 17:58    --------    d-----w-    c:\program files\Serials 2000 7.1 Plus
2009-07-22 17:58 . 2009-07-22 17:58    --------    d-----w-    c:\program files\Serials 2000 7.1 Plus New
2009-07-22 17:51 . 2009-07-22 17:51    --------    d-----w-    c:\program files\WinZip Self-Extractor
2009-07-22 16:45 . 2009-07-22 16:45    21640    ----a-w-    c:\windows\system32\emptyregdb.dat
2009-07-14 18:50 . 2009-07-22 19:39    180224    ----a-w-    c:\windows\CD Case Labeller.exe
2009-07-02 17:49 . 2008-07-09 04:45    4125696    ----a-w-    c:\windows\system32\drivers\ati2mtag.sys
2009-07-02 17:24 . 2008-07-09 02:17    335872    ----a-w-    c:\windows\system32\ati2dvag.dll
2009-07-02 17:06 . 2008-07-09 02:07    204800    ----a-w-    c:\windows\system32\atipdlxx.dll
2009-07-02 17:05 . 2008-07-09 02:07    155648    ----a-w-    c:\windows\system32\Oemdspif.dll
2009-07-02 17:05 . 2008-07-09 02:07    26112    ----a-w-    c:\windows\system32\Ati2mdxx.exe
2009-07-02 17:05 . 2008-07-09 02:07    43520    ----a-w-    c:\windows\system32\ati2edxx.dll
2009-07-02 17:05 . 2008-07-09 02:07    155648    ----a-w-    c:\windows\system32\ati2evxx.dll
2009-07-02 17:04 . 2008-07-09 02:05    602112    ----a-w-    c:\windows\system32\ati2evxx.exe
2009-07-02 17:02 . 2008-07-09 02:04    53248    ----a-w-    c:\windows\system32\ATIDDC.DLL
2009-07-02 16:56 . 2008-07-09 01:55    3014272    ----a-w-    c:\windows\system32\ati3duag.dll
2009-07-02 16:54 . 2008-07-09 02:02    11698176    ----a-w-    c:\windows\system32\atioglxx.dll
2009-07-02 16:44 . 2008-07-09 01:43    2139904    ----a-w-    c:\windows\system32\ativvaxx.dll
2009-07-02 16:31 . 2009-07-02 16:31    49664    ----a-w-    c:\windows\system32\atimpc32.dll
2009-07-02 16:31 . 2008-07-09 01:30    49664    ----a-w-    c:\windows\system32\amdpcom32.dll
2009-07-02 16:28 . 2008-07-09 01:26    487424    ----a-w-    c:\windows\system32\atikvmag.dll
2009-07-02 16:27 . 2009-07-02 16:27    45056    ----a-w-    c:\windows\system32\aticalrt.dll
2009-07-02 16:26 . 2009-07-02 16:26    45056    ----a-w-    c:\windows\system32\aticalcl.dll
2009-07-02 16:26 . 2008-07-09 01:25    151552    ----a-w-    c:\windows\system32\atiadlxx.dll
2009-07-02 16:26 . 2008-07-09 01:25    17408    ----a-w-    c:\windows\system32\atitvo32.dll
2009-07-02 16:25 . 2008-07-09 01:24    53248    ----a-w-    c:\windows\system32\drivers\ati2erec.dll
2009-07-02 16:25 . 2009-07-02 16:25    3248128    ----a-w-    c:\windows\system32\aticaldd.dll
2009-07-02 16:24 . 2008-07-09 01:20    376832    ----a-w-    c:\windows\system32\atiok3x2.dll
2009-07-02 16:20 . 2008-07-09 01:18    651264    ----a-w-    c:\windows\system32\ati2cqag.dll
2009-06-29 16:12 . 2004-08-04 12:00    78336    ----a-w-    c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 12:00    17408    ----a-w-    c:\windows\system32\corpol.dll
2009-06-16 14:36 . 2004-08-04 12:00    81920    ----a-w-    c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00    119808    ----a-w-    c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2004-08-04 12:00    1291264    ----a-w-    c:\windows\system32\quartz.dll
2007-10-05 18:16 . 2009-07-22 17:58    3068210    ----a-w-    c:\program files\Serials 2000 7.1 Plus New.zip
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-01-13 18084864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Keith\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Explorer.lnk - c:\windows\explorer.exe [2004-8-4 1033728]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Doom 3\\DOOM3.exe"=
"c:\\Program Files\\Doom 3\\DOOM3DED.exe"=
"c:\\Program Files\\Doom 3\\D3ROE3_C.EXE"=
"c:\\Program Files\\Half Life 2\\hl2.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UnrealFrontend.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UnrealConsole.exe"=
"c:\\Program Files\\Colin McRae Dirt\\DiRT.exe"=

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [18/05/2007 20:53 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [18/05/2007 20:52 55160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21/08/2009 07:38 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/08/2009 07:38 20560]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [23/07/2009 14:21 68136]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]
S2 Windows MSI;Windows MSI;\\?\c:\windows\system32\msihost.exe --> \\?\c:\systemroot\system32\msihost.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7EE23F98-E7FD-916D-26CE-1053EC702B03}]
c:\windows\system32\calc32.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Digital Video Driver - sdvhost.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-30 22:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1177238915-1390067357-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3712)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSvc.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-30 22:39 - machine was rebooted
ComboFix-quarantined-files.txt  2009-08-30 21:39

Pre-Run: 207,583,735,808 bytes free
Post-Run: 207,469,109,248 bytes free

336    --- E O F ---    2009-08-06 23:18

SpySentinel
Aug 31 2009, 06:10 PM
Hi Keith, I am happy to help.

The reason I asked about getting help at BC is because, if you are receiving help there, thats good, I can close this. We don't like to have people getting help at two or more places at a time because then that would be confusing for you and would waste our time.


You are right, you are still infected with a rootkit:




1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
Driver::
Windows MSI

RegLock::
[HKEY_USERS\S-1-5-21-1177238915-1390067357-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.





Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
Keithuk
Aug 31 2009, 07:59 PM
QUOTE (SpySentinel @ Aug 31 2009, 06:10 PM) *
We don't like to have people getting help at two or more places at a time because then that would be confusing for you and would waste our time.


Its not confusing to me.

Thanks for tip on draging commands into ComboFix.exe. You will notice that the only thing its deleted is my Games.url which there is nothing corrupt in there. Its just a list of old games that I like to extract the old VB2/3 apps from.

Games.url = http://cd.textfiles.com/hotgames/PROGRAMS/

Now yesterday before I ran ComboFix.exe I installed the Recovery Console Run: e:\i386\winnt32.exe /cmdcons
everytime it starts up it asks to start Windows XP Professional Normal or Recovery Console. Now thats something I can do without so I deleted the C:\cmdcons folder and change the boot.ini back now it boots normally. This time it said you don't have Recovery Console active are you sure you want to continue. It just clicked Yes.

Here is the log.
CODE
ComboFix 09-08-31.03 - Keith 31/08/2009 20:12.2.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.2814.2242 [GMT 1:00]
Running from: c:\cd\Malware\ComboFix.exe
Command switches used :: c:\cd\Malware\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090831-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Keith\Favorites\Games.url

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWS_MSI
-------\Service_Windows MSI


(((((((((((((((((((((((((   Files Created from 2009-07-28 to 2009-08-31  )))))))))))))))))))))))))))))))
.

2009-08-31 12:13 . 2009-08-31 12:13    --------    d-----w-    c:\temp\embedded_INIs_v2.23
2009-08-31 12:13 . 2009-08-31 12:13    10806    ----a-w-    c:\temp\embedded_INIs_v2.23.zip
2009-08-30 22:17 . 2009-08-30 22:18    --------    d-----w-    c:\temp\VB Helpwriter 16bit 32bit
2009-08-30 22:17 . 2009-08-30 22:49    4648385    ----a-w-    c:\temp\VBHelpWriter32_4.3.3.zip
2009-08-30 14:17 . 2009-08-30 14:17    --------    d-----w-    c:\program files\Sun
2009-08-30 14:17 . 2009-08-30 14:17    411368    ----a-w-    c:\windows\system32\deploytk.dll
2009-08-30 14:17 . 2009-08-30 14:17    --------    d-----w-    c:\program files\Java
2009-08-30 11:22 . 1998-10-29 15:45    306688    ----a-w-    c:\windows\IsUninst.exe
2009-08-27 20:49 . 2009-08-30 11:39    --------    d-----w-    c:\temp\Tomb Raider Underworld
2009-08-27 19:06 . 2009-08-27 19:06    14460    ----a-w-    c:\temp\cc_20090827_200606.reg
2009-08-27 11:50 . 2009-08-27 12:03    --------    d-----w-    c:\temp\Hex Editor4
2009-08-27 11:50 . 2009-08-27 12:02    --------    d-----w-    c:\temp\Hex Editor3
2009-08-27 11:50 . 2009-08-27 20:52    --------    d-----w-    c:\temp\Hex Editor2
2009-08-27 11:50 . 2006-04-17 15:11    81762    ----a-w-    c:\temp\HexEditor4.zip
2009-08-27 11:50 . 2006-04-17 15:11    30194    ----a-w-    c:\temp\HexEditor3.zip
2009-08-27 11:50 . 2003-04-21 21:30    27999    ----a-w-    c:\temp\HexEditor2.zip
2009-08-26 21:03 . 2008-02-22 11:30    334792    ----a-w-    c:\windows\system32\_AxShlEx.dll
2009-08-26 21:02 . 2009-08-26 21:32    --------    d-----w-    c:\program files\Alcohol 120
2009-08-26 21:00 . 2009-08-26 21:00    716272    ----a-w-    c:\windows\system32\drivers\sptd.sys
2009-08-26 16:07 . 2009-08-26 16:07    --------    d-----w-    c:\documents and settings\Keith\Application Data\Malwarebytes
2009-08-26 16:07 . 2009-08-03 12:36    38160    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-26 16:07 . 2009-08-26 17:45    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2009-08-26 16:07 . 2009-08-26 16:07    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-26 16:07 . 2009-08-03 12:36    19096    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-08-26 14:20 . 2009-08-26 14:20    34816    ----a-w-    c:\windows\system32\drivers\rootrepeal.sys
2009-08-26 13:43 . 2009-08-26 13:44    --------    d-----w-    c:\program files\ERUNT
2009-08-25 16:58 . 2009-08-25 16:58    --------    d-----w-    c:\documents and settings\All Users\Application Data\CA
2009-08-25 16:50 . 2009-08-25 16:53    --------    d-----w-    c:\program files\CA Yahoo! Anti-Spy
2009-08-25 16:46 . 2009-08-25 16:50    --------    d-----w-    c:\program files\Common Files\Scanner
2009-08-24 19:13 . 2009-08-31 10:50    --------    d-----w-    C:\My Documents
2009-08-24 13:57 . 2009-08-24 13:57    --------    d-----w-    c:\temp\New Folder
2009-08-24 13:49 . 2009-08-24 13:49    --------    d-----w-    c:\program files\Hasbro
2009-08-24 08:46 . 2009-08-24 08:46    --------    d--h--r-    c:\documents and settings\Keith\Application Data\SecuROM
2009-08-24 08:46 . 2009-08-24 08:46    108144    ----a-w-    c:\windows\system32\CmdLineExt.dll
2009-08-23 15:00 . 2009-08-29 19:50    --------    d-----w-    c:\temp\CMR4
2009-08-23 11:22 . 2009-08-23 11:29    --------    d-----w-    C:\VB.Net
2009-08-23 11:08 . 2009-08-23 11:08    --------    d-----w-    c:\program files\Microsoft Silverlight
2009-08-23 11:06 . 2009-08-23 11:06    --------    d-----w-    c:\program files\MSXML 6.0
2009-08-23 11:06 . 2009-08-23 11:08    --------    d-----w-    c:\program files\Microsoft SQL Server
2009-08-23 11:03 . 2009-08-23 11:03    --------    d-----w-    c:\program files\Microsoft Synchronization Services
2009-08-23 11:03 . 2009-08-23 11:03    --------    d-----w-    c:\program files\Microsoft SQL Server Compact Edition
2009-08-23 11:03 . 2009-08-23 11:03    187808    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2009-08-23 11:02 . 2009-08-23 11:02    416    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-08-23 11:02 . 2009-08-23 11:02    --------    d-----w-    c:\documents and settings\Keith\Local Settings\Application Data\Microsoft Help
2009-08-23 11:01 . 2009-08-23 11:07    --------    d-----w-    c:\program files\Microsoft.NET
2009-08-23 11:01 . 2009-08-23 11:03    --------    d-----w-    c:\program files\Microsoft Visual Studio 9.0
2009-08-23 11:01 . 2009-08-23 11:04    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-23 11:01 . 2009-08-23 11:01    --------    d-----w-    c:\program files\Microsoft SDKs
2009-08-21 06:38 . 2009-08-17 16:04    51376    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2009-08-21 06:38 . 2009-08-17 16:04    23152    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2009-08-21 06:38 . 2009-08-17 16:03    26944    ----a-w-    c:\windows\system32\drivers\aavmker4.sys
2009-08-21 06:38 . 2009-08-17 16:05    114768    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2009-08-21 06:38 . 2009-08-17 16:05    20560    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2009-08-21 06:38 . 2009-08-17 16:02    97480    ----a-w-    c:\windows\system32\AvastSS.scr
2009-08-21 06:38 . 2009-08-17 16:06    93392    ----a-w-    c:\windows\system32\drivers\aswmon.sys
2009-08-21 06:38 . 2009-08-17 16:06    94160    ----a-w-    c:\windows\system32\drivers\aswmon2.sys
2009-08-21 06:38 . 2009-08-17 16:10    1279456    ----a-w-    c:\windows\system32\aswBoot.exe
2009-08-21 06:28 . 2009-08-21 06:28    --------    d-----w-    c:\windows\system32\wbem\Repository
2009-08-21 06:28 . 2009-08-21 06:28    --------    d-----w-    c:\program files\MSN Messenger
2009-08-20 00:55 . 2009-08-21 06:26    --------    d-----w-    c:\program files\Unreal Tournament 2004
2009-08-19 17:47 . 2009-08-19 17:48    185820    ----a-w-    c:\temp\Ut3.zip
2009-08-19 16:08 . 2009-08-19 17:54    97563    ----a-w-    c:\temp\Microsoft Internet Explorer 7.0.zip
2009-08-19 10:32 . 2009-08-19 10:32    --------    d-----w-    c:\documents and settings\Keith\Local Settings\Application Data\Codemasters
2009-08-19 10:11 . 2009-08-21 06:23    --------    d-----w-    c:\program files\Colin McRae Dirt
2009-08-19 10:03 . 2009-08-19 10:04    --------    d-----w-    c:\program files\F1_2006
2009-08-18 20:55 . 2009-08-18 20:55    --------    d-----w-    c:\documents and settings\All Users\Application Data\InstallShield
2009-08-18 20:54 . 2009-08-18 20:55    --------    d-----w-    c:\program files\Common Files\Jasc Software Inc
2009-08-18 20:54 . 2009-08-18 20:56    --------    d-----w-    c:\program files\Jasc Software Inc
2009-08-18 20:54 . 2009-08-18 20:54    --------    d-----w-    c:\documents and settings\Keith\Application Data\Jasc Software Inc
2009-08-18 19:59 . 2008-01-21 16:43    13576    ----a-w-    c:\windows\system32\wnaspi32.dll
2009-08-17 20:28 . 2009-08-19 17:48    --------    d-----w-    c:\temp\UT3
2009-08-17 10:45 . 2001-05-16 16:54    309616    ----a-w-    c:\windows\system32\wmv8dmod.dll
2009-08-17 10:38 . 2004-08-26 21:41    13902186    ----a-w-    c:\temp\protect.dll
2009-08-17 10:38 . 2004-08-26 21:36    2554368    ----a-w-    c:\temp\CMR5.EXE
2009-08-17 10:38 . 2009-08-17 10:46    --------    d-----w-    c:\program files\Colin McRae Rally 2005
2009-08-15 21:35 . 2009-08-15 22:10    --------    d-----w-    c:\program files\Driver Genius
2009-08-15 21:10 . 2009-08-15 21:10    --------    d-----w-    c:\documents and settings\All Users\Application Data\ATI
2009-08-15 19:57 . 2004-06-14 13:56    427864    ----a-w-    c:\windows\system32\XceedZip.dll
2009-08-15 18:59 . 2009-08-17 16:14    --------    d-----w-    c:\documents and settings\Keith\Local Settings\Application Data\Downloaded Installations
2009-08-15 18:44 . 2004-08-03 22:07    6912    ----a-w-    c:\windows\system32\smbclass.sys
2009-08-15 18:44 . 2004-08-03 22:07    16128    ----a-w-    c:\windows\system32\smbbatt.sys
2009-08-15 18:44 . 2001-08-17 21:36    45568    -c--a-w-    c:\windows\system32\dllcache\smb3w.dll
2009-08-15 18:44 . 2001-08-17 21:36    45568    ----a-w-    c:\windows\system32\smb3w.dll
2009-08-15 18:44 . 2001-08-17 21:36    33792    -c--a-w-    c:\windows\system32\dllcache\smb0w.dll
2009-08-15 18:44 . 2001-08-17 21:36    33792    ----a-w-    c:\windows\system32\smb0w.dll
2009-08-15 18:44 . 2001-08-17 12:57    6784    ----a-w-    c:\windows\system32\smbhc.sys
2009-08-14 18:26 . 2009-08-14 18:26    --------    d-----w-    c:\documents and settings\Keith\Application Data\InstallShield Installation Information
2009-08-14 15:13 . 2009-08-14 15:13    --------    d-----w-    c:\temp\Water Effect
2009-08-13 15:31 . 2009-08-27 06:54    --------    d-----w-    c:\documents and settings\Keith\Local Settings\Application Data\Google
2009-08-13 15:24 . 2009-08-27 06:48    --------    d-----w-    c:\program files\Google
2009-08-13 14:49 . 2009-08-13 14:41    331776    ----a-w-    c:\documents and settings\Keith\Application Data\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe
2009-08-13 14:49 . 2007-10-24 11:47    4147031    ----a-w-    c:\documents and settings\Keith\Application Data\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\ISSetup.dll
2009-08-13 14:43 . 2009-08-17 21:07    --------    d-----w-    c:\program files\Unreal Tournament 3
2009-08-13 13:07 . 2009-05-09 10:14    3248128    ----a-w-    c:\temp\LauncherDialogDLL.dll
2009-08-12 23:05 . 2009-08-12 23:05    --------    d-----w-    c:\temp\Visual Basic 6 Black Book Source Code
2009-08-12 15:21 . 2003-03-18 19:20    1060864    ----a-w-    c:\windows\system32\MFC71.dll
2009-08-12 15:21 . 2009-08-12 15:21    --------    d-----w-    c:\program files\Alwil Software
2009-08-11 16:08 . 2009-08-11 16:11    --------    d-----w-    c:\program files\Quake 4
2009-08-11 16:04 . 2009-08-11 16:04    --------    d-sh--w-    c:\windows\ftpcache
2009-08-11 14:01 . 2009-08-11 14:01    --------    d-----w-    c:\program files\VeryPDF PDF2Word v3.0
2009-08-11 08:00 . 2009-08-30 11:51    --------    d-----w-    c:\temp\CDLabel Pics
2009-08-11 07:43 . 2009-08-11 07:43    --------    d-----w-    c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-08-11 00:10 . 2009-08-15 21:28    62960    ----a-w-    c:\temp\Address Book.zip
2009-08-10 16:30 . 2009-08-10 18:16    --------    d-----w-    c:\temp\Hanoi Puzzle
2009-08-10 13:24 . 2009-08-10 18:21    --------    d-----w-    c:\temp\Resize Controls2
2009-08-09 13:42 . 2009-08-27 20:57    --------    d-----w-    c:\temp\Doom3
2009-08-09 13:02 . 2009-08-09 13:40    --------    d-----w-    c:\program files\Steam
2009-08-09 13:02 . 2009-08-09 13:10    --------    d-----w-    c:\program files\Half Life 2
2009-08-09 00:18 . 2002-12-01 11:13    35497    ----a-w-    c:\temp\Hanoi Puzzle.zip
2009-08-08 23:49 . 2009-08-25 11:25    --------    d---a-w-    c:\documents and settings\All Users\Application Data\TEMP
2009-08-08 13:50 . 2009-08-08 14:01    --------    d-----w-    c:\program files\Doom 3
2009-08-08 10:29 . 2009-08-08 10:29    --------    d-----w-    c:\documents and settings\Keith\Application Data\Windows Search
2009-08-08 10:18 . 2009-08-08 10:18    --------    d-----w-    c:\windows\system32\GroupPolicy
2009-08-08 10:17 . 2008-03-07 17:02    98304    -c----w-    c:\windows\system32\dllcache\nlhtml.dll
2009-08-08 10:17 . 2008-03-07 17:02    29696    -c----w-    c:\windows\system32\dllcache\mimefilt.dll
2009-08-08 10:17 . 2008-03-07 17:02    192000    -c----w-    c:\windows\system32\dllcache\offfilt.dll
2009-08-08 00:08 . 2009-08-08 00:08    --------    d-----w-    c:\program files\ScanSoft
2009-08-08 00:05 . 2009-08-08 00:05    --------    d-----w-    c:\program files\Microsoft AutoRoute
2009-08-07 18:36 . 2009-08-07 18:36    23856    ----a-w-    c:\temp\Water Effect.zip
2009-08-07 09:58 . 2008-04-13 23:15    32128    -c--a-w-    c:\windows\system32\dllcache\usbccgp.sys
2009-08-07 09:58 . 2008-04-13 23:15    32128    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2009-08-07 09:57 . 2008-02-11 16:07    18816    ----a-w-    c:\windows\system32\drivers\tcpipBM.sys
2009-08-07 09:57 . 2008-02-11 16:08    475136    ----a-w-    c:\windows\system32\bmnet.dll
2009-08-07 09:57 . 2008-02-11 16:08    270336    ----a-w-    c:\windows\system32\bminstall.dll
2009-08-07 09:57 . 2008-02-11 16:08    126976    ----a-w-    c:\windows\system32\bmdumpd.bin

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-31 19:18 . 2009-07-23 13:20    16608    ----a-w-    c:\windows\gdrv.sys
2009-08-30 11:31 . 2009-07-22 18:10    --------    d--h--w-    c:\program files\InstallShield Installation Information
2009-08-25 22:36 . 2009-07-22 22:40    143456    ----a-w-    c:\documents and settings\Keith\Favorites.zip
2009-08-25 16:50 . 2009-07-25 23:25    --------    d-----w-    c:\program files\Yahoo!
2009-08-24 19:37 . 2009-07-23 14:52    706871    ----a-w-    C:\My Documents.zip
2009-08-24 16:11 . 2009-07-22 17:38    --------    d-----w-    c:\program files\My Documents
2009-08-23 11:51 . 2009-07-22 22:31    --------    d-----w-    c:\program files\API-Guide
2009-08-21 06:27 . 2009-07-26 08:58    --------    d-----w-    c:\program files\Windows Media Connect 2
2009-08-19 10:28 . 2009-07-22 18:15    33280    ----a-w-    c:\documents and settings\Keith\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-18 20:54 . 2009-07-22 18:09    --------    d-----w-    c:\program files\Common Files\InstallShield
2009-08-17 20:44 . 2009-07-22 18:50    --------    d-----w-    c:\program files\Common Files\Adobe
2009-08-14 13:32 . 2009-07-22 20:36    --------    d-----w-    c:\program files\Realtek
2009-08-14 13:22 . 2009-07-23 13:21    --------    d-----w-    c:\program files\Gigabyte
2009-07-30 19:59 . 2009-07-22 18:56    163840    ----a-w-    c:\windows\system32\PixSS.scr
2009-07-27 13:40 . 2009-07-22 16:47    86327    ----a-w-    c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-26 14:23 . 2009-07-26 14:03    --------    d-----w-    c:\program files\Grand Prix 4
2009-07-26 09:31 . 2009-07-26 09:24    --------    d-----w-    c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-07-26 09:27 . 2009-07-26 09:24    --------    d-----w-    c:\documents and settings\All Users\Application Data\Yahoo!
2009-07-26 09:24 . 2009-07-26 09:24    --------    d-----w-    c:\documents and settings\Keith\Application Data\Yahoo!
2009-07-24 19:20 . 2009-07-24 19:20    --------    d-----w-    c:\program files\NetWaiting
2009-07-24 19:19 . 2009-07-24 19:19    --------    d-----w-    c:\program files\Zoom
2009-07-24 14:10 . 2009-07-22 18:33    --------    d-----w-    c:\program files\Recuva
2009-07-24 11:40 . 2009-07-22 21:08    --------    d-----w-    c:\program files\VB3 Decompiler
2009-07-24 11:07 . 2009-07-24 11:07    --------    d-----w-    c:\program files\Microsoft Games
2009-07-23 16:45 . 2009-07-23 16:45    --------    d-----w-    c:\documents and settings\Keith\Application Data\CyberLink
2009-07-23 16:44 . 2009-07-23 16:44    --------    d-----w-    c:\documents and settings\All Users\Application Data\CyberLink
2009-07-23 13:22 . 2009-07-23 13:22    --------    d-----w-    c:\program files\AMD
2009-07-23 13:22 . 2009-07-23 13:22    --------    d-----w-    c:\documents and settings\Keith\Application Data\InstallShield
2009-07-23 11:18 . 2009-07-22 22:10    --------    d-----w-    c:\program files\Web Publish
2009-07-23 09:33 . 2009-07-23 09:31    --------    d-----w-    c:\program files\Uninstall Manager
2009-07-22 22:52 . 2009-07-22 18:02    --------    d-----w-    c:\program files\Serials 2000 7.2
2009-07-22 22:35 . 2009-07-22 22:35    --------    d-----w-    c:\program files\XMgr
2009-07-22 22:33 . 2009-07-22 22:32    --------    d-----w-    c:\program files\ApiViewer 2004
2009-07-22 22:16 . 2009-07-22 22:16    123143    ----a-w-    c:\windows\Help\hhcolreg.dat
2009-07-22 22:06 . 2009-07-22 22:06    --------    d-----w-    c:\program files\Press It
2009-07-22 21:49 . 2009-07-22 21:49    --------    d-----w-    c:\program files\Common Files\EPSON
2009-07-22 21:48 . 2009-07-22 21:48    --------    d-----w-    c:\program files\EPSON
2009-07-22 21:45 . 2009-07-22 21:45    --------    d-----w-    c:\program files\Snapshot Viewer
2009-07-22 21:44 . 2009-07-22 21:44    --------    d-----w-    c:\documents and settings\Keith\Application Data\Microsoft Web Folders
2009-07-22 21:44 . 2009-07-22 16:47    --------    d-----w-    c:\program files\microsoft frontpage
2009-07-22 20:11 . 2009-07-22 20:11    --------    d-----w-    c:\program files\2nd Speech Center
2009-07-22 19:55 . 2009-07-22 19:55    --------    d-----w-    c:\documents and settings\Keith\Application Data\Ahead
2009-07-22 19:54 . 2009-07-22 19:54    --------    d-----w-    c:\program files\Nero
2009-07-22 19:35 . 2009-07-22 19:35    --------    d-----w-    c:\program files\Biorhythms
2009-07-22 19:32 . 2009-07-22 18:33    --------    d-----w-    c:\program files\CCleaner
2009-07-22 18:39 . 2009-07-22 18:33    --------    d-----w-    c:\program files\Defraggler
2009-07-22 18:35 . 2009-07-22 18:35    --------    d-----w-    c:\program files\Process Explorer
2009-07-22 18:15 . 2009-07-22 18:15    --------    d-----w-    c:\documents and settings\Keith\Application Data\ATI
2009-07-22 18:15 . 2009-07-22 18:15    0    ----a-w-    c:\windows\ativpsrm.bin
2009-07-22 18:01 . 2009-07-22 18:01    1510252    ----a-w-    c:\program files\Serials 2000 7.2.zip
2009-07-22 17:58 . 2009-07-22 17:58    --------    d-----w-    c:\program files\Serials 2000
2009-07-22 17:58 . 2009-07-22 17:58    --------    d-----w-    c:\program files\Serials 2000 7.1 Plus
2009-07-22 17:58 . 2009-07-22 17:58    --------    d-----w-    c:\program files\Serials 2000 7.1 Plus New
2009-07-22 17:51 . 2009-07-22 17:51    --------    d-----w-    c:\program files\WinZip Self-Extractor
2009-07-22 16:45 . 2009-07-22 16:45    21640    ----a-w-    c:\windows\system32\emptyregdb.dat
2009-07-14 18:50 . 2009-07-22 19:39    180224    ----a-w-    c:\windows\CD Case Labeller.exe
2009-07-02 17:49 . 2008-07-09 04:45    4125696    ----a-w-    c:\windows\system32\drivers\ati2mtag.sys
2009-07-02 17:24 . 2008-07-09 02:17    335872    ----a-w-    c:\windows\system32\ati2dvag.dll
2009-07-02 17:06 . 2008-07-09 02:07    204800    ----a-w-    c:\windows\system32\atipdlxx.dll
2009-07-02 17:05 . 2008-07-09 02:07    155648    ----a-w-    c:\windows\system32\Oemdspif.dll
2009-07-02 17:05 . 2008-07-09 02:07    26112    ----a-w-    c:\windows\system32\Ati2mdxx.exe
2009-07-02 17:05 . 2008-07-09 02:07    43520    ----a-w-    c:\windows\system32\ati2edxx.dll
2009-07-02 17:05 . 2008-07-09 02:07    155648    ----a-w-    c:\windows\system32\ati2evxx.dll
2009-07-02 17:04 . 2008-07-09 02:05    602112    ----a-w-    c:\windows\system32\ati2evxx.exe
2009-07-02 17:02 . 2008-07-09 02:04    53248    ----a-w-    c:\windows\system32\ATIDDC.DLL
2009-07-02 16:56 . 2008-07-09 01:55    3014272    ----a-w-    c:\windows\system32\ati3duag.dll
2009-07-02 16:54 . 2008-07-09 02:02    11698176    ----a-w-    c:\windows\system32\atioglxx.dll
2009-07-02 16:44 . 2008-07-09 01:43    2139904    ----a-w-    c:\windows\system32\ativvaxx.dll
2009-07-02 16:31 . 2009-07-02 16:31    49664    ----a-w-    c:\windows\system32\atimpc32.dll
2009-07-02 16:31 . 2008-07-09 01:30    49664    ----a-w-    c:\windows\system32\amdpcom32.dll
2009-07-02 16:28 . 2008-07-09 01:26    487424    ----a-w-    c:\windows\system32\atikvmag.dll
2009-07-02 16:27 . 2009-07-02 16:27    45056    ----a-w-    c:\windows\system32\aticalrt.dll
2009-07-02 16:26 . 2009-07-02 16:26    45056    ----a-w-    c:\windows\system32\aticalcl.dll
2009-07-02 16:26 . 2008-07-09 01:25    151552    ----a-w-    c:\windows\system32\atiadlxx.dll
2009-07-02 16:26 . 2008-07-09 01:25    17408    ----a-w-    c:\windows\system32\atitvo32.dll
2009-07-02 16:25 . 2008-07-09 01:24    53248    ----a-w-    c:\windows\system32\drivers\ati2erec.dll
2009-07-02 16:25 . 2009-07-02 16:25    3248128    ----a-w-    c:\windows\system32\aticaldd.dll
2009-07-02 16:24 . 2008-07-09 01:20    376832    ----a-w-    c:\windows\system32\atiok3x2.dll
2009-07-02 16:20 . 2008-07-09 01:18    651264    ----a-w-    c:\windows\system32\ati2cqag.dll
2009-06-29 16:12 . 2004-08-04 12:00    78336    ----a-w-    c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 12:00    17408    ----a-w-    c:\windows\system32\corpol.dll
2009-06-16 14:36 . 2004-08-04 12:00    81920    ----a-w-    c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00    119808    ----a-w-    c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2004-08-04 12:00    1291264    ----a-w-    c:\windows\system32\quartz.dll
2007-10-05 18:16 . 2009-07-22 17:58    3068210    ----a-w-    c:\program files\Serials 2000 7.1 Plus New.zip
.

(((((((((((((((((((((((((((((   SnapShot@2009-08-30_21.36.17   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-31 19:18 . 2009-08-31 19:18    16384              c:\windows\Temp\Perflib_Perfdata_604.dat
+ 2009-08-31 19:18 . 2009-08-31 19:18    16384              c:\windows\Temp\Perflib_Perfdata_20c.dat
- 2004-08-04 12:00 . 2009-08-30 21:14    545860              c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2009-08-30 21:40    545860              c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2009-08-30 21:14    105534              c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-08-30 21:40    105534              c:\windows\system32\perfc009.dat
+ 2009-08-31 19:18 . 2009-08-31 19:18    180224              c:\windows\ERDNT\AutoBackup\31-08-2009\Users\00000002\UsrClass.dat
+ 2009-08-31 19:18 . 2005-10-20 11:02    163328              c:\windows\ERDNT\AutoBackup\31-08-2009\ERDNT.EXE
+ 2009-08-31 19:18 . 2009-08-31 19:18    8503296              c:\windows\ERDNT\AutoBackup\31-08-2009\Users\00000001\ntuser.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-01-13 18084864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Doom 3\\DOOM3.exe"=
"c:\\Program Files\\Doom 3\\DOOM3DED.exe"=
"c:\\Program Files\\Doom 3\\D3ROE3_C.EXE"=
"c:\\Program Files\\Half Life 2\\hl2.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UnrealFrontend.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UnrealConsole.exe"=
"c:\\Program Files\\Colin McRae Dirt\\DiRT.exe"=

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [18/05/2007 20:53 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [18/05/2007 20:52 55160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21/08/2009 07:38 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/08/2009 07:38 20560]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [23/07/2009 14:21 68136]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7EE23F98-E7FD-916D-26CE-1053EC702B03}]
c:\windows\system32\calc32.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-31 20:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1177238915-1390067357-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3816)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSvc.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\notepad.exe
.
**************************************************************************
.
Completion time: 2009-08-31 20:21 - machine was rebooted
ComboFix-quarantined-files.txt  2009-08-31 19:21
ComboFix2.txt  2009-08-30 21:39

Pre-Run: 206,815,465,472 bytes free
Post-Run: 206,863,994,880 bytes free

339    --- E O F ---    2009-08-06 23:18



QUOTE (SpySentinel @ Aug 31 2009, 06:10 PM) *
You are right, you are still infected with a rootkit:

Launch Malwarebytes' Anti-Malware


I ran Malwarebytes' and updated the database and only did a quick scan and it found nothing. Now I'm not actually sure what the difference is between a Quick scan and a Full scan? I know the obvious one scans ALL files and one scans important files. I know a full one takes an hour an a half and a quick scan takes 2:34 minutes.

Thanks for your help again. wink.gif

mbam-log-2009-08-31 (20-50-56).txt
CODE
Malwarebytes' Anti-Malware 1.40
Database version: 2722
Windows 5.1.2600 Service Pack 3

31/08/2009 20:50:56
mbam-log-2009-08-31 (20-50-56).txt

Scan type: Quick Scan
Objects scanned: 99607
Time elapsed: 1 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SpySentinel
Sep 1 2009, 03:54 PM
Download the HostsXpert 4.3 - Hosts File Manager.
  • Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.3 - Hosts File Manager
  • Run HostsXpert 4.3 - Hosts File Manager from its new home
  • Click on "File Handling".
  • Click on "Restore MS Hosts File".
  • Click OK on the Confirmation box.
  • Click on "Make Read Only?"
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.




Go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Keithuk
Sep 1 2009, 07:41 PM
QUOTE (SpySentinel @ Sep 1 2009, 03:54 PM) *
Download the HostsXpert 4.3 - Hosts File Manager.

Go to Kaspersky website and perform an online antivirus scan.


Thank you Spy.

Why would I want to install Kaspersky supposedly one of the worst anti virus apps on the market? Don't you think my Avast 4.8 is good enough?

Do you know I've been thinking about this Games.url and I've been looking at the properties of another games sites that I have and it has exactly the same properties as another one. It goes to the exact same page so why didn't it pickup on that one?
SpySentinel
Sep 2 2009, 02:50 AM
AVAST is great, so is Kaspersky. I am not having you download it, its just a scan to see if you are clean or not.

Please run the scan and post the log.
Keithuk
Sep 2 2009, 12:11 PM
QUOTE (SpySentinel @ Sep 2 2009, 02:50 AM) *
AVAST is great, so is Kaspersky. I am not having you download it, its just a scan to see if you are clean or not.

Please run the scan and post the log.


Well when I clicked on the Kaspersky link it wanted to install Kaspersky? Which I'm not doing.

As I've said everything the web searches appear to be working as it should at the moment. I haven't had that Warning popup for a couple of days.

If you want to close this topic then its alright by me Sky.

Thanks again for your support, its much appreciated. wink.gif
SpySentinel
Sep 2 2009, 01:53 PM
You're welcome.

Your log looks clean, Great Job smile.gif


Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.



Now for some cleanup..
Please download OTC and save it to Desktop.
  • Please make sure you are connecting to the Internet
  • Double-click OTC.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.



Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.


  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      1. Change the Download signed ActiveX controls to Prompt
      2. Change the Download unsigned ActiveX controls to Disable
      3. Change the Initialize and script ActiveX controls not marked as safe to Disable
      4. Change the Installation of desktop items to Prompt
      5. Change the Launching programs and files in an IFRAME to Prompt
      6. Change the Navigate sub-frames across different domains to Prompt
      7. When all these settings have been made, click on the OK button.
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

    • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
    • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

    • Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    • Install SpywareGuard - SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

    • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
    Follow this list and your potential for being infected again will reduce dramatically.

    here are some additional utilities that will enhance your safety

    • McAfee Site Advisor <= McAfee Site Advisor protects your browser against malicious sites and warns you when you go to one.
    • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
    • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
      Using Winpatrol to protect your computer from malicious software
    SpySentinel
    Sep 13 2009, 03:12 AM
    Since this issue appears to be resolved ... this Topic has been closed. Glad I could help smile.gif

    If you're the topic starter, and need this topic reopened, please contact Me or another Moderator with the address of the thread.

    Everyone else please begin a New Topic.
    This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
    Invision Power Board © 2001-2009 Invision Power Services, Inc.