Click.GiftLoad Help needed

I think the TeaTimer in Spybot prevented the original fix from taking

Disable the TeaTimer, leave it disabled, do not turn it back on until we're done or it will prevent fixes from taking[/b]
  • Run Spybot-S&D in Advanced Mode.
  • If it is not already set to do this Go to the Mode menu select "Advanced Mode"
  • On the left hand side, Click on Tools
  • Then click on the Resident Icon in the List
  • Uncheck "Resident TeaTimer" and OK any prompts.
  • Restart your computer.<--You need to do this for it to take effect
Please do not proceed until the TeaTimer is disabled



Redownload OTL to your desktop

http://oldtimer.geekstogo.com/OTL.exe

Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :processes
killallprocesses

:OTL



:Services

:Reg
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION]
"svchost.exe"=-





:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces.
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )



When your done, reboot and run Spybot and see if its gone
 
Ken,
First log:-

All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\\svchost.exe not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: David Roberts
->Temp folder emptied: 1422258 bytes
->Temporary Internet Files folder emptied: 2825039 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 9086 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Elen Roberts
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 57324322 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Nathan Roberts
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 49016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Samantha Roberts
->Temp folder emptied: 11573 bytes
->Temporary Internet Files folder emptied: 70568461 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1152 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 678934 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 96065510 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 218.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05262011_215448

Files\Folders moved on Reboot...
C:\Documents and Settings\David Roberts\Local Settings\Temporary Internet Files\Content.IE5\E3AX37Q6\showthread[1].htm moved successfully.
C:\Documents and Settings\David Roberts\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
C:\WINDOWS\temp\TMP000000031BF11CC9ED646282 moved successfully.

Registry entries deleted on Reboot...

With the second scan do I just run a 'run scan' with nothing in the box?
 
This is the second 'normal' scan in anticipation!:-

OTL logfile created on: 26/05/2011 22:40:15 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\David Roberts\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 4.48 Gb Free Space | 6.02% Space Free | Partition Type: NTFS

Computer Name: LAPTOP1 | User Name: David Roberts | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/18 23:22:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Roberts\Desktop\OTL.exe
PRC - [2011/02/09 16:00:00 | 000,610,120 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/29 11:55:44 | 002,676,696 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2010/11/17 10:29:38 | 000,287,024 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/12/26 22:02:22 | 000,349,600 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe
PRC - [2009/12/22 03:31:26 | 000,217,088 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2008/04/14 15:03:54 | 000,596,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2006/05/08 05:17:56 | 000,081,920 | ---- | M] () -- C:\Program Files\Sony\SonicStage\SSAAD.exe
PRC - [2004/12/03 13:24:20 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2004/10/14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/03/01 04:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9EE.EXE
PRC - [2003/10/23 18:33:02 | 001,224,754 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2003/10/23 18:30:04 | 000,786,484 | ---- | M] (AHEAD Software) -- C:\Program Files\Ahead\InCD\incdsrv.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/05/18 23:22:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Roberts\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/14 14:58:14 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2006/05/03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/11/17 10:29:38 | 000,287,024 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/12/22 03:31:26 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/06/15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2006/05/08 04:24:54 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006/04/27 17:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/04/27 17:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/04/27 17:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2003/10/23 18:30:04 | 000,786,484 | ---- | M] (AHEAD Software) [Auto | Running] -- C:\Program Files\Ahead\InCD\incdsrv.exe -- (InCDsrv)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/05/26 22:21:59 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A1246FE-661E-4E7B-BBF9-4A1AD5D90A52}\MpKsl4469226d.sys -- (MpKsl4469226d)
DRV - [2011/05/26 21:55:14 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A1246FE-661E-4E7B-BBF9-4A1AD5D90A52}\MpKsle382e12b.sys -- (MpKsle382e12b)
DRV - [2011/05/26 21:14:04 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A1246FE-661E-4E7B-BBF9-4A1AD5D90A52}\MpKsl2637776f.sys -- (MpKsl2637776f)
DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/11/25 10:53:58 | 000,160,448 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2010/11/25 10:42:10 | 000,124,992 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2010/11/24 09:18:16 | 000,089,192 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/11/17 10:19:50 | 000,249,616 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/09/27 08:24:58 | 000,027,264 | ---- | M] (CSR) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nokiackx.sys -- (nokiackx)
DRV - [2010/07/08 09:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdisMP)
DRV - [2010/07/08 09:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdis)
DRV - [2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/22 03:31:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/12/22 03:31:02 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2009/09/19 06:30:10 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/09/19 06:30:10 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bserd.sys -- (ss_bserd)
DRV - [2009/09/19 06:30:10 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/09/19 06:30:10 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/15 12:14:02 | 000,990,632 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/04/15 12:13:58 | 000,534,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/04/13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/03/27 18:18:12 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/03/10 19:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/02/04 18:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/12/31 18:06:10 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2007/10/08 14:38:48 | 000,174,530 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov519vid.sys -- (ovt519)
DRV - [2007/09/20 12:59:14 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/04/02 23:13:46 | 000,021,632 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/12/14 12:27:18 | 000,040,832 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2006/07/24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/02/20 20:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2005/06/20 15:42:16 | 003,281,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/04/13 11:12:38 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/04/04 17:25:36 | 000,160,768 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/03/31 13:14:16 | 000,266,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/03/31 13:14:16 | 000,026,496 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\g3grumdm.sys -- (G3GRUMDM)
DRV - [2005/03/31 13:14:16 | 000,023,296 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\g3gruser.sys -- (G3GRUSER)
DRV - [2005/03/04 12:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/01/31 18:23:08 | 000,109,319 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/08/04 09:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 09:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/04/26 09:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/04/14 07:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003/11/18 06:01:34 | 000,062,673 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\odysseyIM3.sys -- (odysseyIM3)
DRV - [2003/10/23 18:34:34 | 000,028,560 | ---- | M] (Ahead Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)
DRV - [2003/10/23 18:34:14 | 000,088,400 | ---- | M] (Ahead Software) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\incdfs.sys -- (InCDfs)
DRV - [2003/08/21 15:56:36 | 000,025,520 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm)
DRV - [2003/06/06 11:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2002/09/20 11:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2001/08/17 12:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.talktalk.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\extensions\\{EFB458FC-F343-413F-8DF7-2658C04A8C52}: C:\Documents and Settings\Nathan Roberts\Local Settings\Application Data\{EFB458FC-F343-413F-8DF7-2658C04A8C52} [2010/07/06 15:45:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{A81C6ECF-DBAC-46A8-AB0F-1772D2A05683}: C:\Documents and Settings\Samantha Roberts\Local Settings\Application Data\{A81C6ECF-DBAC-46A8-AB0F-1772D2A05683} [2010/07/11 08:50:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{184CA625-3265-40F7-98DA-F49D55AE2F79}: C:\Documents and Settings\Elen Roberts\Local Settings\Application Data\{184CA625-3265-40F7-98DA-F49D55AE2F79}
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/01/05 19:32:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/05/16 19:47:46 | 000,000,000 | ---D | M]

[2008/03/03 18:31:43 | 000,000,000 | ---D | M] (Talkback) -- C:\PROGRAM FILES\MOZILLA THUNDERBIRD\EXTENSIONS\TALKBACK@MOZILLA.ORG

O1 HOSTS File: ([2011/05/26 21:54:51 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {9A928341-D366-4032-A471-6EC120CD9B73} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (no name) - {E4F3F5D3-847E-4970-8754-9165E77EEE13} - No CLSID value found.
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [\BEDROOM\CX6600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [\BEDROOM\EPSON] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [\BEDROOM\EPSON CX6600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus CX6600 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [Spyware Doctor] File not found
O4 - HKCU..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\WINDOWS\Installer\{F128BA10-362E-11D3-81AB-00C04FB932BA}\4EBD23F5.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VideoCam Suite.lnk = C:\Program Files\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe (Panasonic Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\David Roberts\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: autotrader.co.uk ([www] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1B735B98-8010-11D5-AD0B-00500463D885} http://www.partsarena.co.uk/baxi/Plugins/IMIESRCH.cab (SearchCD Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {36C17E9B-3354-11D1-95CF-0000B4530F04} http://www.partsarena.com/baxi/Plugins/GFXVIEW.cab (GrafixViewControl)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240350071421 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240349950203 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/26 09:30:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/05/19 19:45:53 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\David Roberts\Desktop\spybotsd162.exe
[2011/05/18 23:25:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/18 23:22:42 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David Roberts\Desktop\OTL.exe
[2011/05/16 22:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2011/05/16 22:01:07 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/05/16 21:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/05/16 21:52:16 | 007,866,472 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\David Roberts\Desktop\mseinstall.exe
[2011/05/16 00:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Roberts\Application Data\PCToolsFirewallPlus
[2011/05/16 00:53:48 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/05/16 00:53:47 | 000,160,448 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/05/16 00:53:46 | 000,249,616 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/05/16 00:52:14 | 000,089,192 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys
[2011/05/16 00:52:14 | 000,057,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis.sys
[2011/05/16 00:52:14 | 000,032,808 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys
[2011/05/16 00:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Firewall Plus
[2011/05/16 00:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/05/16 00:52:12 | 000,124,992 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys
[2011/05/16 00:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Firewall Plus
[2011/05/16 00:50:28 | 010,234,024 | ---- | C] ( ) -- C:\Documents and Settings\David Roberts\Desktop\fwinstall.exe
[2011/05/16 00:35:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/05/16 00:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/05/16 00:34:23 | 003,194,296 | ---- | C] (Javacool Software LLC ) -- C:\Documents and Settings\David Roberts\Desktop\spywareblastersetup44.exe
[2011/05/15 21:44:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/15 18:07:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/15 15:16:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/14 12:50:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/05/14 11:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2011/05/13 01:14:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/05/13 01:05:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/11 20:59:05 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\David Roberts\Desktop\aswMBR.exe
[2011/05/08 13:49:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/08 13:48:25 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/08 13:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/05/08 13:46:37 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\David Roberts\Desktop\erunt-setup.exe
[2011/05/06 19:03:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/06 19:03:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/06 19:03:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/06 19:03:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/05 19:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[5 C:\Documents and Settings\David Roberts\My Documents\*.tmp files -> C:\Documents and Settings\David Roberts\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/26 22:45:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{27FF52A0-9509-4DD6-A1FD-E8ADFEA13033}.job
[2011/05/26 22:40:08 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2F101100-00B3-42AC-896F-CF4BCEB79A51}.job
[2011/05/26 22:26:59 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/26 22:23:34 | 000,002,565 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
[2011/05/26 22:22:57 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/26 22:22:17 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/05/26 22:22:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/26 22:21:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/26 22:21:41 | 2137,509,888 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/26 21:54:51 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/26 21:10:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/25 23:11:25 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/05/19 22:48:53 | 000,030,724 | ---- | M] () -- C:\Documents and Settings\David Roberts\Application Data\wklnhst.dat
[2011/05/19 19:50:57 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\David Roberts\Desktop\Spybot - Search & Destroy.lnk
[2011/05/19 19:45:53 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\David Roberts\Desktop\spybotsd162.exe
[2011/05/18 23:22:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Roberts\Desktop\OTL.exe
[2011/05/16 21:55:57 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/05/16 21:52:16 | 007,866,472 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\David Roberts\Desktop\mseinstall.exe
[2011/05/16 19:47:46 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/05/16 01:07:01 | 000,326,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/16 00:50:28 | 010,234,024 | ---- | M] ( ) -- C:\Documents and Settings\David Roberts\Desktop\fwinstall.exe
[2011/05/16 00:35:36 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\David Roberts\Desktop\SpywareBlaster.lnk
[2011/05/16 00:34:36 | 003,194,296 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\David Roberts\Desktop\spywareblastersetup44.exe
[2011/05/15 14:55:28 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/14 11:26:24 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2011/05/14 09:18:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/14 09:01:46 | 000,441,772 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/14 09:01:46 | 000,071,708 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/12 23:15:58 | 000,004,624 | ---- | M] () -- C:\Documents and Settings\David Roberts\Desktop\attachtext.zip
[2011/05/11 21:00:30 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\David Roberts\Desktop\MBR.dat
[2011/05/11 20:59:06 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\David Roberts\Desktop\aswMBR.exe
[2011/05/11 20:58:15 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\David Roberts\Desktop\Regfix.reg
[2011/05/08 14:35:22 | 000,004,439 | ---- | M] () -- C:\Documents and Settings\David Roberts\Desktop\Attach Text.zip
[2011/05/08 13:48:56 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\David Roberts\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/05/08 13:48:25 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\David Roberts\Desktop\NTREGOPT.lnk
[2011/05/08 13:48:25 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\David Roberts\Desktop\ERUNT.lnk
[2011/05/08 13:46:39 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\David Roberts\Desktop\erunt-setup.exe
[2011/05/08 13:39:34 | 000,000,241 | ---- | M] () -- C:\Documents and Settings\David Roberts\Desktop\Safer-Networking Forums.url
[2011/05/07 17:34:03 | 000,005,007 | ---- | M] () -- C:\Documents and Settings\David Roberts\Desktop\AFC COLWYN AFC Colwyn Under 8s.url
[2011/05/06 19:03:49 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/05 19:30:39 | 000,668,800 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[5 C:\Documents and Settings\David Roberts\My Documents\*.tmp files -> C:\Documents and Settings\David Roberts\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/19 19:50:57 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\David Roberts\Desktop\Spybot - Search & Destroy.lnk
[2011/05/16 22:00:42 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/16 21:55:57 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/05/16 21:55:23 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/05/16 19:46:31 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/05/16 19:46:30 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/05/16 00:35:36 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\David Roberts\Desktop\SpywareBlaster.lnk
[2011/05/15 15:56:23 | 2137,509,888 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/14 11:26:24 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2011/05/13 01:05:43 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/13 01:05:33 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/12 23:15:58 | 000,004,624 | ---- | C] () -- C:\Documents and Settings\David Roberts\Desktop\attachtext.zip
[2011/05/11 21:00:30 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\David Roberts\Desktop\MBR.dat
[2011/05/11 20:58:15 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\David Roberts\Desktop\Regfix.reg
[2011/05/08 14:35:22 | 000,004,439 | ---- | C] () -- C:\Documents and Settings\David Roberts\Desktop\Attach Text.zip
[2011/05/08 13:48:56 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\David Roberts\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/05/08 13:48:25 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\David Roberts\Desktop\NTREGOPT.lnk
[2011/05/08 13:48:25 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\David Roberts\Desktop\ERUNT.lnk
[2011/05/08 13:39:34 | 000,000,241 | ---- | C] () -- C:\Documents and Settings\David Roberts\Desktop\Safer-Networking Forums.url
[2011/05/06 19:03:49 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/05 19:30:20 | 000,668,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2010/12/13 00:05:52 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/12 23:40:11 | 000,040,960 | R--- | C] () -- C:\WINDOWS\CleanDev.exe
[2010/12/12 18:55:22 | 000,200,704 | ---- | C] () -- C:\WINDOWS\sel3110.exe
[2010/12/12 18:55:22 | 000,032,528 | ---- | C] () -- C:\WINDOWS\amcap.exe
[2010/08/19 23:52:40 | 000,300,632 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/13 07:31:10 | 000,005,214 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/07/12 17:15:33 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/06 00:32:44 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Aqeyujek.dat
[2010/07/06 00:32:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Fcazogev.bin
[2009/12/28 14:38:00 | 000,062,732 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/09 03:08:10 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2009/11/09 03:08:10 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2009/11/09 03:08:10 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2009/11/09 03:08:10 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2009/10/19 23:29:22 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\David Roberts\Application Data\$_hpcst$.hpc
[2009/10/19 22:12:04 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/10/19 22:12:04 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/10/12 21:59:02 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\David Roberts\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/31 14:00:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2009/08/31 14:00:21 | 000,185,344 | ---- | C] () -- C:\WINDOWS\System32\MemWarp.dll
[2009/02/01 21:19:50 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/02/01 21:19:47 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2008/12/28 23:28:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/10/14 16:05:42 | 000,014,800 | ---- | C] () -- C:\WINDOWS\System32\IMSRCIta.dll
[2008/10/14 16:05:08 | 000,014,800 | ---- | C] () -- C:\WINDOWS\System32\IMSRCFra.dll
[2008/10/14 16:04:36 | 000,014,800 | ---- | C] () -- C:\WINDOWS\System32\IMSRCEsp.dll
[2008/10/14 16:04:02 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMSRCEng.dll
[2008/10/14 16:03:34 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMSRCDeu.dll
[2008/10/06 16:49:36 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2008/04/14 14:58:40 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/02/18 12:38:02 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/02/18 12:38:01 | 000,003,452 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008/01/28 22:35:48 | 000,125,392 | ---- | C] () -- C:\WINDOWS\bw6uinst.exe
[2007/12/30 01:41:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2007/12/30 01:38:45 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/02/15 23:54:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2007/02/09 12:05:59 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/11/18 00:01:10 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2006/10/12 00:14:55 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2006/09/10 18:16:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/16 22:27:17 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2006/05/01 21:16:51 | 000,000,283 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/03/11 21:31:47 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/02/04 18:37:49 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/01/24 19:08:29 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/01/14 23:13:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/01/08 21:46:24 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/01/08 01:27:33 | 000,030,724 | ---- | C] () -- C:\Documents and Settings\David Roberts\Application Data\wklnhst.dat
[2006/01/08 01:06:13 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2006/01/08 01:06:13 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2006/01/08 01:06:13 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2006/01/08 01:05:22 | 000,030,605 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006/01/08 01:05:22 | 000,027,030 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006/01/08 01:05:22 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/01/08 01:02:06 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX6600E.ini
[2005/11/23 05:00:00 | 000,778,240 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/08/12 22:57:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/08/04 09:08:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/04 09:08:14 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/04 09:08:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/04 09:08:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/04 09:08:14 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/04 09:08:14 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/08/04 08:54:54 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/07/01 12:47:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 14:16:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 14:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 14:10:30 | 000,441,772 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 14:10:30 | 000,071,708 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 14:10:08 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 14:02:54 | 000,326,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 13:57:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 13:54:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 09:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 09:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 09:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 09:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 09:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 09:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 09:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 09:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/13 20:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2002/05/28 09:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 09:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 634462 bytes -> C:\WINDOWS\System32\EPUSB1: (EPSON Stylus CX6600)
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >
 
Ken,
Yes, nothing found.
One problem is shutdown seems to take forever, resulting in having to power off. On startup it sometimes goes to the safe mode option screen.
Thanks
Dave
 
Lets do this as it may be a windows issue.

I would like you to post here, you can link them to this thread if you wish as all us forums work together, explain your problem, it may be just things in your start up are messing things up.


http://forums.whatthetech.com/index.php?showforum=119


I will leave this thread open for you for a few days , please post back and let me know what they said or did and if they still feel its malware we can dig deeper, keep in mind that we cleaned some nasty infections on this system and sometimes they could have left some damage.
 
You must log in or register to reply here.
Back
Top