Ads appearing in internet browser

Cypher · Mar 6, 2010

Hi Robincognito.
I can see why you wouldn't want that information on an open forum.
Please keep that log don't delete it, i will see if i can get the information i need from a different scanner, if not i will find another way for you to get it to me.

Lets try this.

RootRepeal - Rootkit Detector

Download RootRepeal from the following location and save it to your desktop.
Unzip it to your Desktop
Double click RootRepeal.exe to start the program
Click on the Report tab at the bottom of the program window
Click the Scan button
In the Select Scan dialog, check:
- Drivers
- Files
- Processes
- SSDT
- Stealth Objects
- Hidden Services
- Shadow SSDT
Click the OK button
Check the box for your main system drive (Usually C:, and Click OK to start the scan

The scan can take some time. DO NOT run any other programs while the scan is running
When the scan is complete, the Save Report button will become available
Click this and save the report to your Desktop as RootRepeal.txt
Go to File, then Exit to close the program
Post the RootRepeal.txt log in your next reply.

Robincognito · Mar 6, 2010

Forgot to mention before: YouTube is no longer displaying properly in Firefox. The page is formatted completely wrong and there is only text and video thumbnails on the page. Other browsers display YouTube normally. Do you have any idea why this is? I believe it happened after I cleared all that Firefox data with ATF-Cleaner, but I'm not certain.

Robincognito · Mar 6, 2010

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/03/06 20:22
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB4D9E000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA5FE000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP6130
Image Path: \Driver\PCI_PNP6130
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB3E24000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spam.sys
Image Path: spam.sys
Address: 0xB9EB4000 Size: 995328 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: srescan.sys
Image Path: srescan.sys
Address: 0xB9D0F000 Size: 81920 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\$avg\$chjw\1b198ed6-38cf-43ee-88d5-0fb301dbaffe
Status: Size mismatch (API: 2006648, Raw: 1049372)

Path: c:\$avg\$chjw\91dcd54b-fa2c-4b7c-ac86-65747558ada1
Status: Size mismatch (API: 531956, Raw: 280796)

Path: c:\program files\logitech\desktop messenger\8876480\users\Owner\data\d0000000.fcs
Status: Allocation size mismatch (API: 512, Raw: 0)

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\Owner\SharingMetadata\Email\DFSR\Staging\CS{067FB6CB-2D7D-A283-5588-1C2D87C46FB7}\13\13-{3CBFA6EB-A322-4C05-B34C-D671FBEB147B}-v13-{3CBFA6EB-A322-4C05-B34C-D671FBEB147B}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\Owner\SharingMetadata\Email\DFSR\Staging\CS{9E068238-8FE3-78AF-85E3-72249B8F2E6B}\17\17-{D62191E3-50F7-4049-B208-7EDB851B2DCF}-v17-{D62191E3-50F7-4049-B208-7EDB851B2DCF}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\Owner\SharingMetadata\Email\DFSR\Staging\CS{9E068238-8FE3-78AF-85E3-72249B8F2E6B}\18\18-{D62191E3-50F7-4049-B208-7EDB851B2DCF}-v18-{D62191E3-50F7-4049-B208-7EDB851B2DCF}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\Owner\SharingMetadata\Email\DFSR\Staging\CS{9E068238-8FE3-78AF-85E3-72249B8F2E6B}\19\19-{D62191E3-50F7-4049-B208-7EDB851B2DCF}-v19-{D62191E3-50F7-4049-B208-7EDB851B2DCF}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{47676FE0-3AE5-7FDE-E90C-A786B3ACDECC}\12\24-{57~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{5117F27D-EE41-BB79-750C-E6070AF38EC0}\12\12-{394C9F01-3864-4244-B55F-A403A2343640}-v12-{394C9F01-3864-4244-B55F-A403A2343640}-v12-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{52664A42-7068-F9F3-6F47-4FEE0D948A2A}\23\342-{955EACC8-C5DA-4F98-8B9C-E6DE7BCBC251}-v23-{955EACC8-C5DA-4F98-8B9C-E6DE7BCBC251}-v342-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{52664A42-7068-F9F3-6F47-4FEE0D948A2A}\39\340-{955EACC8-C5DA-4F98-8B9C-E6DE7BCBC251}-v39-{955EACC8-C5DA-4F98-8B9C-E6DE7BCBC251}-v340-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\22\243-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v222-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v243-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\53\253-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v253-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v253-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\11\232-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v211-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v232-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\12\233-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v212-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v233-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\14\235-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v214-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v235-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\15\236-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v215-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v236-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\16\237-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v216-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v237-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\17\238-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v217-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v238-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\18\239-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v218-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v239-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\19\240-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v219-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v240-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\20\241-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v220-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v241-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\21\242-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v221-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v242-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\54\254-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v254-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v254-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\55\255-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v255-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v255-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\56\256-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v256-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v256-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\57\257-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v257-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v257-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\59\259-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v259-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v259-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\60\260-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v260-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v260-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\61\161-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v161-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v161-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\61\261-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v261-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v261-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\62\162-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v162-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v162-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\62\262-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v262-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v262-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\63\163-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v163-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v163-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\63\263-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v263-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v263-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\64\164-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v164-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v164-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\64\264-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v264-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v264-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\65\165-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v165-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v165-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\65\265-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v265-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v265-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\66\166-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v166-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v166-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\66\266-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v266-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v266-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\67\167-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v167-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v167-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\67\267-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v267-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v267-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\68\168-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v168-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v168-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\68\268-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v268-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v268-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\69\169-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v169-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v169-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\69\269-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v269-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v269-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\70\170-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v170-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v170-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\70\270-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v270-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v270-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\71\171-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v171-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v171-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\71\271-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v271-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v271-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\72\172-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v172-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v172-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\72\272-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v272-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v272-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\73\173-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v173-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v173-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\73\273-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v273-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v273-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\74\174-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v174-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v174-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\75\175-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v175-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v175-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\76\176-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v176-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v176-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\77\177-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v177-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v177-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\78\178-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v178-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v178-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\79\179-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v179-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v179-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\80\180-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v180-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v180-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\81\181-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v181-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v181-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\82\182-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v182-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v182-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\83\183-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v183-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v183-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\84\184-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v184-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v184-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\Staging\CS{B9DEB159-4451-EDD0-A751-C04E4AA96320}\85\185-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v185-{577E090B-E1DD-4FBB-B251-6B9DCFFDD84D}-v185-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\email\SharingMetadata\Email\DFSR\StagSSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50c1fc0

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50bec80

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50d9170

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50c2580

#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50d6900

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50d6b10

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50dab10

#: 056 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50c2670

#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50bf210

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50d99f0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50d97a0

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50d6280

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spam.sys" at address 0xb9ecdda4

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spam.sys" at address 0xb9ece132

#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50d9f10

#: 099 Function Name: NtLoadKey2
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50d9f90

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50bf070

#: 119 Function Name: NtOpenKey
Status: Hooked by "spam.sys" at address 0xb9eb50c0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50d8180

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50d7f40

#: 160 Function Name: NtQueryKey
Status: Hooked by "spam.sys" at address 0xb9ece20a

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spam.sys" at address 0xb9ece08a

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50da6f0

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50da150

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50c1be0

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50da540

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50c2190

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50bf440

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50d94e0

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50d7200

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50d7080

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8aece1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8aece1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8aece1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8aece1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8aece1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8aece1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8aece1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8aece1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8aece1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8aece1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8aece1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8aece1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8aece1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8aece1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8aece1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8aece1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8aece1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8aece1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8aece1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8aece1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8aece1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8aece1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x8a04c500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x8a04c500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x8a04c500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x8a04c500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a04c500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a04c500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a04c500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x8a04c500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a04c500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a04c500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a04c500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a04c500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a04c500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a04c500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a04c500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a04c500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x8a04c500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x8a04c500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8acc11f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8acc11f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8acc11f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8acc11f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8acc11f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8acc11f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8acc11f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8acc11f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8acc11f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8acc11f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8acc11f8 Size: 121

Object: Hidden Code [Driver: annlhnlcЅఅ坓慤ᕰᠸ괄榔鏯ᇐ첣ꀀ⋉阱, IRP_MJ_CREATE]
Process: System Address: 0x8abba1f8 Size: 121

Object: Hidden Code [Driver: annlhnlcЅఅ坓慤ᕰᠸ괄榔鏯ᇐ첣ꀀ⋉阱, IRP_MJ_CLOSE]
Process: System Address: 0x8abba1f8 Size: 121

Object: Hidden Code [Driver: annlhnlcЅఅ坓慤ᕰᠸ괄榔鏯ᇐ첣ꀀ⋉阱, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8abba1f8 Size: 121

Object: Hidden Code [Driver: annlhnlcЅఅ坓慤ᕰᠸ괄榔鏯ᇐ첣ꀀ⋉阱, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8abba1f8 Size: 121

Object: Hidden Code [Driver: annlhnlcЅఅ坓慤ᕰᠸ괄榔鏯ᇐ첣ꀀ⋉阱, IRP_MJ_POWER]
Process: System Address: 0x8abba1f8 Size: 121

Object: Hidden Code [Driver: annlhnlcЅఅ坓慤ᕰᠸ괄榔鏯ᇐ첣ꀀ⋉阱, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8abba1f8 Size: 121

Object: Hidden Code [Driver: annlhnlcЅఅ坓慤ᕰᠸ괄榔鏯ᇐ첣ꀀ⋉阱, IRP_MJ_PNP]
Process: System Address: 0x8abba1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System Address: 0x8ac8b1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System Address: 0x8ac8b1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System Address: 0x8ac8b1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System Address: 0x8ac8b1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac8b1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac8b1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System Address: 0x8ac8b1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac8b1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System Address: 0x8ac8b1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x8acfc1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x8acfc1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8acfc1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8acfc1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x8acfc1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8acfc1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x8acfc1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8ae601f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8ae601f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8ae601f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8ae601f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ae601f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ae601f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8ae601f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8ae601f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8ae601f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ae601f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8ae601f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x8a76e500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x8a76e500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a76e500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a76e500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x8a76e500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x8a76e500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x8ace51f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x8ace51f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ace51f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ace51f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x8ace51f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ace51f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x8ace51f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x8a1e71f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a1e71f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x8a1e71f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8a1e71f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x8a1e71f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a1e71f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a1e71f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a1e71f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x8a1e71f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a1e71f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a1e71f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a1e71f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a1e71f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a1e71f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a1e71f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a1e71f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a1e71f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a1e71f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x8a1e71f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a1e71f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a1e71f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a1e71f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x8a1e71f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a1e71f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a1e71f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a1e71f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a1e71f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x8a1e71f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ浗灩NdisMofResou, IRP_MJ_CREATE]
Process: System Address: 0x89f841f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ浗灩NdisMofResou, IRP_MJ_CLOSE]
Process: System Address: 0x89f841f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ浗灩NdisMofResou, IRP_MJ_READ]
Process: System Address: 0x89f841f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ浗灩NdisMofResou, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89f841f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ浗灩NdisMofResou, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89f841f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ浗灩NdisMofResou, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89f841f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ浗灩NdisMofResou, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89f841f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ浗灩NdisMofResou, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89f841f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ浗灩NdisMofResou, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89f841f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ浗灩NdisMofResou, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89f841f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ浗灩NdisMofResou, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89f841f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ浗灩NdisMofResou, IRP_MJ_CLEANUP]
Process: System Address: 0x89f841f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ浗灩NdisMofResou, IRP_MJ_PNP]
Process: System Address: 0x89f841f8 Size: 121

Shadow SSDT
-------------------
#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50c0e70

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50c0f20

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50c0fe0

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50bfd60

#: 502 Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb50c1250

==EOF==

Robincognito · Mar 6, 2010

YouTube seems to work fine now. Must have been an unrelated problem.

I do notice now, however, that the last log I posted contains some email addresses. Could you blank them out, please. Maybe I'm just being paranoid but I don't think I should display my friends' email publicly.

Cypher · Mar 7, 2010

Hi Robincognito.
I will get those email addresses removed as soon as possible.
Ok lets try this please continue with the instructions below.

Please navigate to Start >> All Programs >> ERUNT, then double-click ERUNT from the menu.
Click on OK within the pop-up menu.
In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
- System registry.
- Current user registry.
Next click on "OK"... at the prompt... reply "Yes".
After a short duration the Registry backup is complete! pop-up message will appear.
Now click on "OK". A registry backup has now been created.

Next.

Disable AVG9

Open AVG User Interface.
Double-click on the Resident Shield.
Un-tick the option Resident Shield active.
Save the changes.
Note: Don't forget to re-enable it after the fix.

Next

Download and Run ComboFix

Please download ComboFix from one of the following links.

Link 1.

Link 2.

**IMPORTANT !!! Save ComboFix.exe to your Desktop**
Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
Double click on ComboFix.exe & follow the prompts
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Logs/Information to Post in your Next Reply

ComboFix.txt log.
Please give me an update on your computers performance.

Robincognito · Mar 7, 2010

For some reason, Combofix thought I had no internet connection and as a result didn't install Microsoft Windows Recovery Console. The scan went ahead anyway and here is the log.

ComboFix 10-03-07.02 - Robin Scott 07/03/2010 21:35:25.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1482 [GMT 0:00]
Running from: c:\documents and settings\Robin Scott\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk
c:\documents and settings\Robin Scott\Application Data\inst.exe
c:\documents and settings\Robin Scott\Start Menu\Programs\Startup\MagicDisc.lnk
c:\program files\Helper
c:\windows\EventSystem.log
c:\windows\system32\Data

----- BITS: Possible infected sites -----

hxxp://armmf.adobe.com
.
((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 )))))))))))))))))))))))))))))))
.

2010-03-06 14:55 . 2010-03-06 14:55 -------- d-----w- c:\documents and settings\Robin Scott\Application Data\Malwarebytes
2010-03-06 14:55 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-06 14:55 . 2010-03-06 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-06 14:55 . 2010-03-06 14:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-06 14:55 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-05 21:13 . 2010-03-05 21:13 -------- d-----w- C:\_OTM
2010-03-05 18:57 . 2010-03-05 18:57 -------- d-----w- C:\rsit
2010-03-04 17:23 . 2010-03-04 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-02-26 09:08 . 2010-02-26 09:08 -------- d-----w- c:\program files\ERUNT
2010-02-25 13:49 . 2010-02-25 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-25 13:49 . 2010-02-25 13:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-25 13:12 . 2010-02-24 21:18 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-02-25 13:12 . 2010-02-24 21:18 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-02-25 10:45 . 2010-02-25 10:45 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-25 10:42 . 2010-02-25 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-02-24 21:19 . 2010-02-24 22:16 -------- d-----w- C:\$AVG
2010-02-24 21:19 . 2010-02-24 21:19 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-24 21:19 . 2010-02-24 21:19 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-24 21:19 . 2010-02-24 21:19 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-24 21:19 . 2010-02-24 21:19 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-24 21:19 . 2010-03-07 08:53 -------- d-----w- c:\windows\system32\drivers\Avg
2010-02-24 21:18 . 2010-02-24 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-24 20:38 . 2010-02-24 20:38 -------- d-----w- c:\program files\Fraps
2010-02-23 13:34 . 2010-02-23 13:34 -------- d-----w- c:\program files\BestGameEver
2010-02-23 13:09 . 2010-02-23 13:09 -------- d-----w- c:\program files\MagicDisc
2010-02-23 13:09 . 2009-02-24 18:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-15 18:41 . 2010-02-15 18:41 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-14 22:03 . 2010-02-14 22:03 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-02-14 22:02 . 2010-02-14 22:02 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-14 22:02 . 2010-02-14 22:02 -------- d-----w- c:\documents and settings\All Users\Microsoft
2010-02-14 21:57 . 2010-02-14 21:57 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-02-14 21:18 . 2010-02-14 21:18 -------- d-----w- c:\documents and settings\Robin Scott\Local Settings\Application Data\Microsoft Help
2010-02-14 21:17 . 2010-03-04 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-11 23:55 . 2010-02-11 23:55 348160 ----a-w- c:\documents and settings\Robin Scott\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-36143fae-n\msvcr71.dll
2010-02-11 23:55 . 2010-02-11 23:55 503808 ----a-w- c:\documents and settings\Robin Scott\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-36143fae-n\msvcp71.dll
2010-02-11 23:55 . 2010-02-11 23:55 499712 ----a-w- c:\documents and settings\Robin Scott\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-36143fae-n\jmc.dll
2010-02-11 23:55 . 2010-02-11 23:55 61440 ----a-w- c:\documents and settings\Robin Scott\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-620a8510-n\decora-sse.dll
2010-02-11 23:55 . 2010-02-11 23:55 12800 ----a-w- c:\documents and settings\Robin Scott\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-620a8510-n\decora-d3d.dll
2010-02-11 17:04 . 2010-02-11 17:04 -------- d-----w- c:\program files\SimpleOCR
2010-02-11 16:56 . 2010-02-11 16:56 -------- d-----w- c:\program files\What's my computer doing
2010-02-11 10:42 . 2010-02-11 10:42 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-02-06 10:26 . 2010-02-06 10:26 -------- d-----w- C:\Downloads
2010-02-06 10:26 . 2010-02-15 12:14 -------- d-----w- c:\documents and settings\Robin Scott\Application Data\Orbit
2010-02-06 10:26 . 2010-02-06 10:26 -------- d-----w- c:\program files\Orbitdownloader
2010-02-06 00:27 . 2010-02-06 00:27 50354 ----a-w- c:\documents and settings\Robin Scott\Application Data\Facebook\uninstall.exe
2010-02-06 00:27 . 2010-02-06 00:27 -------- d-----w- c:\documents and settings\Robin Scott\Application Data\Facebook

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 11:56 . 2009-08-12 09:48 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-03-07 11:56 . 2009-09-29 16:11 -------- d-----w- c:\program files\DVDVideoSoft
2010-03-05 20:34 . 2010-03-05 20:34 84870 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_03_05_20_26_39_small.dmp.zip
2010-03-04 07:18 . 2008-12-16 16:29 38743289 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-02-26 09:18 . 2007-02-25 15:44 -------- d-----w- c:\documents and settings\Robin Scott\Application Data\uTorrent
2010-02-25 15:40 . 2007-06-24 20:07 80300 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-24 21:18 . 2008-09-23 06:41 -------- d-----w- c:\program files\AVG
2010-02-23 20:32 . 2010-02-23 20:59 3006464 ----a-w- c:\windows\Internet Logs\xDB13.tmp
2010-02-23 20:08 . 2009-04-13 16:07 -------- d-----w- c:\documents and settings\Robin Scott\Application Data\Spotify
2010-02-23 18:07 . 2005-12-31 13:07 107280 ----a-w- c:\documents and settings\Robin Scott\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-23 15:26 . 2010-02-23 15:31 3016704 ----a-w- c:\windows\Internet Logs\xDB12.tmp
2010-02-22 21:27 . 2010-02-22 21:30 3008000 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2010-02-22 14:08 . 2007-03-07 18:18 -------- d-----w- c:\program files\iTunes
2010-02-22 14:06 . 2005-12-22 09:50 -------- d-----w- c:\program files\iPod
2010-02-22 14:06 . 2007-07-05 18:29 -------- d-----w- c:\program files\Common Files\Apple
2010-02-21 01:06 . 2009-06-07 13:13 -------- d-----w- c:\documents and settings\Robin Scott\Application Data\gtk-2.0
2010-02-20 17:57 . 2010-02-20 23:00 3001856 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2010-02-18 15:13 . 2010-02-18 19:13 2998272 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2010-02-16 19:08 . 2007-10-03 18:49 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-16 10:07 . 2010-02-16 10:07 86115 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_02_16_02_17_01_small.dmp.zip
2010-02-16 02:17 . 2010-02-16 10:02 831488 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2010-02-14 18:35 . 2008-01-13 20:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-11 23:55 . 2005-11-22 21:00 -------- d-----w- c:\program files\Common Files\Java
2010-02-11 23:54 . 2005-11-22 21:00 -------- d-----w- c:\program files\Java
2010-02-11 16:52 . 2008-12-02 17:15 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
2010-02-10 20:02 . 2008-07-24 22:03 -------- d-----w- c:\documents and settings\Robin Scott\Application Data\Audacity
2010-02-10 19:52 . 2007-03-14 19:17 -------- d-----w- c:\documents and settings\Robin Scott\Application Data\Publish Providers
2010-02-09 12:03 . 2006-10-29 12:21 -------- d-----w- c:\program files\Alcohol Soft
2010-02-09 11:56 . 2006-10-29 12:14 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-06 19:25 . 2010-02-06 19:54 5818880 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2010-02-06 12:34 . 2006-03-31 19:33 -------- d-----w- c:\program files\Google
2010-02-03 16:32 . 2009-06-14 11:20 -------- d-----w- c:\program files\Hotspot Shield
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\Robin Scott\Application Data\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\Robin Scott\Application Data\Facebook\npfbplugin_1_0_1.dll
2010-01-31 09:18 . 2010-01-30 12:08 -------- d-----w- c:\program files\Windows Desktop Search
2010-01-07 11:54 . 2005-12-23 09:11 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-31 16:50 . 2005-11-22 20:40 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-10 12:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-21 08:15 . 2009-12-21 08:15 87191 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_12_21_00_33_03_small.dmp.zip
2009-12-19 12:58 . 2009-12-19 16:04 2729984 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2009-12-18 16:44 . 2009-12-18 16:47 2728960 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2009-12-17 19:19 . 2009-12-17 19:42 2729472 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2009-12-17 17:14 . 2008-12-09 17:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2004-08-10 13:01 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 17:36 . 2009-12-14 17:38 2719744 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2009-12-14 07:08 . 2004-08-10 12:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-10 20:19 . 2009-12-10 20:19 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-08 19:26 . 2004-08-10 12:51 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-03 22:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-01-29 19:41 . 2009-01-29 19:41 604 ---ha-w- c:\program files\STLL Notifier
2006-05-03 10:06 . 2008-11-15 19:41 163328 --sh--r- c:\windows\system32\flvDX.dll
2008-12-06 21:08 . 2007-03-17 17:25 11270 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 11:47 . 2008-11-15 19:41 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2008-11-15 19:41 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 21:12 556432 ----a-w- c:\progra~1\MICROS~4\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-06-14 11:21 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Google Update"="c:\documents and settings\Robin Scott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-05 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-13 39408]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2009-04-08 2814976]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-31 2478080]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-23 67128]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2009-11-15 33120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-12 304640]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"lxdrmon.exe"="c:\program files\Lexmark 4900 Series\lxdrmon.exe" [2008-09-10 676520]
"EzPrint"="c:\program files\Lexmark 4900 Series\ezprint.exe" [2008-09-10 131752]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"MimocoSoundByte"="c:\program files\Mimoco\SoundByte.exe" [2008-09-03 294912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-07-22 577602]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"Motive SmartBridge"="c:\progra~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe" [2005-06-22 417792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2008-11-17 827904]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Robin Scott\Start Menu\Programs\Startup\
TimeLeft.lnk - c:\program files\TimeLeft3\TimeLeft.exe [2009-2-25 1981104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-24 21:19 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-20 19:57 176128 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi6"=rddv1029.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\WINDOWS\\system32\\lxdrcoms.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [24/02/2010 21:19 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [24/02/2010 21:19 360584]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [09/05/2009 09:40 100944]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [09/05/2009 09:34 41424]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [24/02/2010 21:18 285392]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [08/01/2010 23:42 285744]
R2 lxdr_device;lxdr_device;c:\windows\system32\lxdrcoms.exe -service --> c:\windows\system32\lxdrcoms.exe -service [?]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [24/09/2006 20:22 11776]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [24/09/2006 20:23 3584]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [09/05/2009 09:40 79888]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [27/04/2009 19:39 87696]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29/10/2006 12:14 691696]
S2 gupdate1c9a485b8f38a06;Google Update Service (gupdate1c9a485b8f38a06);c:\program files\Google\Update\GoogleUpdate.exe [14/03/2009 09:17 133104]
S2 lxdrCATSCustConnectService;lxdrCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdrserv.exe [18/04/2009 13:36 98984]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [27/12/2007 12:15 17149]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [11/09/2006 20:41 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [11/09/2006 20:41 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [11/09/2006 20:41 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [11/09/2006 20:41 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [11/09/2006 20:41 83344]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [26/09/2009 04:28 4639136]
S3 RDID1029;Roland Digital Piano;c:\windows\system32\drivers\rdwm1029.sys [31/12/2006 15:53 59553]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [29/10/2006 12:21 223128]
.
Contents of the 'Scheduled Tasks' folder

2010-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]

2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 09:17]

2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 09:17]

2010-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3583078027-1465129755-4142171934-1006Core.job
- c:\documents and settings\Robin Scott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 19:07]

2010-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3583078027-1465129755-4142171934-1006UA.job
- c:\documents and settings\Robin Scott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 19:07]

2010-03-07 c:\windows\Tasks\User_Feed_Synchronization-{1D75D02D-F75E-4D0C-B385-C513E8D3E3D1}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = socks=
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Se&nd to OneNote - /105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} - hxxp://img.piczo.com/images/uploader/ssiPictureUploader.cab
FF - ProfilePath - c:\documents and settings\Robin Scott\Application Data\Mozilla\Firefox\Profiles\p7quk8f0.RobinScott\
FF - prefs.js: browser.search.defaulturl - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - prefs.js: keyword.URL - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - component: c:\documents and settings\Robin Scott\Application Data\Mozilla\Firefox\Profiles\p7quk8f0.RobinScott\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{203ee602-cd80-5f77-045d-7b5e1fdc2165}\components\vA6d1Xc-__6io.dll
FF - plugin: c:\documents and settings\Robin Scott\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Robin Scott\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{62EF1E05-C039-4B59-8349-D6D46B7051B7} - (no file)
HKLM-Run-AOL Spyware Protection - c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
HKU-Default-RunOnce-IETI - c:\program files\Skype\Phone\IEPlugin\unins000.exe
Notify-AtiExtEvent - (no file)
AddRemove-Native Instruments Finale GPO 2.0 - c:\progra~1\FINALE~1.0\UNWISE.EXE
AddRemove-PC-Aquarium Deluxe 3.0 BonusPack_is1 - c:\program files\Formosoft\PC Aquarium Deluxe 3.0\unins000.exe
AddRemove-Skype_is1 - c:\program files\Skype\Phone\unins000.exe
AddRemove-Word Key Demo - c:\program files\Passware\demos\un-wordkeyd.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 21:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3583078027-1465129755-4142171934-1006\Software\SecuROM\License information*]
"datasecu"=hex:89,ac,03,b3,34,df,d8,a8,93,1b,d3,0a,73,0e,f5,24,eb,be,b3,16,d8,
ba,46,72,93,3b,c1,6f,7a,be,47,c2,5c,1f,3c,af,e6,8f,42,20,89,cb,b5,2a,45,f7,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1668)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

- - - - - - - > 'lsass.exe'(1724)
c:\windows\system32\rddv1029.dll
.
Completion time: 2010-03-07 21:49:31
ComboFix-quarantined-files.txt 2010-03-07 21:49

Pre-Run: 11,991,101,440 bytes free
Post-Run: 11,942,039,552 bytes free

- - End Of File - - 4DD3FBBF77E4D9FA9745FABFEBFB2599

Robincognito · Mar 7, 2010

Forgot to mention before: the problem still persists. I imagine that since you told me to use ComboFix you're nearly out of ideas of how to fix this. I'll understand if you no longer wish to spend you time wish me; it's probably better spent on others who need assistance. Unfortunately this is looking like an unsolvable problem. :sad:

Cypher · Mar 8, 2010

Hi Robincognito.

I imagine that since you told me to use ComboFix you're nearly out of ideas of how to fix this. I'll understand if you no longer wish to spend you time wish me; it's probably better spent on others who need assistance.

Your stuck with we until we figure this out

don't worry im not out of ideas yet so stay with me.
It's just taking a while to find whats causing these pop-ups, lets try this.

Fix HijackThis entries

Run HijackThis

If you are on the Main Menu page... Click "Do a system scan only"
If you are on the "scan & fix stuff" page... Press the Scan...button.
When the scan finishes...Place a check mark next to the following entries (if they are still present)
Note: Only check those items listed below.

O4 - Global Startup: South Park Desktop Friends.lnk = C:\Program Files\South Park Desktop Friends\South Park Desktop Friends.exe

Click to expand...
After checking these items... CLOSE ALL open windows except HijackThis.
Click the Fix Checked ...button...to remove the entries you checked.
Choose YES...when prompted to fix the selected items.

Next.

Re-run OTM

Double-click OTM.exe to run it.

Right-click then copy the following code, Do not include the word Code.

Code:

:Reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^South Park Desktop Friends.lnk]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=-
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=-

:Files
C:\Program Files\South Park Desktop Friends
c:\documents and settings\Robin Scott\Application Data\Orbit
c:\documents and settings\Robin Scott\Application Data\uTorrent

:Commands
[emptytemp]
[start explorer]
[Reboot]

Return to OTM, right-click then paste the code into the blank box below
Push the large

button.
OTM may ask to reboot the machine. Please do so if asked.
Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next.

Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.

Double click on RSIT.exe to run it.
Please read the disclaimer... click on Continue.
RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
Please post ONLY the "log.txt", file contents in your next reply.
(This log can be lengthy, so a separate post may be needed.)

Next.

SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
Code:
```
:filefind
spam.sys
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Logs/Information to Post in your Next Reply

OTM log.
RSIT log.txt.
SystemLook.txt log.
Please give me an update on your computers performance.

Robincognito · Mar 8, 2010

Thank you for persevering. :thanks:

OTM log

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^South Park Desktop Friends.lnk\ not found.
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List not found.
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List not found.
========== FILES ==========
File/Folder C:\Program Files\South Park Desktop Friends not found.
c:\documents and settings\Robin Scott\Application Data\Orbit\flink folder moved successfully.
c:\documents and settings\Robin Scott\Application Data\Orbit folder moved successfully.
c:\documents and settings\Robin Scott\Application Data\uTorrent folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Robin Scott
->Temp folder emptied: 443089 bytes
->Temporary Internet Files folder emptied: 5447502 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 66146224 bytes
->Google Chrome cache emptied: 18874181 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3407 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 761 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 87.00 mb

OTM by OldTimer - Version 3.1.10.0 log created on 03082010_180844

Files moved on Reboot...
C:\Documents and Settings\Robin Scott\Local Settings\Temp\~DF10DA.tmp moved successfully.
File C:\WINDOWS\temp\ZLT06b13.TMP not found!

Registry entries deleted on Reboot...

Robincognito · Mar 8, 2010

Logfile of random's system information tool 1.06 (written by random/random)
Run by Robin Scott at 2010-03-08 18:58:54
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 11 GB (16%) free of 73 GB
Total RAM: 2046 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:16, on 08/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\lxdrcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark 4900 Series\lxdrmon.exe
C:\Program Files\Lexmark 4900 Series\ezprint.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Mimoco\SoundByte.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TimeLeft3\TimeLeft.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Robin Scott\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Robin Scott.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [lxdrmon.exe] "C:\Program Files\Lexmark 4900 Series\lxdrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4900 Series\ezprint.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MimocoSoundByte] "C:\Program Files\Mimoco\SoundByte.exe" -d data
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Robin Scott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: Broadband Desktop Help.lnk = C:\Program Files\BT Broadband 2091\Help\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: What's my computer doing.lnk = C:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Save YouTube Video - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
O8 - Extra context menu item: Se&nd to OneNote - res:///105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast.com/hostClientIE.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.piczo.com/images/uploader/ssiPictureUploader.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by16fd.bay16.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9a485b8f38a06) (gupdate1c9a485b8f38a06) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: lxdrCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdrserv.exe
O23 - Service: lxdr_device - - C:\WINDOWS\system32\lxdrcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 1: PC-Aquarium Deluxe - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

--
End of file - 18348 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3583078027-1465129755-4142171934-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3583078027-1465129755-4142171934-1006UA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{1D75D02D-F75E-4D0C-B385-C513E8D3E3D1}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2010-01-12 240912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-02-24 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
UberButton Class - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2005-05-26 181352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}]
YahooTaggedBM Class - C:\Program Files\Yahoo!\Common\YIeTagBm.dll [2005-01-24 115832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-01-30 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL [2009-11-03 556432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-11 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}]
SidebarAutoLaunch Class - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll [2005-02-03 124032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files\Hotspot Shield\hssie\HssIE.dll [2009-06-14 218160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-01 342600]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"UltraMon"=C:\Program Files\UltraMon\UltraMon.exe [2006-10-12 304640]
"UpdatePDRShortCut"=C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-01-04 222504]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-15 981384]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"lxdrmon.exe"=C:\Program Files\Lexmark 4900 Series\lxdrmon.exe [2008-09-10 676520]
"EzPrint"=C:\Program Files\Lexmark 4900 Series\ezprint.exe [2008-09-10 131752]
"XboxStat"=C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-27 734264]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"MimocoSoundByte"=C:\Program Files\Mimoco\SoundByte.exe [2008-09-03 294912]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2009-09-26 83312]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-02-15 141608]
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2002-07-22 577602]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2006-11-24 487424]
"Motive SmartBridge"=C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe [2005-06-22 417792]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]
"dvd43"=C:\Program Files\dvd43\dvd43_tray.exe [2008-11-17 827904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"Google Update"=C:\Documents and Settings\Robin Scott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 133104]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-13 39408]
"WhatPulse"=C:\Program Files\WhatPulse\WhatPulse.exe [2009-04-08 2814976]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe [2005-08-31 2478080]
"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-01-18 196608]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-23 67128]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [2009-11-15 33120]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe
Audible Download Manager.lnk - C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
Broadband Desktop Help.lnk - C:\Program Files\BT Broadband 2091\Help\bin\matcli.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
What's my computer doing.lnk - C:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe

C:\Documents and Settings\Robin Scott\Start Menu\Programs\Startup
TimeLeft.lnk - C:\Program Files\TimeLeft3\TimeLeft.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\wbsys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-02-24 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll [2005-12-20 176128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\ypager.exe"="C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Spotify\spotify.exe"="C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify"
"C:\WINDOWS\system32\lxdrcoms.exe"="C:\WINDOWS\system32\lxdrcoms.exe:*:Enabled:4900 Series Server"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.reg - edit -
.reg - open - c:\Winnt\Regedit.exe %1

======List of files/folders created in the last 1 months======

2010-03-08 18:08:54 ----SHD---- C:\RECYCLER
2010-03-07 21:49:32 ----A---- C:\ComboFix.txt
2010-03-07 21:32:24 ----A---- C:\WINDOWS\zip.exe
2010-03-07 21:32:24 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-03-07 21:32:24 ----A---- C:\WINDOWS\SWSC.exe
2010-03-07 21:32:24 ----A---- C:\WINDOWS\SWREG.exe
2010-03-07 21:32:24 ----A---- C:\WINDOWS\sed.exe
2010-03-07 21:32:24 ----A---- C:\WINDOWS\PEV.exe
2010-03-07 21:32:24 ----A---- C:\WINDOWS\NIRCMD.exe
2010-03-07 21:32:24 ----A---- C:\WINDOWS\MBR.exe
2010-03-07 21:32:24 ----A---- C:\WINDOWS\grep.exe
2010-03-07 21:28:12 ----D---- C:\Qoobox
2010-03-06 20:39:07 ----A---- C:\RootRepeal report 03-06-10 (20-39-07).txt
2010-03-06 14:55:22 ----D---- C:\Documents and Settings\Robin Scott\Application Data\Malwarebytes
2010-03-06 14:55:14 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-03-06 14:55:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-05 21:13:13 ----D---- C:\_OTM
2010-03-05 18:57:02 ----D---- C:\rsit
2010-03-04 17:23:55 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2010-02-26 09:16:04 ----D---- C:\WINDOWS\ERDNT
2010-02-26 09:08:02 ----D---- C:\Program Files\ERUNT
2010-02-25 13:49:40 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-02-25 13:49:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-25 10:42:16 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-02-25 03:01:13 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-24 21:19:36 ----D---- C:\$AVG
2010-02-24 21:19:23 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-02-24 21:18:43 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-02-24 20:38:46 ----D---- C:\Program Files\Fraps
2010-02-23 13:34:44 ----D---- C:\Program Files\BestGameEver
2010-02-23 13:09:32 ----D---- C:\Program Files\MagicDisc
2010-02-14 22:03:34 ----D---- C:\Program Files\Microsoft Synchronization Services
2010-02-14 22:02:34 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2010-02-14 22:02:08 ----D---- C:\Program Files\Common Files\ODBC
2010-02-14 21:57:45 ----D---- C:\Program Files\Microsoft Analysis Services
2010-02-14 21:17:46 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-02-11 23:55:14 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-02-11 23:55:02 ----A---- C:\WINDOWS\system32\javaws.exe
2010-02-11 23:55:02 ----A---- C:\WINDOWS\system32\javaw.exe
2010-02-11 23:55:02 ----A---- C:\WINDOWS\system32\java.exe
2010-02-11 17:04:57 ----A---- C:\WINDOWS\SoftWriting.ini
2010-02-11 17:04:54 ----D---- C:\Program Files\SimpleOCR
2010-02-11 16:56:50 ----D---- C:\Program Files\What's my computer doing
2010-02-11 10:42:56 ----A---- C:\WINDOWS\system32\frapsvid.dll
2010-02-11 00:10:07 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-11 00:09:35 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-11 00:05:14 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-11 00:05:04 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-11 00:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-11 00:04:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-11 00:04:31 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-11 00:03:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-11 00:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$

======List of files/folders modified in the last 1 months======

2010-03-08 18:59:10 ----D---- C:\WINDOWS\Prefetch
2010-03-08 18:58:33 ----D---- C:\WINDOWS\Internet Logs
2010-03-08 18:24:32 ----D---- C:\WINDOWS\Temp
2010-03-08 18:15:32 ----D---- C:\Program Files\Mozilla Firefox
2010-03-08 18:14:42 ----A---- C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt
2010-03-08 18:09:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-07 21:47:31 ----SD---- C:\WINDOWS\Tasks
2010-03-07 21:45:37 ----D---- C:\WINDOWS
2010-03-07 21:45:37 ----A---- C:\WINDOWS\system.ini
2010-03-07 21:45:03 ----D---- C:\WINDOWS\system32
2010-03-07 21:45:02 ----D---- C:\Program Files
2010-03-07 21:42:06 ----D---- C:\WINDOWS\system32\drivers
2010-03-07 21:42:06 ----D---- C:\WINDOWS\AppPatch
2010-03-07 21:42:03 ----D---- C:\Program Files\Common Files
2010-03-07 21:34:41 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-07 11:56:34 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2010-03-07 11:56:23 ----D---- C:\Program Files\DVDVideoSoft
2010-03-07 11:55:16 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-03-06 15:11:25 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2010-03-06 14:15:51 ----SH---- C:\boot.ini
2010-03-06 14:15:51 ----A---- C:\WINDOWS\win.ini
2010-03-06 14:15:34 ----D---- C:\WINDOWS\pss
2010-03-05 20:23:38 ----HD---- C:\WINDOWS\inf
2010-03-05 18:39:43 ----D---- C:\WINDOWS\Minidump
2010-03-04 20:43:32 ----SD---- C:\Documents and Settings\Robin Scott\Application Data\Microsoft
2010-03-03 17:03:12 ----SHD---- C:\WINDOWS\Installer
2010-03-03 17:03:12 ----D---- C:\Config.Msi
2010-02-25 13:55:51 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-25 10:42:09 ----D---- C:\WINDOWS\WinSxS
2010-02-25 03:03:21 ----D---- C:\WINDOWS\ie8updates
2010-02-25 03:01:51 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-25 03:01:25 ----A---- C:\WINDOWS\imsins.BAK
2010-02-24 21:18:46 ----D---- C:\Program Files\AVG
2010-02-23 20:08:16 ----D---- C:\Documents and Settings\Robin Scott\Application Data\Spotify
2010-02-22 14:08:00 ----D---- C:\Program Files\iTunes
2010-02-22 14:06:44 ----D---- C:\Program Files\iPod
2010-02-22 14:06:41 ----D---- C:\Program Files\Common Files\Apple
2010-02-21 01:06:28 ----D---- C:\Documents and Settings\Robin Scott\Application Data\gtk-2.0
2010-02-14 22:14:49 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-14 22:14:31 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-14 22:14:03 ----RSD---- C:\WINDOWS\assembly
2010-02-14 22:13:57 ----D---- C:\WINDOWS\SHELLNEW
2010-02-14 22:04:54 ----RSD---- C:\WINDOWS\Fonts
2010-02-14 22:03:42 ----D---- C:\WINDOWS\system32\wbem
2010-02-14 22:02:37 ----D---- C:\Program Files\Microsoft Office
2010-02-14 21:26:02 ----D---- C:\WINDOWS\system32\config
2010-02-14 18:35:40 ----D---- C:\Program Files\Microsoft Silverlight
2010-02-14 18:33:26 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-02-11 23:55:13 ----D---- C:\Program Files\Common Files\Java
2010-02-11 23:54:59 ----D---- C:\Program Files\Java
2010-02-10 20:02:13 ----D---- C:\Documents and Settings\Robin Scott\Application Data\Audacity
2010-02-10 19:52:53 ----D---- C:\Documents and Settings\Robin Scott\Application Data\Publish Providers
2010-02-09 12:03:33 ----D---- C:\Program Files\Alcohol Soft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-02-24 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-02-24 28424]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-02-24 360584]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 VBoxDrv;VirtualBox Service; C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2009-04-27 100944]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2009-04-27 41424]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-15 353672]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-12-27 17801]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-21 16512]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 UltraMonUtility;UltraMon Utility Driver; \??\C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys []
R3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service; C:\WINDOWS\system32\DRIVERS\WG11TND5.sys [2005-09-05 362944]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-22 130192]
R3 dvd43llh;dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [2009-03-28 18816]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-06 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-06 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-16 61157]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-01-31 22016]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-06 37048]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-22 178672]
R3 ovt519;EyeToy; C:\WINDOWS\System32\Drivers\ov519vid.sys [2003-10-15 174530]
R3 P17;Sound Blaster Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2004-06-09 840960]
R3 taphss;Anchorfree HSS Adapter; C:\WINDOWS\system32\DRIVERS\taphss.sys [2009-09-15 32768]
R3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2006-10-26 27136]
R3 UltraMonMirror;UltraMonMirror; C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 3584]
R3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2009-04-27 79888]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys [2009-04-27 87696]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 a9xbtsot;a9xbtsot; C:\WINDOWS\system32\drivers\a9xbtsot.sys []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ROBINS~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\DNINDIS5.SYS []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\System32\Drivers\itchfltr.sys [2002-07-10 11008]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-09-11 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2006-09-11 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2006-09-11 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2006-09-11 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\k510obex.sys [2006-09-11 83344]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-03-28 47360]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2005-01-31 211712]
S3 RDID1029;Roland Digital Piano; C:\WINDOWS\System32\Drivers\rdwm1029.sys [2005-01-26 59553]
S3 se44bus;Sony Ericsson Device 068 driver (WDM); C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 61536]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 9360]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 97088]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 88624]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS); C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 18704]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 86432]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM); C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20080911.003\SymIDSCo.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2009-07-22 28592]
S3 USB_RNDIS;Belkin High-Speed Mode Wireless G USB Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2006-10-29 223128]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-02-27 61984]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-02-24 285392]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2010-01-09 234032]
R2 HssSrv;Hotspot Shield Routing Service; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [2010-01-08 331824]
R2 HssWd;Hotspot Shield Monitoring Service; C:\Program Files\Hotspot Shield\bin\hsswd.exe [2010-01-08 285744]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-17 153376]
R2 lxdr_device;lxdr_device; C:\WINDOWS\system32\lxdrcoms.exe [2008-05-16 594600]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2008-04-07 241734]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-15 2402184]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 gupdate1c9a485b8f38a06;Google Update Service (gupdate1c9a485b8f38a06); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-14 133104]
S2 lxdrCATSCustConnectService;lxdrCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdrserv.exe [2008-05-16 98984]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-03-01 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-19 182768]
S3 HssTrayService;Hotspot Shield Tray Service; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2010-01-09 57640]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2009-09-26 149336]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 YPCService;YPCService; C:\WINDOWS\system32\YPCSER~1.EXE [2003-05-19 86016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 19:00 on 08/03/2010 by Robin Scott (Administrator - Elevation successful)

========== filefind ==========

Searching for "spam.sys"
No files found.

-=End Of File=-

Cypher · Mar 8, 2010

Hi Robincognito.

Thank you for persevering.

Your most welcome.
Are the pop-ups still happening now?

Please run ATF Cleaner again, it should still be on your Desktop.

Next.

Disable AVG9

Open AVG User Interface.
Double-click on the Resident Shield.
Un-tick the option Resident Shield active.
Save the changes.
Note: Don't forget to re-enable it after the below scan.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Please go Here then click on:

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

Click to expand...
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Logs/Information to Post in your Next Reply

ESET log.
Popups still happening?.

Robincognito · Mar 11, 2010

Sorry I haven't replied; I've been really busy. To answer your question, yes, the pop-ups are still happening unfortunately. :sad:

I started doing the steps you instructed me to do a couple of days ago but my computer froze. (That's happens almost every day anyway). I'm going to try again later today.

Robincognito · Mar 11, 2010

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=b50d28a549dc51439af39abe4ddfe2b1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-03-11 11:35:10
# local_time=2010-03-11 11:35:10 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 66022971 66022971 0 0
# compatibility_mode=1024 16777191 100 0 1296988 1296988 0 0
# compatibility_mode=8192 67108863 100 0 261457 261457 0 0
# compatibility_mode=9217 16777214 100 74 29643948 36627856 0 0
# scanned=167902
# found=4
# cleaned=0
# scan_time=10798
C:\i386\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent application 00000000000000000000000000000000 I
C:\Program Files\Hotspot Shield\bin\openvpnas.exe Win32/Adware.AnchorFree application 00000000000000000000000000000000 I
C:\WINDOWS\FlyakiteOSX\Tools\wfpdisable.exe Win32/WFPDisabler.A application 00000000000000000000000000000000 I
${Memory} Win32/Adware.AnchorFree application 00000000000000000000000000000000 I

Cypher · Mar 12, 2010

Hi Robincognito.
Please continue with the instructions below.

Please navigate to Start >> All Programs >> ERUNT, then double-click ERUNT from the menu.
Click on OK within the pop-up menu.
In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
- System registry.
- Current user registry.
Next click on "OK"... at the prompt... reply "Yes".
After a short duration the Registry backup is complete! pop-up message will appear.
Now click on "OK". A registry backup has now been created.

Next.

Re-run OTM

Double-click OTM.exe to run it.

Right-click then copy the following code, Do not include the word Code.

Code:

:Services
a4w941na

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{871cceb4-d3e6-11db-b869-0011507e6547}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91087476-318d-11de-909d-001b2fb3a121}]

:Files
C:\WINDOWS\system32\drivers\a4w941na.sys 
C:\i386\GTDownDE_87.ocx 
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\FlyakiteOSX\Tools\wfpdisable.exe

:Commands
[emptytemp]
[start explorer]
[Reboot]

Return to OTM, right-click then paste the code into the blank box below
Push the large

button.
OTM may ask to reboot the machine. Please do so if asked.
Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next.

Please note the instructions for this scan are slightly different to run a full scan.

Malwarebytes Anti-Malware:

Launch the application, Check for Updates >> Perform Full Scan.
When the scan is complete, click OK, then Show Results to view the results.
Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
When completed, a log will open in Notepad. please copy and paste the log into your next reply.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.

Double click on RSIT.exe to run it.
Please read the disclaimer... click on Continue.
RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
Please post ONLY the "log.txt", file contents in your next reply.
(This log can be lengthy, so a separate post may be needed.)

Logs/Information to Post in your Next Reply

OTM log
Malwarebytes log.
RSIT log.txt log.
Please give me an update on your computers performance, Pop-ups still happening?

Robincognito · Mar 13, 2010

OTM log

All processes killed
========== SERVICES/DRIVERS ==========
Error: No service named a4w941na was found to stop!
Service\Driver key a4w941na not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{871cceb4-d3e6-11db-b869-0011507e6547}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871cceb4-d3e6-11db-b869-0011507e6547}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91087476-318d-11de-909d-001b2fb3a121}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91087476-318d-11de-909d-001b2fb3a121}\ not found.
========== FILES ==========
File/Folder C:\WINDOWS\system32\drivers\a4w941na.sys not found.
C:\i386\GTDownDE_87.ocx moved successfully.
C:\Program Files\Hotspot Shield\bin\openvpnas.exe moved successfully.
C:\WINDOWS\FlyakiteOSX\Tools\wfpdisable.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Robin Scott
->Temp folder emptied: 443252 bytes
->Temporary Internet Files folder emptied: 5384415 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 45314763 bytes
->Google Chrome cache emptied: 29808850 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 4014 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 823 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 15959139 bytes

Total Files Cleaned = 92.00 mb

OTM by OldTimer - Version 3.1.10.0 log created on 03122010_164433

Files moved on Reboot...
C:\Documents and Settings\Robin Scott\Local Settings\Temp\~DF9298.tmp moved successfully.
File C:\WINDOWS\temp\ZLT02374.TMP not found!

Registry entries deleted on Reboot...

Malwarebytes log

Malwarebytes' Anti-Malware 1.44
Database version: 3862
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13/03/2010 15:52:58
mbam-log-2010-03-13 (15-52-58).txt

Scan type: Full Scan (C:\|)
Objects scanned: 326827
Time elapsed: 1 hour(s), 57 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Sibelius Software\Sibelius 4\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1324\A0302712.exe (Malware.Packer.Gen) -> Not selected for removal.
C:\_OTM\MovedFiles\03122010_164433\C_i386\GTDownDE_87.ocx (Adware.Gdown) -> Quarantined and deleted successfully.

Robincognito · Mar 13, 2010

Logfile of random's system information tool 1.06 (written by random/random)
Run by Robin Scott at 2010-03-13 16:29:43
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 12 GB (16%) free of 73 GB
Total RAM: 2046 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:30:15, on 13/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdrcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark 4900 Series\lxdrmon.exe
C:\Program Files\Lexmark 4900 Series\ezprint.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Mimoco\SoundByte.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TimeLeft3\TimeLeft.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Robin Scott\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Robin Scott\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Robin Scott\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Robin Scott.exe
C:\WINDOWS\system32\msfeedssync.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [lxdrmon.exe] "C:\Program Files\Lexmark 4900 Series\lxdrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4900 Series\ezprint.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MimocoSoundByte] "C:\Program Files\Mimoco\SoundByte.exe" -d data
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Robin Scott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: Broadband Desktop Help.lnk = C:\Program Files\BT Broadband 2091\Help\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: What's my computer doing.lnk = C:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Save YouTube Video - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
O8 - Extra context menu item: Se&nd to OneNote - res:///105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast.com/hostClientIE.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.piczo.com/images/uploader/ssiPictureUploader.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by16fd.bay16.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9a485b8f38a06) (gupdate1c9a485b8f38a06) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe (file missing)
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: lxdrCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdrserv.exe
O23 - Service: lxdr_device - - C:\WINDOWS\system32\lxdrcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 1: PC-Aquarium Deluxe - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

--
End of file - 18452 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3583078027-1465129755-4142171934-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3583078027-1465129755-4142171934-1006UA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{1D75D02D-F75E-4D0C-B385-C513E8D3E3D1}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2010-01-12 240912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-02-24 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
UberButton Class - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2005-05-26 181352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}]
YahooTaggedBM Class - C:\Program Files\Yahoo!\Common\YIeTagBm.dll [2005-01-24 115832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-01-30 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL [2009-11-03 556432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-11 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}]
SidebarAutoLaunch Class - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll [2005-02-03 124032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files\Hotspot Shield\hssie\HssIE.dll [2009-06-14 218160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-01 342600]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"UltraMon"=C:\Program Files\UltraMon\UltraMon.exe [2006-10-12 304640]
"UpdatePDRShortCut"=C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-01-04 222504]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-15 981384]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"lxdrmon.exe"=C:\Program Files\Lexmark 4900 Series\lxdrmon.exe [2008-09-10 676520]
"EzPrint"=C:\Program Files\Lexmark 4900 Series\ezprint.exe [2008-09-10 131752]
"XboxStat"=C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-27 734264]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"MimocoSoundByte"=C:\Program Files\Mimoco\SoundByte.exe [2008-09-03 294912]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2009-09-26 83312]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-02-15 141608]
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2002-07-22 577602]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2006-11-24 487424]
"Motive SmartBridge"=C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe [2005-06-22 417792]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]
"dvd43"=C:\Program Files\dvd43\dvd43_tray.exe [2008-11-17 827904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"Google Update"=C:\Documents and Settings\Robin Scott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 133104]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-13 39408]
"WhatPulse"=C:\Program Files\WhatPulse\WhatPulse.exe [2009-04-08 2814976]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe [2005-08-31 2478080]
"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-01-18 196608]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-23 67128]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [2009-11-15 33120]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe
Audible Download Manager.lnk - C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
Broadband Desktop Help.lnk - C:\Program Files\BT Broadband 2091\Help\bin\matcli.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
What's my computer doing.lnk - C:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe

C:\Documents and Settings\Robin Scott\Start Menu\Programs\Startup
TimeLeft.lnk - C:\Program Files\TimeLeft3\TimeLeft.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\wbsys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-02-24 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll [2005-12-20 176128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\ypager.exe"="C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Spotify\spotify.exe"="C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify"
"C:\WINDOWS\system32\lxdrcoms.exe"="C:\WINDOWS\system32\lxdrcoms.exe:*:Enabled:4900 Series Server"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.reg - edit -
.reg - open - c:\Winnt\Regedit.exe %1

======List of files/folders created in the last 1 months======

2010-03-12 00:01:09 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-08 18:08:54 ----SHD---- C:\RECYCLER
2010-03-07 21:49:32 ----A---- C:\ComboFix.txt
2010-03-07 21:32:24 ----A---- C:\WINDOWS\zip.exe
2010-03-07 21:32:24 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-03-07 21:32:24 ----A---- C:\WINDOWS\SWSC.exe
2010-03-07 21:32:24 ----A---- C:\WINDOWS\SWREG.exe
2010-03-07 21:32:24 ----A---- C:\WINDOWS\sed.exe
2010-03-07 21:32:24 ----A---- C:\WINDOWS\PEV.exe
2010-03-07 21:32:24 ----A---- C:\WINDOWS\NIRCMD.exe
2010-03-07 21:32:24 ----A---- C:\WINDOWS\MBR.exe
2010-03-07 21:32:24 ----A---- C:\WINDOWS\grep.exe
2010-03-07 21:28:12 ----D---- C:\Qoobox
2010-03-06 20:39:07 ----A---- C:\RootRepeal report 03-06-10 (20-39-07).txt
2010-03-06 14:55:22 ----D---- C:\Documents and Settings\Robin Scott\Application Data\Malwarebytes
2010-03-06 14:55:14 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-03-06 14:55:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-05 21:13:13 ----D---- C:\_OTM
2010-03-05 18:57:02 ----D---- C:\rsit
2010-03-04 17:23:55 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2010-02-26 09:16:04 ----D---- C:\WINDOWS\ERDNT
2010-02-26 09:08:02 ----D---- C:\Program Files\ERUNT
2010-02-25 13:49:40 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-02-25 13:49:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-25 10:42:16 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-02-25 03:01:13 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-24 21:19:36 ----D---- C:\$AVG
2010-02-24 21:19:23 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-02-24 21:18:43 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-02-23 13:34:44 ----D---- C:\Program Files\BestGameEver
2010-02-23 13:09:32 ----D---- C:\Program Files\MagicDisc
2010-02-14 22:03:34 ----D---- C:\Program Files\Microsoft Synchronization Services
2010-02-14 22:02:34 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2010-02-14 22:02:08 ----D---- C:\Program Files\Common Files\ODBC
2010-02-14 21:57:45 ----D---- C:\Program Files\Microsoft Analysis Services
2010-02-14 21:17:46 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

======List of files/folders modified in the last 1 months======

2010-03-13 16:14:40 ----D---- C:\WINDOWS\Internet Logs
2010-03-13 16:00:21 ----A---- C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt
2010-03-13 15:59:17 ----D---- C:\WINDOWS\Temp
2010-03-13 15:55:13 ----D---- C:\WINDOWS\system32\drivers
2010-03-13 15:53:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-13 15:53:06 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2010-03-13 12:31:18 ----D---- C:\WINDOWS\Prefetch
2010-03-12 22:39:15 ----D---- C:\Program Files\Mozilla Firefox
2010-03-12 16:56:21 ----SHD---- C:\WINDOWS\Installer
2010-03-12 16:56:21 ----D---- C:\Config.Msi
2010-03-12 16:51:11 ----D---- C:\Program Files
2010-03-12 16:44:38 ----D---- C:\i386
2010-03-12 07:00:45 ----D---- C:\WINDOWS
2010-03-12 00:01:15 ----HD---- C:\WINDOWS\inf
2010-03-12 00:01:11 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-03-12 00:01:11 ----D---- C:\Program Files\Movie Maker
2010-03-12 00:00:12 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-12 00:00:09 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-09 18:53:31 ----D---- C:\WINDOWS\system32
2010-03-07 21:47:31 ----SD---- C:\WINDOWS\Tasks
2010-03-07 21:45:37 ----A---- C:\WINDOWS\system.ini
2010-03-07 21:42:06 ----D---- C:\WINDOWS\AppPatch
2010-03-07 21:42:03 ----D---- C:\Program Files\Common Files
2010-03-07 11:56:34 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2010-03-07 11:56:23 ----D---- C:\Program Files\DVDVideoSoft
2010-03-06 15:11:25 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2010-03-06 14:15:51 ----SH---- C:\boot.ini
2010-03-06 14:15:51 ----A---- C:\WINDOWS\win.ini
2010-03-06 14:15:34 ----D---- C:\WINDOWS\pss
2010-03-05 18:39:43 ----D---- C:\WINDOWS\Minidump
2010-03-04 20:43:32 ----SD---- C:\Documents and Settings\Robin Scott\Application Data\Microsoft
2010-03-02 05:30:12 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-25 13:55:51 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-25 10:42:09 ----D---- C:\WINDOWS\WinSxS
2010-02-25 03:03:27 ----A---- C:\WINDOWS\imsins.BAK
2010-02-25 03:03:21 ----D---- C:\WINDOWS\ie8updates
2010-02-24 21:18:46 ----D---- C:\Program Files\AVG
2010-02-23 20:08:16 ----D---- C:\Documents and Settings\Robin Scott\Application Data\Spotify
2010-02-22 14:08:00 ----D---- C:\Program Files\iTunes
2010-02-22 14:06:44 ----D---- C:\Program Files\iPod
2010-02-22 14:06:41 ----D---- C:\Program Files\Common Files\Apple
2010-02-21 01:06:28 ----D---- C:\Documents and Settings\Robin Scott\Application Data\gtk-2.0
2010-02-14 22:14:49 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-14 22:14:31 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-14 22:14:03 ----RSD---- C:\WINDOWS\assembly
2010-02-14 22:13:57 ----D---- C:\WINDOWS\SHELLNEW
2010-02-14 22:04:54 ----RSD---- C:\WINDOWS\Fonts
2010-02-14 22:03:42 ----D---- C:\WINDOWS\system32\wbem
2010-02-14 22:02:37 ----D---- C:\Program Files\Microsoft Office
2010-02-14 21:26:02 ----D---- C:\WINDOWS\system32\config
2010-02-14 18:35:40 ----D---- C:\Program Files\Microsoft Silverlight
2010-02-14 18:33:26 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-02-24 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-02-24 28424]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-02-24 360584]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 VBoxDrv;VirtualBox Service; C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2009-04-27 100944]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2009-04-27 41424]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-15 353672]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-12-27 17801]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-21 16512]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 UltraMonUtility;UltraMon Utility Driver; \??\C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys []
R3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service; C:\WINDOWS\system32\DRIVERS\WG11TND5.sys [2005-09-05 362944]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-22 130192]
R3 dvd43llh;dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [2009-03-28 18816]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-06 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-06 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-16 61157]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-01-31 22016]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-06 37048]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-22 178672]
R3 ovt519;EyeToy; C:\WINDOWS\System32\Drivers\ov519vid.sys [2003-10-15 174530]
R3 P17;Sound Blaster Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2004-06-09 840960]
R3 taphss;Anchorfree HSS Adapter; C:\WINDOWS\system32\DRIVERS\taphss.sys [2009-09-15 32768]
R3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2006-10-26 27136]
R3 UltraMonMirror;UltraMonMirror; C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 3584]
R3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2009-04-27 79888]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys [2009-04-27 87696]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 akjwxv0m;akjwxv0m; C:\WINDOWS\system32\drivers\akjwxv0m.sys []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ROBINS~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\DNINDIS5.SYS []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\System32\Drivers\itchfltr.sys [2002-07-10 11008]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-09-11 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2006-09-11 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2006-09-11 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2006-09-11 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\k510obex.sys [2006-09-11 83344]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-03-28 47360]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2005-01-31 211712]
S3 RDID1029;Roland Digital Piano; C:\WINDOWS\System32\Drivers\rdwm1029.sys [2005-01-26 59553]
S3 se44bus;Sony Ericsson Device 068 driver (WDM); C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 61536]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 9360]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 97088]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 88624]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS); C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 18704]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 86432]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM); C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20080911.003\SymIDSCo.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2009-07-22 28592]
S3 USB_RNDIS;Belkin High-Speed Mode Wireless G USB Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2006-10-29 223128]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-02-27 61984]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-02-24 285392]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 HssSrv;Hotspot Shield Routing Service; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [2010-01-08 331824]
R2 HssWd;Hotspot Shield Monitoring Service; C:\Program Files\Hotspot Shield\bin\hsswd.exe [2010-01-08 285744]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-17 153376]
R2 lxdr_device;lxdr_device; C:\WINDOWS\system32\lxdrcoms.exe [2008-05-16 594600]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2008-04-07 241734]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-15 2402184]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 gupdate1c9a485b8f38a06;Google Update Service (gupdate1c9a485b8f38a06); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-14 133104]
S2 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe []
S2 lxdrCATSCustConnectService;lxdrCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdrserv.exe [2008-05-16 98984]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-03-01 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-19 182768]
S3 HssTrayService;Hotspot Shield Tray Service; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2010-01-09 57640]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2009-09-26 149336]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 YPCService;YPCService; C:\WINDOWS\system32\YPCSER~1.EXE [2003-05-19 86016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Unfortunately, the ads are still appearing. Do you think the problem could be sorted by something as simple as reinstalling Firefox? Just an idea.

Cypher · Mar 13, 2010

Hi Robincognito.
I can't see anything in your logs to explain these ads appearing.
Quite possibly something is hiding from the scans.
Ok lets try resetting FireFox and see if we can get Gmer to run.

Reset FireFox:

Click on Start >> Run...
Enter the following command:

firefox.exe -safe-mode

Click to expand...
In the open window, select Reset all preferences to default Firefox.
Click on Make the changes and restart.
After FireFox restarts click on Check for Updates...

Next.

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Next.

GMER Rootkit Scanner

Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
Save it where you can easily find it, such as your desktop, and post it in your next reply

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.

Next.

Upload a File to Jotti

Please go to jotti.org

Copy/paste this file and path into the white box at the top:

C:\WINDOWS\system32\drivers\akjwxv0m.sys

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

If you have trouble using jotti try Virustotal

Logs/Information to Post in your Next Reply

Gmer.txt log.
jotti or virustotal results.
Please give me an update on your computers performance.

Robincognito · Mar 16, 2010

Sorry I haven't replied. Unfortunately, I won't be able to run GMER for a couple of days because I've been really busy and I need my computer for work at the moment.

I just replied now so that this doesn't get archived.

I will follow your instructions as soon as possible.

Thanks.

Dakeyras · Mar 20, 2010

Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Ads appearing in internet browser

Cypher

Visiting Fellow

Robincognito

New member

Robincognito

New member

Robincognito

New member

Cypher

Visiting Fellow

Robincognito

New member

Robincognito

New member

Cypher

Visiting Fellow

Robincognito

New member

Robincognito

New member

Cypher

Visiting Fellow

Robincognito

New member

Robincognito

New member

Cypher

Visiting Fellow

Robincognito

New member

Robincognito

New member

Cypher

Visiting Fellow

Robincognito

New member

Dakeyras

Security Expert-Emeritus