I Think I have a Rootkit Infection

[woody55]

After doing some online research - I think I have some kind of rootkit infection as I am costantly being redirected when I click on a google search result

Have Run Erunt and backup up registry

Spyware S&D has found Nothing


DDS.txt
--------------------------------------------------------------------------------------


DDS (Ver_10-12-12.02) - NTFSx86
Run by Murdo & Louise at 21:32:17.24 on 01/03/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3070.1781 [GMT 0:00]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\ASTSRV.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Windows\system32\dlbtcoms.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Dell Photo AIO Printer 922\DLBTmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\fxssvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Keyboard Express 3\keyexp.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Corel\Standby\Standby.exe
C:\Windows\system32\SearchFilterHost.exe
C:\ProgramData\FLEXnet\Connect\11\agent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Murdo & Louise\Desktop\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Watch for Browser Events: {42a7ce31-cee7-4cce-a060-a44a7e52e062} - c:\progra~1\keyboa~1\kie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101104123601.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [OpAgent] "OpAgent.exe" /agent
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
mRun: [dlbtmon.exe] "c:\program files\dell photo aio printer 922\dlbtmon.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Corel File Shell Monitor] c:\program files\corel\corel paintshop photo pro\x3\pspclassic\CorelIOMonitor.exe
mRun: [Standby] "c:\program files\common files\corel\standby\Standby.exe" -START
mRun: [Nuance OmniPage 17-reminder] "c:\program files\nuance\omnipage17\ereg\ereg.exe" -r "c:\programdata\scansoft\omnipage 17\ereg\Ereg.ini"
mRun: [BtTray] "c:\program files\ivt corporation\bluesoleil\BtTray.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [DLBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBTtime.dll,_RunDLLEntry@16
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\keyboa~1.lnk - c:\program files\keyboard express 3\keyexp.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\ivt corporation\bluesoleil\transsend\ie\tsinfo.htm
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: Send via &Message... - c:\program files\ivt corporation\bluesoleil\transsend\ie\tssms.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\skype4com.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-1-7 20744]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-2-8 64288]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-5 386840]
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2007-8-29 116264]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-6-1 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-6-1 164840]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 176128]
R2 BsMobileCS;BsMobileCS;c:\program files\ivt corporation\bluesoleil\BsMobileCS.exe [2009-2-27 143467]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-3 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-5-20 47640]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-6-1 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-6-1 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-6-1 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-6-1 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-6-1 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-6-1 141792]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-9-15 188736]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-11-26 6650368]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-11-26 231936]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-6-1 55840]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2010-7-7 198232]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2010-7-7 1353304]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2010-7-7 73816]
R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-7-7 1227352]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-6-1 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-6-1 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-6-1 313288]
R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr73.sys [2010-2-24 562464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-11-9 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2010-7-7 198232]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2010-7-7 1353304]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2010-7-7 73816]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15232]
S3 MAFVX;MAFVX;c:\users\murdo&~1\appdata\local\temp\MAFVX.exe [2011-3-1 478080]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-6-1 84264]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

=============== File Associations ===============

.scr=AutoCADScriptFile

=============== Created Last 30 ================

2011-03-01 20:46:51 -------- d-----w- c:\program files\Sophos
2011-02-23 17:58:17 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 17:58:16 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 17:58:15 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-09 21:19:57 981504 ----a-w- c:\windows\system32\wininet.dll
2011-02-08 23:12:13 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-02-08 23:12:09 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-08 23:05:25 -------- d-----w- c:\users\murdo&~1\appdata\local\Sunbelt Software
2011-02-08 23:04:56 -------- dc-h--w- c:\progra~2\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-02-08 23:04:42 -------- d-----w- c:\program files\Lavasoft
2011-02-08 22:35:05 -------- d-----w- c:\users\murdo&~1\appdata\roaming\Malwarebytes
2011-02-08 22:34:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-08 22:34:48 -------- d-----w- c:\progra~2\Malwarebytes
2011-02-08 22:34:44 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-08 22:34:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-06 11:23:59 89088 ----a-w- c:\windows\MBR.exe
2011-02-06 11:23:55 98816 ----a-w- c:\windows\sed.exe
2011-02-06 11:23:55 256512 ----a-w- c:\windows\PEV.exe
2011-02-06 11:23:55 161792 ----a-w- c:\windows\SWREG.exe

==================== Find3M ====================

2011-02-19 12:22:08 3504 --sha-w- c:\progra~2\KGyGaAvL.sys
2011-01-29 20:04:07 70646 ----a-w- c:\program files\Uninstall.exe
2011-01-20 17:07:32 98304 --sha-r- c:\windows\system32\ctdvinst4.dll
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
2010-12-21 23:41:30 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll
2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-09 21:44:42 0 ----a-w- c:\windows\ativpsrm.bin
2010-12-08 13:12:02 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 13:11:52 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2010-12-08 13:11:46 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-12-08 13:11:44 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-01-27 01:47:00 2495080 ----a-w- c:\program files\AmazonMP3Downloader.exe

============= FINISH: 21:33:51.37 ===============

[ken545]

Like I said when you posted as Mac26, we do not help removing malware when you downloaded and installed illegal software.

Run this program

Download CKScanner by askey127 from Here & save it to your Desktop.

• Doubleclick CKScanner.exe then click Search For Files
• When the cursor hourglass disappears, click Save List To File
• A message box will verify the file saved
• Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

To post in your next reply:
1. Regarding your windows
2. CKScanner log.

[woody55]

I would really appreciate your help - This all started when I downloaded an exe file for keyboard express to my desktop a couple of months ago - I double clicked on it and the hourglass/circle thing just spun and spun and I thought oh oh and stopped it in task manager and deleted the file but since then I have had this problem.


CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\murdo & louise\desktop\murdo\archive\software\software\adobe photoshop cs5 extended\crack\adbe_crack - 32bit.rar
c:\users\murdo & louise\desktop\murdo\archive\software\software\adobe photoshop cs5 extended\crack\adbe_crack - 64bit.rar
c:\users\murdo & louise\desktop\murdo\archive\software\software\adobe photoshop cs5 extended\crack\amtlib.dll
c:\users\murdo & louise\desktop\murdo\archive\software\software\adobe photoshop cs5 extended\crack\apcs5 - crack read me.txt
c:\users\murdo & louise\desktop\murdo\archive\software\software\sony vegas movie studio hd platinum 10.0.179\keygen\install notes!.txt
c:\users\murdo & louise\desktop\murdo\archive\software\software\sony vegas movie studio hd platinum 10.0.179\keygen\fix for sound forge 10 (extra included)\install notes!.txt
c:\users\murdo & louise\desktop\murdo\archive\software\software\sony vegas movie studio hd platinum 10.0.179\keygen\fix for sound forge 10 (extra included)\sound forge 10 bugfix.reg
c:\users\murdo & louise\desktop\murdo\archive\software\software\sony vegas movie studio hd platinum 10.0.179\keygen\patch (extra included)\install notes!.txt
c:\users\murdo & louise\desktop\murdo\archive\software\software\sony vegas movie studio hd platinum 10.0.179\keygen\patch (extra included)\patch_vegas.movie.studio.hd.platinum.10.0.exe
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 3dns-3.adobe.com
hosts 127.0.0.1 3dns-2.adobe.com
hosts 127.0.0.1 adobe-dns.adobe.com
hosts 127.0.0.1 adobe-dns-2.adobe.com
hosts 127.0.0.1 adobe-dns-3.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
hosts 127.0.0.1 activate-sea.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 activate-sjc0.adobe.com
scanner sequence 3.ZZ.11
----- EOF -----

[ken545]

Hi,

adobe photoshop cs5
sony vegas movie studio

Downloading Cracked/Keygens/Warez software programs, besides being illegal are the fastest way of infecting your computer. Basically you bypassed the product key so this software is considered stolen.

I cant begin to stress how harmful downloading Cracked/Keygens/Warez programs can be. There are threats going around now that are uncleanable, they do much damage that a format and reinstall of windows is the only option.

The only way I can help you is to have you agree to uninstall both of these programs. You may find there uninstall option in Programs and Features in the Control Panel.


If you do not agree than no help will be offered, if you do agree than run this program and post both logs

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

[woody55]

Software uninstalled as per your instruction

Here is the OTL.txt Log
---------------------------------------------------

OTL logfile created on: 02/03/2011 4:27:37 PM - Run 3
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Murdo & Louise\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 241.15 Gb Total Space | 176.22 Gb Free Space | 73.08% Space Free | Partition Type: NTFS
Drive D: | 224.51 Gb Total Space | 104.11 Gb Free Space | 46.37% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 557.70 Gb Free Space | 59.87% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 312.14 Gb Free Space | 16.75% Space Free | Partition Type: NTFS
Drive H: | 1397.26 Gb Total Space | 312.04 Gb Free Space | 22.33% Space Free | Partition Type: NTFS

Computer Name: DELL | User Name: Murdo & Louise | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Murdo & Louise\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\Windows\System32\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files\Autodesk\AutoCAD 2011\acad.exe (Autodesk, Inc.)
PRC - C:\Program Files\Common Files\Autodesk Shared\WSCommCntr\lib\WSCommCntr2.exe (Autodesk, Inc.)
PRC - C:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Keyboard Express 3\keyexp.exe (Insight Software Solutions)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
PRC - C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Logitech\SetPoint\LBTWiz.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe ()
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe ()
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe ()
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe ()
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\dlbtcoms.exe ( )
PRC - C:\Program Files\Dell Photo AIO Printer 922\DLBTmon.exe (Lexmark International, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Murdo & Louise\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Keyboard Express 3\keyhook.dll (Insight Software Solutions)


========== Win32 Services (SafeList) ==========

SRV - (MAFVX) -- File not found
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (NitroDriverReadSpool) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
SRV - (astcc) -- C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (LBTServ) -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (BlueSoleilCS) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe ()
SRV - (BsHelpCS) -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe ()
SRV - (BsMobileCS) -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe ()
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (dlbt_device) -- C:\Windows\System32\dlbtcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (btkrnl) -- C:\Windows\System32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\Windows\System32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\Windows\System32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\Windows\System32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\Windows\System32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\Windows\System32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (ha20x22k) -- C:\Windows\System32\drivers\ha20x22k.sys (Creative Technology Ltd)
DRV - (ha20x2k) -- C:\Windows\System32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (CTEXFIFX.SYS) -- C:\Windows\System32\drivers\CTEXFIFX.SYS (Creative Technology Ltd.)
DRV - (CTEXFIFX) -- C:\Windows\System32\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV - (CTHWIUT.SYS) -- C:\Windows\System32\drivers\CTHWIUT.SYS (Creative Technology Ltd.)
DRV - (CTHWIUT) -- C:\Windows\System32\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV - (CT20XUT.SYS) -- C:\Windows\System32\drivers\CT20XUT.SYS (Creative Technology Ltd.)
DRV - (CT20XUT) -- C:\Windows\System32\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (VcommMgr) -- C:\Windows\System32\drivers\VCommMgr.sys (IVT Corporation.)
DRV - (BtHidBus) -- C:\Windows\System32\Drivers\BtHidBus.sys (IVT Corporation.)
DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.)
DRV - (btnetBUs) -- C:\Windows\System32\drivers\btnetBus.sys ()
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (IvtBtBUs) -- C:\Windows\System32\drivers\IvtBtBus.sys (IVT Corporation.)
DRV - (VComm) -- C:\Windows\System32\drivers\VComm.sys (IVT Corporation.)
DRV - (SI3112r) -- C:\Windows\system32\DRIVERS\SI3112r.sys (Silicon Image, Inc)
DRV - (SiFilter) -- C:\Windows\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.)
DRV - (BTNetFilter) -- C:\Program Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys (IVT Corporation.)
DRV - (IntelC52) -- C:\Windows\System32\drivers\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\Windows\System32\drivers\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\Windows\System32\drivers\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\Windows\System32\drivers\mohfilt.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = ED F6 BE 7A 5D F8 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2010/06/08 23:08:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Murdo & Louise\AppData\Roaming\Mozilla\Extensions
[2010/06/08 23:08:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Murdo & Louise\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/05/25 21:30:19 | 000,001,306 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (Watch for Browser Events) - {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} - C:\Program Files\Keyboard Express 3\kie.dll (Insight Software Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20101104123601.dll (McAfee, Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Bluetooth Connection Assistant] File not found
O4 - HKLM..\Run: [BtTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe ()
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLBTCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
O4 - HKLM..\Run: [dlbtmon.exe] C:\Program Files\Dell Photo AIO Printer 922\dlbtmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Nuance OmniPage 17-reminder] C:\Program Files\Nuance\OmniPage17\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Standby] c:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\System32\skype4com.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/02 15:55:12 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Murdo & Louise\Desktop\OTL.exe
[2011/03/02 13:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/03/02 12:59:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/03/02 12:16:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/02 10:39:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/01 20:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/02/23 17:58:16 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/02/23 17:58:15 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/09 21:20:52 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/09 21:20:52 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/09 21:20:51 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/09 21:20:51 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/09 21:20:51 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/09 21:20:51 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/09 21:20:51 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/09 21:20:51 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/09 21:20:51 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/09 21:20:43 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/09 21:20:40 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/02/09 21:20:40 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/02/09 21:20:37 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/09 21:20:37 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/09 21:19:57 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011/02/09 21:19:56 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011/02/09 21:19:56 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/02/09 21:19:56 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/02/09 21:19:52 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/09 21:19:52 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/09 21:19:49 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/02/08 23:12:13 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/02/08 23:12:09 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/02/08 23:05:25 | 000,000,000 | ---D | C] -- C:\Users\Murdo & Louise\AppData\Local\Sunbelt Software
[2011/02/08 23:04:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2011/02/08 23:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/02/08 23:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/02/08 22:35:05 | 000,000,000 | ---D | C] -- C:\Users\Murdo & Louise\AppData\Roaming\Malwarebytes
[2011/02/08 22:34:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/02/08 22:34:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/08 22:34:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/02/08 22:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/06 11:23:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/06 11:23:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/06 11:23:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/06 11:23:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/07 20:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2010/07/07 20:10:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe
[2010/05/20 21:01:04 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbtserv.dll
[2010/05/20 21:01:04 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbtusb1.dll
[2010/05/20 21:01:04 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbthbn3.dll
[2010/05/20 21:01:04 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomc.dll
[2010/05/20 21:01:04 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbtpmui.dll
[2010/05/20 21:01:04 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbtlmpm.dll
[2010/05/20 21:01:04 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbtcoms.exe
[2010/05/20 21:01:04 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomm.dll
[2010/05/20 21:01:04 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbtinpa.dll
[2010/05/20 21:01:04 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbtiesc.dll
[2010/05/20 21:01:04 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbtih.exe
[2010/05/20 21:01:04 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbtcfg.exe
[2010/05/20 21:01:04 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLBThcp.dll
[2010/05/20 21:01:04 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbtprox.dll
[2010/05/20 21:01:04 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbtpplc.dll
[2010/01/27 01:47:00 | 002,495,080 | ---- | C] (Amazon.com) -- C:\Program Files\AmazonMP3Downloader.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/02 15:55:21 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Murdo & Louise\Desktop\OTL.exe
[2011/03/02 13:11:48 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/02 13:11:48 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/02 13:06:23 | 000,001,097 | ---- | M] () -- C:\Windows\System32\bscs.ini
[2011/03/02 13:06:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/02 13:06:09 | 2414,460,928 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/02 13:05:19 | 000,056,448 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000003-00000000-00000000-00001102-0000000B-00411102}.rfx
[2011/03/02 13:05:19 | 000,056,448 | ---- | M] () -- C:\Windows\System32\BMXState-{00000003-00000000-00000000-00001102-0000000B-00411102}.rfx
[2011/03/02 13:05:19 | 000,000,820 | ---- | M] () -- C:\Windows\System32\DVCState-{00000003-00000000-00000000-00001102-0000000B-00411102}.rfx
[2011/03/02 10:06:10 | 000,000,053 | ---- | M] () -- C:\Windows\wininit.ini
[2011/03/01 21:50:11 | 179,129,969 | ---- | M] () -- C:\Windows\System32\R
[2011/02/20 10:19:02 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/02/19 12:22:08 | 000,003,504 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/02/19 12:06:51 | 000,000,181 | ---- | M] () -- C:\Users\Murdo & Louise\AppData\Roaming\default.rss
[2011/02/19 12:01:18 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/02/09 21:30:16 | 003,874,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/08 23:12:07 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/02/03 05:45:07 | 000,219,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/01/31 22:22:02 | 000,045,941 | ---- | M] () -- C:\Users\Murdo & Louise\Desktop\Boys Kilt Outfit.jpg
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/02 10:06:10 | 000,000,053 | ---- | C] () -- C:\Windows\wininit.ini
[2011/03/01 21:06:31 | 179,129,969 | ---- | C] () -- C:\Windows\System32\R
[2011/02/06 11:23:59 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/06 11:23:55 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/06 11:23:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/06 11:23:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/06 11:23:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/31 22:22:30 | 000,045,941 | ---- | C] () -- C:\Users\Murdo & Louise\Desktop\Boys Kilt Outfit.jpg
[2011/01/20 17:07:32 | 000,098,304 | RHS- | C] () -- C:\Windows\System32\ctdvinst4.dll
[2010/12/23 02:48:53 | 000,000,181 | ---- | C] () -- C:\Users\Murdo & Louise\AppData\Roaming\default.rss
[2010/12/23 02:25:17 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/12/09 21:44:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/09 12:16:03 | 000,164,864 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/11/09 12:16:03 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010/10/27 23:45:25 | 000,070,646 | ---- | C] () -- C:\Program Files\Uninstall.exe
[2010/10/27 02:13:04 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/09/28 20:07:36 | 000,224,001 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/09/17 18:17:02 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/08/06 17:10:14 | 002,860,384 | ---- | C] () -- C:\Windows\System32\btwicons.dll
[2010/07/07 21:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2010/07/07 21:23:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2010/07/07 20:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2010/07/07 20:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2010/07/07 20:21:00 | 000,384,647 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2010/07/07 20:21:00 | 000,051,787 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2010/07/07 20:14:30 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2010/07/07 20:10:30 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2010/06/19 22:16:50 | 000,000,248 | ---- | C] () -- C:\Windows\System32\SHORTCUT.INI
[2010/06/19 22:16:10 | 000,000,135 | ---- | C] () -- C:\Windows\System32\REMOTEDEVICE.INI
[2010/06/01 23:40:03 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/05/27 09:12:48 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE
[2010/05/24 20:55:37 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/05/22 00:03:38 | 000,000,917 | ---- | C] () -- C:\Users\Murdo & Louise\AppData\Roaming\coreavc.ini
[2010/05/21 19:05:21 | 000,005,982 | ---- | C] () -- C:\Windows\System32\LOCALSERVICE.INI
[2010/05/21 19:05:21 | 000,000,096 | ---- | C] () -- C:\Windows\System32\LOCALDEVICE.INI
[2010/05/21 13:01:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\BSPRINT.INI
[2010/05/21 00:31:57 | 000,000,391 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010/05/21 00:19:32 | 000,018,944 | ---- | C] () -- C:\Users\Murdo & Louise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/21 00:18:37 | 000,000,088 | RHS- | C] () -- C:\ProgramData\B57D7868DD.sys
[2010/05/21 00:18:36 | 000,003,504 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/05/20 23:15:17 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/05/20 21:01:04 | 000,434,176 | ---- | C] () -- C:\Windows\System32\dlbtutil.dll
[2010/05/20 21:01:04 | 000,274,432 | ---- | C] () -- C:\Windows\System32\DLBTinst.dll
[2010/05/20 21:01:04 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlbtinsb.dll
[2010/05/20 21:01:04 | 000,159,744 | ---- | C] () -- C:\Windows\System32\dlbtins.dll
[2010/05/20 21:01:04 | 000,135,168 | ---- | C] () -- C:\Windows\System32\dlbtjswr.dll
[2010/05/20 21:01:04 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlbtinsr.dll
[2010/05/20 21:01:04 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlbtcub.dll
[2010/05/20 21:01:04 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlbtcu.dll
[2010/05/20 21:01:04 | 000,069,632 | ---- | C] () -- C:\Windows\System32\DLBTcfg.dll
[2010/05/20 21:01:04 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlbtcur.dll
[2010/05/20 21:00:24 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbtcoin.dll
[2010/05/20 21:00:24 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbtcnv4.dll
[2010/05/20 21:00:24 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbtvs.dll
[2010/01/25 12:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2010/01/21 21:59:14 | 000,009,107 | ---- | C] () -- C:\Program Files\Readme.html
[2009/10/07 00:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 00:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/07/14 04:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:33:53 | 003,874,872 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 02:05:48 | 000,628,024 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 02:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 02:05:48 | 000,110,208 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 02:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 02:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 02:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 23:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/01 10:12:32 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini
[2009/06/17 09:13:30 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/02/27 16:04:46 | 000,001,097 | ---- | C] () -- C:\Windows\System32\bscs.ini
[2009/02/27 15:45:16 | 000,405,589 | ---- | C] () -- C:\Windows\System32\BsUI.dll
[2009/02/27 15:44:50 | 000,278,647 | ---- | C] () -- C:\Windows\System32\outlookAddin.dll
[2009/02/27 15:44:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\HtmPrintHelper.dll
[2009/02/27 15:44:10 | 000,622,693 | ---- | C] () -- C:\Windows\System32\BSShell.dll
[2009/02/27 15:41:38 | 000,098,403 | ---- | C] () -- C:\Windows\System32\Bs2Res.dll
[2009/02/27 15:41:02 | 000,122,976 | ---- | C] () -- C:\Windows\System32\BsMobileSDK.dll
[2009/02/27 15:40:50 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BsMobileCSps.dll
[2008/12/07 11:44:54 | 000,030,088 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2008/10/22 14:30:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\BsVistaCommon.dll
[2008/03/07 12:54:22 | 017,907,824 | ---- | C] () -- C:\Windows\System32\BsLangInDepRes.dll
[2007/05/09 19:35:54 | 000,057,126 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:9B013599

< End of report >

[woody55]

Extras.txt didn't open - nor could I find an OTL folder on the C drive

I'm running OTL again to try and generate a extras log

[ken545]

Hi,

It looks like you ran Combofix on your own. Not a good idea, its a powerful tool and can damage your system if not run correctly. This forum , myself and sUbs will not be responsible if you run this tool and damage your system.

C:\ComboFix.txt <-- The log can be found here, post it please

[woody55]

Same thing again - No Extras log ??

[woody55]

Yeah - I got a little desperate in between Mac26 & Woody55 so read somewhere that combofix might work - not sure if it has though.

ComboFix 11-03-01.03 - Murdo & Louise 02/03/2011 12:18:20.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3070.1599 [GMT 0:00]
Running from: c:\users\Murdo & Louise\Desktop\Gentleman.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2011-02-02 to 2011-03-02 )))))))))))))))))))))))))))))))
.

2011-03-02 12:37 . 2011-03-02 12:37 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2011-03-02 12:37 . 2011-03-02 12:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-02 10:06 . 2011-03-02 10:06 71880 ----a-w- c:\windows\system32\PxSecure.dll-10269545
2011-03-01 20:46 . 2011-03-01 20:46 -------- d-----w- c:\program files\Sophos
2011-02-28 23:47 . 2011-02-28 23:47 -------- d-----w- c:\program files\ERUNT
2011-02-23 17:58 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 17:58 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 17:58 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-09 21:19 . 2010-12-21 05:38 981504 ----a-w- c:\windows\system32\wininet.dll
2011-02-08 23:12 . 2010-12-03 09:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-02-08 23:12 . 2011-02-08 23:12 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-08 23:05 . 2011-02-08 23:05 -------- d-----w- c:\users\Murdo & Louise\AppData\Local\Sunbelt Software
2011-02-08 23:04 . 2011-02-13 19:57 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-02-08 23:04 . 2011-02-08 23:12 -------- d-----w- c:\programdata\Lavasoft
2011-02-08 23:04 . 2011-02-08 23:04 -------- d-----w- c:\program files\Lavasoft
2011-02-08 22:35 . 2011-02-08 22:35 -------- d-----w- c:\users\Murdo & Louise\AppData\Roaming\Malwarebytes
2011-02-08 22:34 . 2011-02-08 22:34 -------- d-----w- c:\programdata\Malwarebytes
2011-02-08 22:34 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-08 22:34 . 2011-02-08 22:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-08 22:34 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-19 12:22 . 2010-05-21 00:18 3504 --sha-w- c:\programdata\KGyGaAvL.sys
2011-01-29 20:04 . 2010-10-27 23:45 70646 ----a-w- c:\program files\Uninstall.exe
2011-01-16 23:12 . 2010-05-26 17:03 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-01-16 22:40 . 2010-05-26 17:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-01-16 21:39 . 2010-06-10 07:04 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-12-21 23:41 . 2010-06-01 23:40 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-08 13:12 . 2010-05-20 22:00 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 13:11 . 2010-05-20 22:00 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-12-08 13:11 . 2010-05-20 22:00 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-12-08 13:11 . 2010-05-20 22:00 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-01-27 01:47 . 2010-01-27 01:47 2495080 ----a-w- c:\program files\AmazonMP3Downloader.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2008-11-17 210208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"dlbtmon.exe"="c:\program files\Dell Photo AIO Printer 922\dlbtmon.exe" [2007-02-28 431600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2010-01-07 105632]
"Nuance OmniPage 17-reminder"="c:\program files\Nuance\OmniPage17\Ereg\Ereg.exe" [2008-11-03 54560]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-02-27 278016]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"DLBTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-12 73728]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Keyboard Express 3.lnk - c:\program files\Keyboard Express 3\keyexp.exe [2010-5-20 3364352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 12:28 72208 ----a-w- c:\program files\Common Files\logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-09 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-07 198232]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-07 1353304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-07 73816]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-02-04 15232]
R3 MAFVX;MAFVX;c:\users\MURDO&~1\AppData\Local\Temp\MAFVX.exe [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\D66D.tmp [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-13 84264]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-07 20744]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [x]
S0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\DRIVERS\SI3112r.sys [2007-08-29 116264]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-13 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-13 164840]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 176128]
S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-02-27 143467]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-10-13 141792]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2009-09-15 188736]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 6650368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 231936]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-13 55840]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-07 198232]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-07 1353304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-07 73816]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-07 1227352]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-13 313288]
S3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [2010-02-24 562464]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [x]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - PXRTS
*NewlyCreated* - PXSCAN
*Deregistered* - klmd25
*Deregistered* - mfeavfk01
*Deregistered* - uxrdapoc
.
Contents of the 'Scheduled Tasks' folder

2011-02-20 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-05-21 14:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-OpAgent - OpAgent.exe
HKLM-Run-Corel File Shell Monitor - c:\program files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
AddRemove-HijackThis - c:\users\Murdo & Louise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X2A4Z5KV\HijackThis.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\D66D.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1787969973-3853490696-3738150907-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C57201AC-06E7-9A97-4D3E-370FCC5BB250}*]
"oagljfefmbkbenpecmabdbmehnbdml"=hex:69,61,64,69,69,64,6a,6a,6e,6f,62,63,6a,6c,
66,6a,63,67,00,00
"naampgfnkclfidbjbfddgefnahgh"=hex:69,61,64,69,69,64,6a,6a,6e,6f,62,63,6a,6c,
66,6a,63,67,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4004)
c:\program files\Keyboard Express 3\KEYHOOK.DLL
.
Completion time: 2011-03-02 13:01:33
ComboFix-quarantined-files.txt 2011-03-02 13:01

Pre-Run: 188,731,592,704 bytes free
Post-Run: 188,625,440,768 bytes free

- - End Of File - - 3C073A866730C5F8152F08CC4A9B73CD

[ken545]

Lets do this.


Backup Your Registry with ERUNT:

• Download erunt.zip to your Desktop from here:
  http://aumha.org/downloads/erunt.zip
• Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
• Inside the new folder, double-click ERUNT.exe to start the program
• OK all the prompts to back up your registry to the default location.

Note: to restore your registry, go to the backup folder and start ERDNT.exe







Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  
  Code:

  :OTL
  @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:9B013599
  
  :Services
  
  :Reg
  
  :Files
  
  
  :Commands
  [purity]
  [emptytemp]
  [RESETHOSTS]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post the results of the log and a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Still more to fix but lets get this one out of the way