Solved Google Redirect Issue

broni · 2011/06/27

Looks good

How is computer doing?

See if TDSSKiller will run now.

Richard M · 2011/06/27

TDSS Killer Log

It's looking good - I've tested google and it's not redirecting any more - thank you. What do you think the problem was?

Here is the result of the TDSS Killer - it ran fine this time.

2011/06/27 23:07:01.0138 4744 TDSS rootkit removing tool 2.5.6.0 Jun 27 2011 15:22:52
2011/06/27 23:07:01.0783 4744 ================================================================================
2011/06/27 23:07:01.0783 4744 SystemInfo:
2011/06/27 23:07:01.0783 4744
2011/06/27 23:07:01.0783 4744 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/27 23:07:01.0783 4744 Product type: Workstation
2011/06/27 23:07:01.0783 4744 ComputerName: RICH-PC
2011/06/27 23:07:01.0784 4744 UserName: Rich
2011/06/27 23:07:01.0784 4744 Windows directory: C:\Windows
2011/06/27 23:07:01.0784 4744 System windows directory: C:\Windows
2011/06/27 23:07:01.0784 4744 Processor architecture: Intel x86
2011/06/27 23:07:01.0784 4744 Number of processors: 2
2011/06/27 23:07:01.0784 4744 Page size: 0x1000
2011/06/27 23:07:01.0784 4744 Boot type: Normal boot
2011/06/27 23:07:01.0784 4744 ================================================================================
2011/06/27 23:07:02.0705 4744 Initialize success
2011/06/27 23:07:04.0707 5840 ================================================================================
2011/06/27 23:07:04.0707 5840 Scan started
2011/06/27 23:07:04.0707 5840 Mode: Manual;
2011/06/27 23:07:04.0707 5840 ================================================================================
2011/06/27 23:07:06.0532 5840 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/27 23:07:06.0579 5840 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/27 23:07:06.0641 5840 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/27 23:07:06.0673 5840 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/27 23:07:06.0719 5840 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/27 23:07:06.0797 5840 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/06/27 23:07:06.0860 5840 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2011/06/27 23:07:06.0907 5840 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/27 23:07:06.0953 5840 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
2011/06/27 23:07:06.0985 5840 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2011/06/27 23:07:07.0031 5840 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
2011/06/27 23:07:07.0047 5840 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/27 23:07:07.0078 5840 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/06/27 23:07:07.0156 5840 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/27 23:07:07.0219 5840 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/27 23:07:07.0281 5840 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/27 23:07:07.0328 5840 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/27 23:07:07.0437 5840 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/27 23:07:07.0515 5840 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/27 23:07:07.0546 5840 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/27 23:07:07.0577 5840 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/27 23:07:07.0624 5840 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/27 23:07:07.0655 5840 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/27 23:07:07.0687 5840 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/27 23:07:07.0718 5840 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/27 23:07:07.0733 5840 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/27 23:07:07.0827 5840 CamDrL (0f5ca31bb3fdb5c1e63c170cfbecc93b) C:\Windows\system32\DRIVERS\Camdrl.sys
2011/06/27 23:07:07.0999 5840 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/27 23:07:08.0045 5840 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/27 23:07:08.0092 5840 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\Windows\system32\drivers\cfwids.sys
2011/06/27 23:07:08.0139 5840 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/27 23:07:08.0201 5840 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/27 23:07:08.0248 5840 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
2011/06/27 23:07:08.0279 5840 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/06/27 23:07:08.0311 5840 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/27 23:07:08.0336 5840 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/27 23:07:08.0396 5840 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/06/27 23:07:08.0446 5840 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/27 23:07:08.0516 5840 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/27 23:07:08.0566 5840 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/06/27 23:07:08.0596 5840 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
2011/06/27 23:07:08.0656 5840 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/27 23:07:08.0706 5840 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/06/27 23:07:08.0746 5840 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/27 23:07:08.0806 5840 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/27 23:07:08.0876 5840 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/27 23:07:08.0996 5840 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/27 23:07:09.0036 5840 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/27 23:07:09.0066 5840 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/27 23:07:09.0126 5840 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/27 23:07:09.0166 5840 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/27 23:07:09.0196 5840 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/27 23:07:09.0236 5840 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/27 23:07:09.0266 5840 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/27 23:07:09.0306 5840 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/27 23:07:09.0366 5840 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/06/27 23:07:09.0436 5840 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/27 23:07:09.0486 5840 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/27 23:07:09.0516 5840 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/27 23:07:09.0566 5840 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/27 23:07:09.0606 5840 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/27 23:07:09.0656 5840 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/27 23:07:09.0686 5840 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/27 23:07:09.0756 5840 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/27 23:07:09.0826 5840 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
2011/06/27 23:07:09.0866 5840 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/27 23:07:09.0996 5840 igfx (4b1ac83548269f1829803b4c88be6c83) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/27 23:07:10.0056 5840 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/27 23:07:10.0166 5840 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/27 23:07:10.0226 5840 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/27 23:07:10.0276 5840 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/27 23:07:10.0356 5840 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/27 23:07:10.0416 5840 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/27 23:07:10.0486 5840 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/27 23:07:10.0516 5840 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2011/06/27 23:07:10.0566 5840 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/27 23:07:10.0606 5840 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/27 23:07:10.0666 5840 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/27 23:07:10.0706 5840 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/27 23:07:10.0746 5840 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/27 23:07:10.0796 5840 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/27 23:07:10.0876 5840 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/27 23:07:10.0936 5840 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/27 23:07:10.0956 5840 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/27 23:07:11.0016 5840 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/27 23:07:11.0046 5840 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/27 23:07:11.0096 5840 LVUSBSta (64bc29c3a0388bfc580bb8b1346f7659) C:\Windows\system32\drivers\LVUSBSta.sys
2011/06/27 23:07:11.0256 5840 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/27 23:07:11.0276 5840 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\Windows\system32\drivers\mfeapfk.sys
2011/06/27 23:07:11.0326 5840 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\Windows\system32\drivers\mfeavfk.sys
2011/06/27 23:07:11.0416 5840 mfebopk (a528b15e330edb83ea649be318d841d5) C:\Windows\system32\drivers\mfebopk.sys
2011/06/27 23:07:11.0546 5840 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\Windows\system32\drivers\mfefirek.sys
2011/06/27 23:07:11.0706 5840 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\Windows\system32\drivers\mfehidk.sys
2011/06/27 23:07:11.0746 5840 mfenlfk (3a1aa28066785449da570462e0532d0c) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/06/27 23:07:11.0806 5840 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\Windows\system32\drivers\mferkdet.sys
2011/06/27 23:07:11.0876 5840 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
2011/06/27 23:07:11.0906 5840 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
2011/06/27 23:07:11.0966 5840 mfewfpk (b2baac6bbedda3e26e82db13fa0e5bee) C:\Windows\system32\drivers\mfewfpk.sys
2011/06/27 23:07:12.0016 5840 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/27 23:07:12.0056 5840 monitor (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/27 23:07:12.0106 5840 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/27 23:07:12.0166 5840 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/27 23:07:12.0216 5840 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/27 23:07:12.0266 5840 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/27 23:07:12.0306 5840 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/27 23:07:12.0336 5840 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/27 23:07:12.0376 5840 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/27 23:07:12.0406 5840 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/27 23:07:12.0456 5840 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/27 23:07:12.0476 5840 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/27 23:07:12.0496 5840 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
2011/06/27 23:07:12.0536 5840 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/27 23:07:12.0596 5840 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/27 23:07:12.0646 5840 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/27 23:07:12.0716 5840 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/27 23:07:12.0772 5840 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/27 23:07:12.0819 5840 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/27 23:07:12.0881 5840 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/27 23:07:12.0912 5840 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/27 23:07:12.0943 5840 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/27 23:07:12.0990 5840 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/27 23:07:13.0037 5840 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/27 23:07:13.0084 5840 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/27 23:07:13.0146 5840 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/27 23:07:13.0177 5840 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/27 23:07:13.0224 5840 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/27 23:07:13.0271 5840 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/27 23:07:13.0302 5840 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/27 23:07:13.0318 5840 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/27 23:07:13.0396 5840 netr73 (847b64e9069946556bcfcdce638566d8) C:\Windows\system32\DRIVERS\netr73.sys
2011/06/27 23:07:13.0458 5840 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/27 23:07:13.0489 5840 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/27 23:07:13.0521 5840 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/27 23:07:13.0583 5840 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/27 23:07:13.0630 5840 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/27 23:07:13.0692 5840 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/27 23:07:13.0739 5840 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/06/27 23:07:13.0786 5840 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/06/27 23:07:13.0817 5840 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2011/06/27 23:07:13.0942 5840 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/06/27 23:07:13.0989 5840 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/27 23:07:14.0035 5840 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/27 23:07:14.0067 5840 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/27 23:07:14.0129 5840 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/27 23:07:14.0160 5840 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/06/27 23:07:14.0191 5840 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/27 23:07:14.0254 5840 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/27 23:07:14.0347 5840 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/27 23:07:14.0379 5840 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/27 23:07:14.0441 5840 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/27 23:07:14.0488 5840 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/27 23:07:14.0550 5840 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/27 23:07:14.0597 5840 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/27 23:07:14.0659 5840 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/27 23:07:14.0753 5840 R300 (e52b7a5010011c29063684cac1a6bbf0) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/27 23:07:14.0815 5840 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/27 23:07:14.0878 5840 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/27 23:07:14.0893 5840 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/27 23:07:14.0925 5840 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/27 23:07:14.0956 5840 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/27 23:07:14.0987 5840 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/27 23:07:15.0034 5840 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2011/06/27 23:07:15.0081 5840 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/27 23:07:15.0127 5840 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/27 23:07:15.0221 5840 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/27 23:07:15.0268 5840 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/27 23:07:15.0330 5840 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/27 23:07:15.0377 5840 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/27 23:07:15.0408 5840 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/27 23:07:15.0471 5840 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/27 23:07:15.0533 5840 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/06/27 23:07:15.0595 5840 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/27 23:07:15.0627 5840 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/27 23:07:15.0658 5840 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/27 23:07:15.0705 5840 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2011/06/27 23:07:15.0751 5840 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/27 23:07:15.0798 5840 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/27 23:07:15.0861 5840 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/27 23:07:15.0939 5840 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/27 23:07:16.0001 5840 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/06/27 23:07:16.0063 5840 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/27 23:07:16.0110 5840 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/27 23:07:16.0177 5840 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/27 23:07:16.0247 5840 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/27 23:07:16.0287 5840 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/27 23:07:16.0317 5840 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/27 23:07:16.0397 5840 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/06/27 23:07:16.0437 5840 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/27 23:07:16.0497 5840 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/27 23:07:16.0537 5840 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/27 23:07:16.0587 5840 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/27 23:07:16.0637 5840 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/27 23:07:16.0717 5840 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/27 23:07:16.0887 5840 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/27 23:07:16.0957 5840 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/27 23:07:17.0007 5840 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/27 23:07:17.0057 5840 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/27 23:07:17.0117 5840 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/27 23:07:17.0187 5840 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/27 23:07:17.0237 5840 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/27 23:07:17.0277 5840 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/27 23:07:17.0317 5840 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/27 23:07:17.0377 5840 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/27 23:07:17.0487 5840 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/27 23:07:17.0567 5840 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/06/27 23:07:17.0627 5840 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/27 23:07:17.0667 5840 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/27 23:07:17.0737 5840 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/27 23:07:17.0767 5840 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/27 23:07:17.0807 5840 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/27 23:07:17.0837 5840 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/06/27 23:07:17.0877 5840 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/27 23:07:17.0927 5840 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/27 23:07:17.0987 5840 USB_RNDIS (830d5d8456b822c1247c1e59b4c464fa) C:\Windows\system32\DRIVERS\usb8023.sys
2011/06/27 23:07:18.0027 5840 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/27 23:07:18.0067 5840 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/27 23:07:18.0097 5840 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2011/06/27 23:07:18.0137 5840 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/27 23:07:18.0177 5840 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
2011/06/27 23:07:18.0197 5840 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/27 23:07:18.0247 5840 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/27 23:07:18.0327 5840 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/27 23:07:18.0367 5840 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/27 23:07:18.0427 5840 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/27 23:07:18.0477 5840 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/27 23:07:18.0487 5840 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/27 23:07:18.0537 5840 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/27 23:07:18.0607 5840 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/27 23:07:18.0767 5840 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/27 23:07:18.0857 5840 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/27 23:07:18.0907 5840 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/27 23:07:18.0997 5840 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/27 23:07:19.0087 5840 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/06/27 23:07:19.0117 5840 Boot (0x1200) (f3390380eb50c83af9b6b58738d6812c) \Device\Harddisk0\DR0\Partition0
2011/06/27 23:07:19.0137 5840 Boot (0x1200) (5929da66e25b07a95f000c7c06429c02) \Device\Harddisk0\DR0\Partition1
2011/06/27 23:07:19.0147 5840 ================================================================================
2011/06/27 23:07:19.0147 5840 Scan finished
2011/06/27 23:07:19.0147 5840 ================================================================================
2011/06/27 23:07:19.0177 4680 Detected object count: 0
2011/06/27 23:07:19.0177 4680 Actual detected object count: 0

broni · 2011/06/27

Good news
You had a rootkited file.
Combofix took care of it:

Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack
Click to expand...

=====================================================

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Richard M · 2011/06/27

OTL File

So out of interest - is a rootkited file the result of some kind of virsus?

Here is the OTL logs:

OTL logfile created on: 27/06/2011 23:56:42 - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Rich\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.54% Memory free
4.23 Gb Paging File | 3.15 Gb Available in Paging File | 74.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 175.26 Gb Free Space | 60.85% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.33 Gb Free Space | 63.28% Space Free | Partition Type: NTFS

Computer Name: RICH-PC | User Name: Rich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/27 23:52:25 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/01/17 08:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/03/15 12:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/11/05 11:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 10:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

========== Modules (SafeList) ==========

MOD - [2011/06/27 23:52:25 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/06/05 13:08:08 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/10/07 22:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

========== Driver Services (SafeList) ==========

DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,165,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,064,584 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/04/11 05:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2007/12/04 14:50:56 | 000,464,384 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2007/04/29 09:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/04/04 14:05:54 | 002,313,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/03 10:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 10:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-123076629-2821856737-1922197628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-123076629-2821856737-1922197628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-123076629-2821856737-1922197628-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-123076629-2821856737-1922197628-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-123076629-2821856737-1922197628-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/24 18:44:08 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110625235450.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-123076629-2821856737-1922197628-1000..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-123076629-2821856737-1922197628-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-123076629-2821856737-1922197628-1000..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\S-1-5-21-123076629-2821856737-1922197628-1000..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-123076629-2821856737-1922197628-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-123076629-2821856737-1922197628-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/armhelper.ocx (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\springtime-in-the-rockies-by-gramag4.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\springtime-in-the-rockies-by-gramag4.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/06/27 23:52:22 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe
[2011/06/27 23:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/06/27 23:06:45 | 000,000,000 | ---D | C] -- C:\Users\Rich\Desktop\tdsskiller
[2011/06/27 19:16:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/06/27 19:16:23 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\temp
[2011/06/27 19:14:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/27 18:55:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/27 18:55:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/27 18:55:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/27 18:54:32 | 004,127,961 | R--- | C] (Swearware) -- C:\Users\Rich\Desktop\ComboFix.exe
[2011/06/27 18:45:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/27 18:45:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/27 18:17:19 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{B9F452BD-D8D3-429F-94BB-49588E6C21DE}
[2011/06/26 09:47:00 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{F2DF17A2-2266-45D6-8998-5A1414CF283D}
[2011/06/25 22:45:20 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/06/25 22:06:55 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Malwarebytes
[2011/06/25 22:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/25 22:06:20 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/25 22:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/25 22:06:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/25 21:40:59 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{2996F710-4E2C-4DE7-9ACD-AF030261C0B4}
[2011/06/25 09:06:40 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{6A4251C3-E45F-447B-8F69-413266246AFF}
[2011/06/24 19:23:17 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{629AA4D1-8202-4F1A-AE3A-C6FA8FCEF3FF}
[2011/06/23 20:08:02 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\AVG10
[2011/06/23 19:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/06/23 19:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/06/23 19:40:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/06/23 19:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/06/23 19:33:47 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{DCAAEA2E-B55F-4EB1-92A3-BDA78077C072}
[2011/06/22 20:35:51 | 000,000,000 | -H-D | C] -- C:\Users\Rich\AppData\Local\{4D256AD5-AC41-4698-8102-4118B48A9BCB}
[2011/06/21 07:35:06 | 000,000,000 | -H-D | C] -- C:\Users\Rich\AppData\Local\{3646D278-B2EB-48D5-BBDB-04106E478BED}
[2011/06/20 21:34:04 | 000,000,000 | -H-D | C] -- C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Repair
[2011/06/20 18:33:49 | 000,000,000 | -H-D | C] -- C:\Users\Rich\AppData\Local\{CC27C027-AF17-4134-8F2A-EFB8AA94FD1B}
[2011/06/19 21:12:04 | 000,000,000 | -H-D | C] -- C:\Users\Rich\AppData\Local\{21D49531-B96A-45DC-9EF7-1D1A5D3CC03C}
[2011/06/16 19:09:38 | 000,000,000 | -H-D | C] -- C:\Users\Rich\AppData\Local\{19825C3C-2A24-4EF0-A5C3-14643B34866B}
[2011/06/15 19:02:45 | 000,000,000 | -H-D | C] -- C:\Users\Rich\AppData\Local\{D081E74E-9764-4434-B39D-8CA80BC0852B}
[2011/06/13 16:11:49 | 000,000,000 | -H-D | C] -- C:\Users\Rich\AppData\Local\{FA903B25-4099-484C-9667-4AE4A68EF5C4}
[2011/06/12 12:50:35 | 000,000,000 | -H-D | C] -- C:\Users\Rich\AppData\Local\{78F706DC-0666-4BBC-9301-76B3166A8DCC}
[2011/06/12 12:45:34 | 000,000,000 | -H-D | C] -- C:\Users\Rich\AppData\Local\{FAF60ECB-9305-4662-9044-5910D081F847}
[2011/06/12 12:33:22 | 000,000,000 | -H-D | C] -- C:\Users\Rich\AppData\Local\{23E63D5F-12F3-44FB-83CF-88867D540D1B}
[2011/06/11 16:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/11 16:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/11 16:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/11 12:56:54 | 000,000,000 | -H-D | C] -- C:\Users\Rich\AppData\Local\{4226A22C-B75D-4C09-ACCF-3B05B484ED47}
[2011/06/09 19:24:17 | 000,000,000 | -H-D | C] -- C:\Users\Rich\AppData\Local\{6CBF2BF1-C61E-4D9D-A2FE-B4E27AE6864C}
[2011/06/07 18:43:17 | 000,000,000 | -H-D | C] -- C:\Users\Rich\AppData\Local\{26FE209E-3B59-4429-A85B-77CEF9CC4087}
[2011/06/05 13:07:56 | 000,000,000 | -H-D | C] -- C:\Users\Rich\AppData\Local\{F74958AB-5FD6-454C-A73C-34916A4E943F}
[2011/06/03 19:28:04 | 000,000,000 | -H-D | C] -- C:\Users\Rich\AppData\Local\{63D34430-B8EA-47D6-AC52-612A5768C629}
[2011/05/31 21:21:39 | 000,000,000 | -H-D | C] -- C:\Users\Rich\AppData\Local\{2492702A-BCCC-47AA-A3CC-EF8FEE231734}

========== Files - Modified Within 30 Days ==========

[2011/06/27 23:52:25 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe
[2011/06/27 23:12:45 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/06/27 23:12:31 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/27 23:12:31 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/27 23:12:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/27 23:12:19 | 2143,518,720 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/27 23:06:22 | 001,316,026 | ---- | M] () -- C:\Users\Rich\Desktop\tdsskiller.zip
[2011/06/27 19:23:35 | 000,617,088 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/27 19:23:35 | 000,111,958 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/27 18:54:51 | 004,127,961 | R--- | M] (Swearware) -- C:\Users\Rich\Desktop\ComboFix.exe
[2011/06/26 22:19:39 | 000,035,592 | ---- | M] () -- C:\Users\Rich\Desktop\Report - rootkit unhooker
[2011/06/26 22:17:13 | 000,000,778 | ---- | M] () -- C:\Users\Rich\Desktop\RKUnhookerLE - Shortcut.lnk
[2011/06/26 12:17:31 | 000,000,512 | ---- | M] () -- C:\Users\Rich\Desktop\MBR.dat
[2011/06/25 23:40:10 | 000,002,627 | ---- | M] () -- C:\Users\Rich\Desktop\Microsoft Office Word 2007.lnk
[2011/06/25 22:06:21 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/25 18:41:08 | 000,000,945 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/25 18:19:12 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/06/25 18:19:12 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/06/25 18:18:56 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/06/23 19:31:41 | 000,051,200 | ---- | M] () -- C:\Users\Rich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/23 19:18:12 | 000,001,356 | ---- | M] () -- C:\Users\Rich\AppData\Local\d3d9caps.dat
[2011/06/20 21:41:50 | 000,000,040 | -H-- | M] () -- C:\ProgramData\~45080312
[2011/06/11 16:18:35 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

========== Files Created - No Company Name ==========

[2011/06/27 18:55:22 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/27 18:55:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/27 18:55:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/27 18:55:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/27 18:55:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/26 22:38:51 | 001,316,026 | ---- | C] () -- C:\Users\Rich\Desktop\tdsskiller.zip
[2011/06/26 22:19:39 | 000,035,592 | ---- | C] () -- C:\Users\Rich\Desktop\Report - rootkit unhooker
[2011/06/26 22:17:13 | 000,000,778 | ---- | C] () -- C:\Users\Rich\Desktop\RKUnhookerLE - Shortcut.lnk
[2011/06/26 12:17:31 | 000,000,512 | ---- | C] () -- C:\Users\Rich\Desktop\MBR.dat
[2011/06/25 22:06:21 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/25 18:18:56 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/06/23 19:32:07 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/06/23 19:30:02 | 2143,518,720 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/20 21:34:05 | 000,000,040 | -H-- | C] () -- C:\ProgramData\~45080312
[2011/06/11 16:18:35 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/10/20 22:23:35 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/20 22:21:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/13 17:00:59 | 000,200,704 | ---- | C] () -- C:\Windows\System32\UpdateDriver.exe
[2009/10/13 17:00:58 | 000,005,224 | ---- | C] () -- C:\Windows\System32\ucuiinfo.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/11/16 18:46:59 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/09/01 23:14:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/03/10 20:14:39 | 000,001,356 | ---- | C] () -- C:\Users\Rich\AppData\Local\d3d9caps.dat
[2007/12/30 21:24:47 | 000,022,328 | ---- | C] () -- C:\Users\Rich\AppData\Roaming\PnkBstrK.sys
[2007/09/17 22:17:54 | 000,051,200 | ---- | C] () -- C:\Users\Rich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/13 21:25:56 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 21:25:56 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/09/13 21:25:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1255.dll
[2007/09/13 21:25:54 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/09/13 21:25:54 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/09/13 21:25:54 | 000,145,112 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/02/03 08:59:04 | 000,050,127 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2006/11/07 20:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,345,456 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,617,088 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,111,958 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll

========== LOP Check ==========

[2011/06/23 20:08:02 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\AVG10
[2009/12/06 18:58:49 | 000,000,000 | -H-D | M] -- C:\Users\Rich\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2007/10/09 20:39:30 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009/03/14 22:42:29 | 000,000,000 | -H-D | M] -- C:\Users\Rich\AppData\Roaming\Nokia
[2009/03/18 17:45:04 | 000,000,000 | -H-D | M] -- C:\Users\Rich\AppData\Roaming\Nseries
[2009/03/14 22:47:40 | 000,000,000 | -H-D | M] -- C:\Users\Rich\AppData\Roaming\PC Suite
[2010/12/02 19:56:44 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\PCDr
[2008/12/26 16:18:06 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\Red Alert 3
[2011/06/23 19:28:46 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\SpinTop
[2011/05/08 11:08:03 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\Spotify
[2011/06/27 23:11:23 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/11/10 14:22:24 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/06/27 19:16:21 | 000,014,270 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/09/13 21:26:04 | 000,004,229 | RH-- | M] () -- C:\dell.sdr
[2011/06/27 23:12:19 | 2143,518,720 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/20 22:50:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/20 22:50:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/06/27 23:12:18 | 2459,385,856 | -HS- | M] () -- C:\pagefile.sys
[2011/06/27 23:05:50 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_27.06.2011_23.05.34_log.txt
[2011/06/27 23:07:57 | 000,060,556 | ---- | M] () -- C:\TDSSKiller.2.5.6.0_27.06.2011_23.07.01_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/10/23 17:18:15 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/08/31 14:48:48 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/06/25 18:41:08 | 000,000,286 | -HS- | M] () -- C:\Users\Rich\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/06/27 18:54:51 | 004,127,961 | R--- | M] (Swearware) -- C:\Users\Rich\Desktop\ComboFix.exe
[2007/10/24 23:11:40 | 004,318,432 | ---- | M] (Crytek) -- C:\Users\Rich\Desktop\Crysis.exe
[2008/09/18 19:38:35 | 006,981,048 | ---- | M] (Bethesda Softworks) -- C:\Users\Rich\Desktop\FalloutLauncher.exe
[2011/06/27 23:52:25 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2009/10/23 17:41:57 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2009/10/23 17:41:27 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2008/08/31 14:47:25 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2008/08/31 14:47:25 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2009/10/23 17:41:27 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/09/17 23:06:46 | 000,000,402 | -HS- | M] () -- C:\Users\Rich\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/06/20 21:41:50 | 000,000,040 | -H-- | M] () -- C:\ProgramData\~45080312

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Rich\Documents\My Word documents:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Rich\Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 64 bytes -> C:\Users\Rich\Desktop\Sailing Easter 2011 088.AVI:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Rich\Desktop\Sailing Easter 2011 087.AVI:TOC.WMV
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:7D6EC5BE

< End of report >

Richard M · 2011/06/27

OTL Extras logfile created on: 27/06/2011 23:56:42 - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Rich\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.54% Memory free
4.23 Gb Paging File | 3.15 Gb Available in Paging File | 74.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 175.26 Gb Free Space | 60.85% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.33 Gb Free Space | 63.28% Space Free | Partition Type: NTFS

Computer Name: RICH-PC | User Name: Rich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DAEADFA-C0D9-418E-8606-A2AC6DA3E842}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1DC6893B-26A8-46B9-B8FE-E9969B0EDBB5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4BD15CEB-C94A-4093-A1B9-3473900F11EA}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{714740CF-EE78-4651-B59F-FC4BE891E62E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7824110B-8A0D-42DD-817E-0C4D0779BA15}" = lport=2869 | protocol=6 | dir=in | app=system |
"{972F3E4B-3291-44AD-BBBF-F6618F4DCD50}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9AE41593-693B-4EFF-92B5-37F895163A57}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A33A369E-19AC-4669-A2A5-BBDC453EA5AF}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A4CF67BD-8144-4DCB-8A1F-43781E45B979}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AC5C32BD-2287-44BF-84B5-6F73F33CC956}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C952B0F7-6408-4DB2-9430-9943F44F4551}" = rport=2869 | protocol=6 | dir=out | app=system |
"{D4BC7948-2A0F-451E-94F8-906B01EB83D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{059C308E-D3D1-4B37-BE65-2706E20B6794}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0616495F-5D3A-4F42-B730-1C4908664622}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{092B5121-3823-4D33-B56E-0DC6222DB21C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{164B0E2D-7B2A-4C76-BB4D-7F30A8036D9E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{171CC5F0-F4C7-4EC8-86E1-131FFF945CAB}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{1B4900DE-BA20-4258-AF40-33F51DF8416A}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{1F6BC442-5F1F-40BE-9149-A40E9F43AE09}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{22C41DC2-5F4E-44E0-A3CB-C9AC0FBEA98F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{234D8AB7-8953-4D9C-98FD-79B584DC61DD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{238BEE13-2BF1-49F8-9AB6-4E62C21C117F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{2DCE08A5-F0F3-4C9C-8FC6-7D150699EA2A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{342D780E-7A59-4AA1-A5B1-78FE1C846889}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{3A95E66E-2B6D-45B8-A4DE-98B4579A4FB1}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{45394588-229F-487F-ABA1-7270A6DFDA2C}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{47D3A628-7567-459A-9837-9CCB328B3196}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4BBAE6BA-84C6-4DE6-8DEE-42ED6B53E81C}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{4E12B937-3B88-433C-A237-A90B110064A5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{51FAE285-7D71-488B-A621-9A9272960B74}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{584E908D-86B1-49C7-BB60-26391B954619}" = dir=in | app=c:\program files\electronic arts\command & conquer 3\retailexe\1.8\cnc3game.dat |
"{5A41D481-A93A-4F5D-8148-2443455AF69B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{6BDDB130-07FA-498D-81B0-B2F6CFC2E84E}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{77CE3C26-A7FD-4DF2-9FD3-050DB787D367}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{77D139C6-D425-4404-B875-2AF8417B2529}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{79CD4932-5241-4D6C-8197-0E21657F3708}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{807138CE-3B99-4BFC-BB58-7E8FE28D72F8}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{8A96F3A6-659F-469C-AC34-4B8A6F02D53B}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{9005DDF3-E6C4-41B3-A929-D16FCB6F1BA8}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{9F1782AE-76DD-4B9B-9F72-5C70CC0F6DF7}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{A2A48B7B-6FE5-4C11-9D5C-61D6A30F9848}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{A9002066-A663-4957-9C4B-9D905C5AFFB9}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{A9BDE591-DB17-4C7C-A495-1AED5E7D9D0F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{AF9EADDE-7A67-4684-ACAC-94C764AB46B3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BB5A9C1F-6176-42E2-9ED6-049F12352729}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{DAB48168-39CB-4986-9776-A07AC87FC63B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{DC645EA4-DEBB-4CC7-AF2F-7D1B5F4ECEB5}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{E1344291-64F0-4BAB-BE87-881B4C8B2E2A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E42C8BF7-D9A3-40B3-AD95-093B4624FDD3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F0BF3B58-FF0E-4127-A765-177DD0CB782E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{FE7B48D8-0520-4656-AB41-2C8CFA6AF1C5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"TCP Query User{101CB18A-365C-40A1-A574-8620FBEA30F1}C:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat" = protocol=6 | dir=in | app=c:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat |
"TCP Query User{2903FCE6-70B5-4B6E-ABB6-6560D13BD875}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{525D69BB-FF84-44AA-8204-CF5F3DFAD536}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{B86E2965-08D3-4E82-89B1-388B797E63F2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C441BF6E-19B7-4E17-A088-3984BF91431F}C:\users\rich\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=6 | dir=in | app=c:\users\rich\appdata\local\temp\electronicarts_patcher_000.exe |
"TCP Query User{C4F6F7AB-5269-4045-A972-F618A4AC1594}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{CD7428AA-5309-4B42-83B9-CA1D678EBD1E}C:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat" = protocol=6 | dir=in | app=c:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat |
"TCP Query User{DEB2E471-58D0-4365-8480-2B3560994789}C:\program files\kontiki\khost.exe" = protocol=6 | dir=in | app=c:\program files\kontiki\khost.exe |
"TCP Query User{EDF9B6F1-444D-4285-B507-F81BFA224071}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{F35AAE93-3960-4C1E-B94E-489C5E0F5446}C:\program files\electronic arts\red alert 3\data\ra3_1.6.game" = protocol=6 | dir=in | app=c:\program files\electronic arts\red alert 3\data\ra3_1.6.game |
"TCP Query User{F3AEEBF3-CE4E-4432-BDAA-F6A8ECE94EAF}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{1E198C9E-3E3A-4EB2-A1FD-9DD6DFC9D085}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{3692C147-6A9B-4456-81A0-B4E84AC76212}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{3D9D761D-612C-44E6-96A2-7BB0BFFABAB8}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{3FD2878C-E22A-48DC-991D-E932DB42A77D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{40AC86CF-425F-41A4-8DCD-A8C0F96FCA9E}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{41630E2B-3F25-4F01-91F5-25175EDD0AA3}C:\program files\electronic arts\red alert 3\data\ra3_1.6.game" = protocol=17 | dir=in | app=c:\program files\electronic arts\red alert 3\data\ra3_1.6.game |
"UDP Query User{58FA45BF-865A-4D86-B532-DB1981F77FE1}C:\program files\kontiki\khost.exe" = protocol=17 | dir=in | app=c:\program files\kontiki\khost.exe |
"UDP Query User{69531F75-9913-49AB-81F6-04D607A8FD93}C:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat" = protocol=17 | dir=in | app=c:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat |
"UDP Query User{6D05FBD0-6B88-4E4E-9906-7680F1726D8E}C:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat" = protocol=17 | dir=in | app=c:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat |
"UDP Query User{CB2C0F64-8CCB-471B-BE59-8D04F5CF7683}C:\users\rich\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=17 | dir=in | app=c:\users\rich\appdata\local\temp\electronicarts_patcher_000.exe |
"UDP Query User{EE0CDC01-E27F-482A-A8A3-0668A7CB1533}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DE20748-45A5-6CD9-610E-F881A34E7342}" = Catalyst Control Center Localization Arabic
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{15CC10AB-4266-210D-E2D2-03089C25A028}" = CCC Help English
"{1603C7DC-358B-97AF-B451-B2DDAC734117}" = Catalyst Control Center Localization French
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{214030BC-490D-57D4-2547-D0D4ECC851A5}" = Catalyst Control Center Localization Japanese
"{23210453-8608-4FF2-B84B-B90453618781}" = Police Quest Collection(TM)
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{2B98E4C3-AABC-9594-3219-A6EB60006C2C}" = Catalyst Control Center Graphics Full Existing
"{2C698DB8-0D99-5A27-DA3D-A3414FC5DBA7}" = Catalyst Control Center Graphics Light
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31DBBB49-CAC2-984A-64CA-A88102056E10}" = CCC Help German
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{412FECA2-836F-3DF6-A302-924CEC5B4DE2}" = CCC Help Spanish
"{46ACAEB5-365A-74BB-D405-980EA4FE3545}" = CCC Help Japanese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AAB7E8F-1C71-E364-458F-5A6797670157}" = Catalyst Control Center Graphics Full New
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65E6362A-B878-4A7B-86DA-D16F8DBD75C7}" = ccc-core-static
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DD45BD7-DB28-E59F-8239-CF6816AE1FA4}" = Skins
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76C73966-AED3-5ACB-B438-B47E9B1FB2E3}" = CCC Help Chinese Standard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{794F49F0-2A44-EE74-62FE-22FD68953A25}" = ccc-utility
"{7CD5F286-FF0A-E638-8143-0E258E3C17E2}" = CCC Help Thai
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98698CC8-F4C4-A0A7-F521-8547DDD1BB6B}" = Catalyst Control Center Localization Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B651AD20-D522-2D6F-3AC7-A5F625FCB283}" = Catalyst Control Center Core Implementation
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3E2D64C-1B8E-D142-A76F-DEAC02AFF4FA}" = CCC Help Polish
"{C5145CD4-4F74-C986-F86B-F57F3995C59B}" = Catalyst Control Center Localization Arabic
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C8D524C0-FBD2-C4F0-2446-912EABA681E0}" = CCC Help Portuguese
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF7F09E-A1C5-7D81-437D-B2DC347CC52E}" = Catalyst Control Center Localization Spanish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEEE47BB-4AB7-9AEB-2212-ECC6D05DDC74}" = Catalyst Control Center Localization Italian
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D71B45B0-70B5-12BA-4ACF-2CEC94FE8A06}" = CCC Help Korean
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E7744050-4D6F-1280-5331-2EA048B51E94}" = Catalyst Control Center Localization Arabic
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECA80341-4BFB-172D-EC5D-64FD8DD41F5A}" = Catalyst Control Center Localization German
"{ECBEB9C6-CC47-70F7-E939-1E20E3BEEC8F}" = Catalyst Control Center Localization Korean
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"{F4FA8AC4-6B6A-CAA6-8E44-FC64227CC4F7}" = CCC Help Italian
"{F6412237-45F7-B34B-0803-4D77E2D39D0C}" = Catalyst Control Center Localization Chinese Traditional
"{FD01FEBF-376F-F125-09F8-E94B04D21E77}" = CCC Help French
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF001690-A829-9DFD-9EF6-DA285783C49C}" = CCC Help Chinese Traditional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CSI-3 Dimensions of Murder" = CSI-3 Dimensions of Murder 1.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hospital" = Theme Hospital
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSC" = McAfee SecurityCenter
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"Spotify" = Spotify
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22/03/2009 14:43:51 | Computer Name = Rich-PC | Source = Application Hang | ID = 1002
Description = The program sidebar.exe version 6.0.6001.18000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: e8c Start Time: 01c9ab1b4a3ced10 Termination Time: 0

Error - 25/03/2009 06:42:24 | Computer Name = Rich-PC | Source = EventSystem | ID = 4621
Description =

Error - 28/03/2009 10:18:52 | Computer Name = Rich-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6001.18000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: c7c Start Time: 01c9afa586c1ff1e Termination Time: 15

Error - 28/03/2009 14:04:36 | Computer Name = Rich-PC | Source = Application Hang | ID = 1002
Description = The program sidebar.exe version 6.0.6001.18000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1050 Start Time: 01c9afa4f27e8d5e Termination Time: 0

Error - 28/03/2009 17:38:04 | Computer Name = Rich-PC | Source = Application Error | ID = 1000
Description = Faulting application MsiExec.exe, version 4.0.6001.18000, time stamp
0x47918d31, faulting module MSIFE08.tmp, version 14.0.0.168, time stamp 0x471383db,
exception code 0xc0000005, fault offset 0x0009371f, process id 0x870, application
start time 0x01c9afed6ffc7dd0.

Error - 28/03/2009 17:40:44 | Computer Name = Rich-PC | Source = Application Error | ID = 1000
Description = Faulting application MsiExec.exe, version 4.0.6001.18000, time stamp
0x47918d31, faulting module MSI64AF.tmp, version 14.0.0.168, time stamp 0x471383db,
exception code 0xc0000005, fault offset 0x0009371f, process id 0x15d0, application
start time 0x01c9afedd09651c0.

Error - 28/03/2009 18:49:24 | Computer Name = Rich-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6001.18000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 63c Start Time: 01c9aff713493ec0 Termination Time: 0

Error - 29/03/2009 11:57:19 | Computer Name = Rich-PC | Source = Application Hang | ID = 1002
Description = The program msnmsgr.exe version 8.5.1302.1018 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: d1c Start Time: 01c9b086c26f2a10 Termination Time: 16

Error - 30/03/2009 07:57:26 | Computer Name = Rich-PC | Source = Application Error | ID = 1000
Description = Faulting application KService.exe, version 5.11.704.230, time stamp
0x462cf946, faulting module KService.exe, version 5.11.704.230, time stamp 0x462cf946,
exception code 0xc0000005, fault offset 0x00211e5a, process id 0x7f0, application
start time 0x01c9b12ea07a7ce2.

Error - 30/03/2009 14:46:19 | Computer Name = Rich-PC | Source = Application Hang | ID = 1002
Description = The program sidebar.exe version 6.0.6001.18000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: fb4 Start Time: 01c9b1302a3dec92 Termination Time: 32

[ System Events ]
Error - 27/06/2011 14:21:32 | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 27/06/2011 14:21:32 | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 27/06/2011 17:26:12 | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 27/06/2011 17:26:12 | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 27/06/2011 18:14:53 | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 27/06/2011 18:14:53 | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 27/06/2011 18:47:51 | Computer Name = Rich-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 27/06/2011 18:47:54 | Computer Name = Rich-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 27/06/2011 19:07:01 | Computer Name = Rich-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 27/06/2011 19:07:04 | Computer Name = Rich-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

< End of report >

broni · 2011/06/27

is a rootkited file the result of some kind of virsus?
Click to expand...

In simple terms, yes, but it implements itself at deeper (root) level, thus is harder to detect and remove.

====================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/armhelper.ocx (Reg Error: Key error.)
[2011/06/23 20:08:02 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\AVG10
[2011/06/23 19:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/06/23 19:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/06/20 21:41:50 | 000,000,040 | -H-- | M] () -- C:\ProgramData\~45080312
@Alternate Data Stream - 76 bytes -> C:\Users\Rich\Documents\My Word documents:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Rich\Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 64 bytes -> C:\Users\Rich\Desktop\Sailing Easter 2011 088.AVI:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Rich\Desktop\Sailing Easter 2011 087.AVI:TOC.WMV
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:7D6EC5BE


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
 "DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
=====================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Richard M · 2011/06/28

OTL log

Hi Broni,

My computer is still running better, it seems quicker as well, especially when i restart. I have been getting this Windows message when I start up my computer though:

"Catalyst Control Centre: Host Application has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available ".

Is this something I should worry about!? I'm not even sure what the catalyst control centre is!

I ran the OTL, here is the log: (other logs to follow)

All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
File D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/armhelper.ocx not found.
Starting removal of ActiveX control {CC450D71-CC90-424C-8638-1F2DBAC87A54}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CC450D71-CC90-424C-8638-1F2DBAC87A54}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC450D71-CC90-424C-8638-1F2DBAC87A54}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CC450D71-CC90-424C-8638-1F2DBAC87A54}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC450D71-CC90-424C-8638-1F2DBAC87A54}\ not found.
Folder C:\Users\Rich\AppData\Roaming\AVG10\ not found.
Folder C:\ProgramData\AVG10\ not found.
Folder C:\Program Files\AVG\ not found.
File C:\ProgramData\~45080312 not found.
Unable to delete ADS C:\Users\Rich\Documents\My Word documents:Roxio EMC Stream .
Unable to delete ADS C:\Users\Rich\Documents\My Received Files:Roxio EMC Stream .
Unable to delete ADS C:\Users\Rich\Desktop\Sailing Easter 2011 088.AVI:TOC.WMV .
Unable to delete ADS C:\Users\Rich\Desktop\Sailing Easter 2011 087.AVI:TOC.WMV .
Unable to delete ADS C:\ProgramData\TEMP:7D6EC5BE .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware\\DisableMonitoring not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Rich
->Temp folder emptied: 60164 bytes
->Temporary Internet Files folder emptied: 20000928 bytes
->Java cache emptied: 13943827 bytes
->Apple Safari cache emptied: 14336 bytes
->Flash cache emptied: 2939768 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1254 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2753213 bytes

Total Files Cleaned = 38.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Rich
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.24.1 log created on 06282011_204853

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Richard M · 2011/06/28

Security Check Log

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
McAfee SecurityCenter
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Java(TM) SE Runtime Environment 6
Out of date Java installed!
Adobe Flash Player
Adobe Reader 7.0.8
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

broni · 2011/06/28

Catalyst Control Centre: Host Application has stopped working
Click to expand...

That's a program, which comes with your video card driver, however it's not needed for video card working properly.
Go Start and in "Start search" type in:
msconfig
Press Enter.

Click on "Startup" tab and UN-check "Catalyst Control Centre ".
After restarting computer, the error message shouldn't be bothering you anymore.

====================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

====================================================

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

...and Eset....

broni · 2011/06/29

Will return on Tuesday....

Richard M · 2011/07/04

Hi Broni,

I have updated my Java and Adobe Reader and removed the old versions. I have also ran ESET and it didn't find any threats. My computer seems to be working well !

broni · 2011/07/04

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

Richard M · 2011/07/04

Great - Good news!

1) OTL Log:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Rich
->Temp folder emptied: 196906 bytes
->Temporary Internet Files folder emptied: 25281410 bytes
->Java cache emptied: 1853 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 965 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8799056 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 33.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Rich
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.24.1 log created on 07042011_201721

Files\Folders moved on Reboot...
C:\Users\Rich\AppData\Local\Temp\~DF2349.tmp moved successfully.
File\Folder C:\Users\Rich\AppData\Local\Temp\~DFE14B.tmp not found!
File\Folder C:\Users\Rich\AppData\Local\Temp\~DFE15A.tmp not found!
File\Folder C:\Users\Rich\AppData\Local\Temp\~DFE889.tmp not found!
File\Folder C:\Users\Rich\AppData\Local\Temp\~DFE89B.tmp not found!
File\Folder C:\Users\Rich\AppData\Local\Temp\~DFF489.tmp not found!
File\Folder C:\Users\Rich\AppData\Local\Temp\~DFF4BF.tmp not found!
C:\Users\Rich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Rich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W8QBGVWQ\ads[11].htm moved successfully.
C:\Users\Rich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7RCDHQZP\99472-active-google-redirect-issue-3[1].htm moved successfully.
C:\Users\Rich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7RCDHQZP\adsCAB3MQUP.htm moved successfully.
C:\Users\Rich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7RCDHQZP\drts[1].htm moved successfully.
C:\Users\Rich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7RCDHQZP\L[5].htm moved successfully.
C:\Users\Rich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7RCDHQZP\p-01-0VIaSjnOLg[2].gif moved successfully.
C:\Users\Rich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7OHDQ2FA\375ac79d-6eee-4e89-92c7-baaae7241484BBS_Leaderboard.[1].htm moved successfully.
C:\Users\Rich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7OHDQ2FA\p-01-0VIaSjnOLg[9].gif moved successfully.
C:\Users\Rich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5X9IU2HL\iframescript[4].htm moved successfully.
C:\Users\Rich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5X9IU2HL\p-01-0VIaSjnOLg[2].gif moved successfully.

Registry entries deleted on Reboot...

Richard M · 2011/07/04

Regarding point 2, I ran the OTL clean up and still have a few programmes on my desktop (TFC, security checker, RK unhooker etc). What is the best way to delete these? Can I just right click each one and click 'delete'?

broni · 2011/07/04

Yes, except for TFC. You want keep it and run it weekly.

Any other issues?

Richard M · 2011/07/04

No other issues I don't think - everything else I should be ok with!

Oh maybe just one last question - how do I run defrag? I know my Mcafee protection has a defrag option - is this the best method?

As for my computer - no more google re-direct or strange error messages, running quicker it seems - all systems go! Thanks so much for all your help.

broni · 2011/07/04

Wonderful.

I need to edit my canned. You don't need to run defrag in Vista as it's running in the background by default.

Good luck and stay safe

Log in or Sign up

Solved Google Redirect Issue

broni Moderator Malware Analyst

Richard M Inactive Thread Starter

broni Moderator Malware Analyst

Richard M Inactive Thread Starter

Richard M Inactive Thread Starter

broni Moderator Malware Analyst

Richard M Inactive Thread Starter

Richard M Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Richard M Inactive Thread Starter

broni Moderator Malware Analyst

Richard M Inactive Thread Starter

Richard M Inactive Thread Starter

broni Moderator Malware Analyst

Richard M Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Google Redirect Issue

broni Moderator Malware Analyst

Richard M Inactive Thread Starter

broni Moderator Malware Analyst

Richard M Inactive Thread Starter

Richard M Inactive Thread Starter

broni Moderator Malware Analyst

Richard M Inactive Thread Starter

Richard M Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Richard M Inactive Thread Starter

broni Moderator Malware Analyst

Richard M Inactive Thread Starter

Richard M Inactive Thread Starter

broni Moderator Malware Analyst

Richard M Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches