Slow laptop - Infected?

Jellybeans27 · September 6, 2010

Hi all,

I made this thread earlier today, and have been referred to you guys for some help : http://extremetechsupport.com/forum/windows-vista/10427-slow-laptop-do-need-more-ram.html

With re to the thread, I have been using CCleaner for registry fixing, but have backed up the registry every single time.

Any help will be appreciated.

BeeCeeBee · September 6, 2010

Is there some reason why you started a new thread? Have you ever restored an older version of the registry?

Starbuck · September 6, 2010

Hi Jellybeans27

Please follow the steps below, it will eliminate certain problems and will give us an idea of what's left ( if anything)

Step 1

Download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Step 2

Please download Malwarebytes Anti-Malware and save it to your desktop.

Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
[*]Then click Finish.
[*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
[*]On the Scanner tab:
- Make sure the "Perform Full Scan" option is selected.
- Then click on the Scan button.
[*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
[*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
[*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
[*]Click OK to close the message box and continue with the removal process.
[*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
[*]Make sure that everything is checked, and click Remove Selected.
[*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
[*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
[*]Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Step 3

Download OTL to your desktop.
if you have problems, try this download link:
OTL
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check

.

http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png

netsvcs
msconfig
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
.
Click the Run Scan button.

http://img.photobucket.com/albums/v708/starbuck50/runscan.png
Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

In your next reply, please submit:

MBAM scan report

Both reports from OTL

Thanks.

Jellybeans27 · September 11, 2010

Starbuck, thanks very much for the help.

As you will see, some trojans were found. My startup time is now 3-4 mins which still seems quite slow, considering my friend's laptop is the same spec and has loads of games installed and boots up much quicker.

Please find the reports as follows:

Malwarebytes' Anti-Malware 1.46

Malwarebytes

Database version: 4571

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18943

08/09/2010 18:14:08

mbam-log-2010-09-08 (18-14-08).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 275231

Time elapsed: 2 hour(s), 1 minute(s), 18 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 18

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

------------------------------------------------------------------------------------------------------------------------------

OTL.txt

OTL logfile created on: 08/09/2010 18:18:44 - Run 1

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Becki\Downloads

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 238.00 Mb Available Physical Memory | 23.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 141.30 Gb Total Space | 67.05 Gb Free Space | 47.46% Space Free | Partition Type: NTFS

Drive D: | 7.75 Gb Total Space | 5.31 Gb Free Space | 68.47% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: BECKI

Current User Name: Becki

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Becki\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\MSK\msksrver.exe (McAfee, Inc.)

PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)

PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)

========== Modules (SafeList) ==========

MOD - C:\Users\Becki\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)

SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)

SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)

SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)

SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)

SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)

SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)

SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (Roxio UPnP Renderer 9) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)

SRV - (Roxio Upnp Server 9) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)

SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()

SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()

SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found

DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found

DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)

DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)

DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)

DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)

DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)

DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)

DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)

DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)

DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)

DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)

DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)

DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)

DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)

DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)

DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)

DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)

DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = myAOL | HP

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = myAOL | HP

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = myAOL | HP

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = myAOL | HP

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8

FF - prefs.js..keyword.URL: "http://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p="

FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/09/08 10:01:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/31 19:53:11 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/06 13:44:05 | 000,000,000 | ---D | M]

[2008/08/31 08:58:58 | 000,000,000 | ---D | M] -- C:\Users\Becki\AppData\Roaming\Mozilla\Extensions

[2010/09/08 15:41:34 | 000,000,000 | ---D | M] -- C:\Users\Becki\AppData\Roaming\Mozilla\Firefox\Profiles\lg6qn2ro.default\extensions

[2009/09/04 22:04:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Becki\AppData\Roaming\Mozilla\Firefox\Profiles\lg6qn2ro.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/01/02 17:28:28 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Becki\AppData\Roaming\Mozilla\Firefox\Profiles\lg6qn2ro.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/08/15 08:36:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/08/15 08:36:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/08/25 18:56:11 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/08/25 18:56:12 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/08/25 18:56:12 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/08/25 18:56:12 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Becki\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Becki\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/08/18 19:59:11 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2005/09/11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^Becki^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk - C:\PROGRA~1\BBCIPL~1\BBCIPL~1.EXE - File not found

MsConfig - StartUpReg: AVG8_TRAY - hkey= - key= - C:\PROGRA~1\AVG\AVG8\avgtray.exe File not found

MsConfig - StartUpReg: BlackBerryAutoUpdate - hkey= - key= - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)

MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

MsConfig - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/09/08 16:09:04 | 000,000,000 | ---D | C] -- C:\Users\Becki\AppData\Roaming\Malwarebytes

[2010/09/08 16:08:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/09/08 16:08:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/09/08 16:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/09/08 16:08:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/09/08 10:22:54 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2010/09/08 10:22:51 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2010/09/06 22:47:08 | 000,000,000 | ---D | C] -- C:\Users\Becki\AppData\Local\VS Revo Group

[2010/09/06 22:46:42 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys

[2010/09/06 22:46:40 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2010/09/06 17:15:43 | 000,000,000 | ---D | C] -- C:\Temp

[2010/09/06 15:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SiteAdvisor

[2010/09/06 15:18:17 | 000,040,552 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfesmfk.sys

[2010/09/06 15:18:16 | 000,079,816 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys

[2010/09/06 15:18:16 | 000,035,272 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys

[2010/09/06 15:18:08 | 000,130,424 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\Mpfp.sys

[2010/09/06 15:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee

[2010/09/06 15:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com

[2010/09/06 15:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee

[2010/09/06 15:11:09 | 000,034,248 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys

[2010/09/06 14:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2010/09/06 13:40:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/09/06 13:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro

[2010/09/06 13:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5

[2010/09/06 10:01:54 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2010/09/06 10:01:53 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2010/09/06 10:01:52 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2010/09/06 10:01:52 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010/09/06 10:01:52 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2010/09/06 10:01:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2010/09/06 10:01:51 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010/09/06 10:01:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2010/09/06 10:01:49 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2010/09/06 10:01:48 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2010/09/06 10:01:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2010/09/06 10:01:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2010/09/06 10:01:47 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2010/09/06 10:01:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2010/09/06 10:01:46 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2010/09/06 09:59:31 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2010/09/06 09:59:31 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll

[2010/09/06 09:59:31 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2010/09/06 09:59:30 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2010/09/06 09:59:30 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll

[2010/09/06 09:59:30 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2010/09/06 09:59:30 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll

[2010/09/06 09:59:29 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2010/09/06 09:59:29 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2010/09/06 09:59:29 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2010/09/06 09:59:29 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2010/09/06 09:59:29 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2010/09/06 09:59:28 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe

[2010/09/06 09:59:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll

[2010/09/06 09:59:28 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2010/09/06 09:59:28 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2010/09/06 09:59:27 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2010/09/06 09:59:27 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2010/09/06 09:59:26 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2010/09/06 09:59:26 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2010/09/06 09:59:25 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2010/09/06 09:59:25 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe

[2010/09/06 09:59:25 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2010/09/06 09:59:25 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2010/09/06 09:59:25 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe

[2010/09/06 09:52:54 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll

[2010/09/06 09:52:53 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll

[2010/09/06 09:52:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll

[2010/09/06 09:52:49 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll

[2010/09/06 09:52:49 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll

[2010/09/06 09:52:49 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll

[2010/09/06 09:52:49 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll

[2010/09/06 09:52:48 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll

[2010/09/06 09:52:48 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll

[2010/09/06 09:52:48 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll

[2010/09/06 09:52:47 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll

[2010/09/06 09:52:47 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll

[2010/09/06 09:52:47 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll

[2010/09/06 09:52:47 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll

[2010/09/06 09:52:47 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll

[2010/09/06 09:52:47 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll

[2010/09/06 09:52:47 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll

[2010/09/06 09:52:46 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll

[2010/09/06 09:52:45 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll

[2010/09/06 09:52:45 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll

[2010/09/06 09:52:45 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll

[2010/09/06 09:52:45 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll

[2010/09/06 09:52:44 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll

[2010/09/06 09:52:44 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll

[2010/09/06 09:48:44 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax

[2010/09/06 09:48:44 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax

[2010/09/06 09:48:36 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll

[2010/09/06 09:48:34 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll

[2010/09/06 09:48:34 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax

[2010/09/06 09:46:37 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll

[2010/09/06 09:46:36 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe

[2010/09/06 09:46:36 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

[2010/09/06 09:40:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010/09/06 09:40:07 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll

[2010/09/06 09:37:51 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2010/09/06 09:37:50 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2010/09/06 09:37:43 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2010/09/06 09:37:42 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2010/09/06 09:37:31 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2010/09/06 09:37:30 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2010/09/06 09:37:13 | 002,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010/09/06 09:37:04 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll

[2010/09/06 09:37:00 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll

[2010/09/06 09:36:55 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll

[2010/09/06 09:36:55 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll

[2010/09/06 09:36:43 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll

[2010/09/06 09:36:40 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll

[2010/09/06 09:34:18 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2010/09/06 09:33:09 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll

[2010/09/06 09:33:09 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx

[2010/09/06 09:33:09 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe

[2010/09/06 08:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/09/06 08:49:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/08/31 19:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2010/08/21 16:23:30 | 000,000,000 | ---D | C] -- C:\PerfLogs

[2010/08/21 15:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX

[2010/08/15 08:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2010/08/15 08:36:32 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2010/08/15 08:36:32 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010/08/15 08:36:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010/08/15 08:36:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010/08/14 13:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe

[2010/08/10 05:15:58 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx

[2010/08/10 05:15:58 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts

========== Files - Modified Within 30 Days ==========

[2010/09/08 18:26:02 | 003,407,872 | -HS- | M] () -- C:\Users\Becki\ntuser.dat

[2010/09/08 18:15:33 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\ysqgq.sys

[2010/09/08 17:59:25 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/09/08 17:59:25 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/09/08 16:50:28 | 000,027,335 | ---- | M] () -- C:\Users\Becki\AppData\Roaming\nvModes.001

[2010/09/08 16:08:53 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/09/08 16:06:01 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/09/08 16:06:01 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/09/08 16:06:01 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/09/08 16:02:37 | 000,000,148 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini

[2010/09/08 16:02:19 | 000,008,988 | ---- | M] () -- C:\Windows\System32\Config.MPF

[2010/09/08 15:59:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/09/08 15:59:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/09/08 15:58:53 | 1072,615,424 | -HS- | M] () -- C:\hiberfil.sys

[2010/09/08 15:57:49 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2010/09/08 15:57:21 | 000,524,288 | -HS- | M] () -- C:\Users\Becki\ntuser.dat{5c0671e5-7d93-11dd-8479-001a6bf34e72}.TMContainer00000000000000000001.regtrans-ms

[2010/09/08 15:57:21 | 000,065,536 | -HS- | M] () -- C:\Users\Becki\ntuser.dat{5c0671e5-7d93-11dd-8479-001a6bf34e72}.TM.blf

[2010/09/08 12:04:36 | 001,887,318 | -H-- | M] () -- C:\Users\Becki\AppData\Local\IconCache.db

[2010/09/08 11:43:04 | 000,009,651 | ---- | M] () -- C:\Users\Becki\Documents\Calls and Texts.xlsx

[2010/09/07 10:47:54 | 000,001,388 | ---- | M] () -- C:\Users\Becki\Desktop\WILL-PC.lnk

[2010/09/07 10:02:03 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8B8CB6F0-4EA1-45EE-A456-92E6B5ABB9E5}.job

[2010/09/06 23:12:23 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job

[2010/09/06 23:12:23 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\McQcTask.job

[2010/09/06 22:46:49 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

[2010/09/06 15:22:39 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk

[2010/09/06 15:21:49 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\McAfee EasyNetwork.lnk

[2010/09/06 14:08:32 | 000,304,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/09/06 13:55:08 | 000,010,164 | ---- | M] () -- C:\Users\Becki\Documents\McAfee Serial Number.docx

[2010/09/06 13:44:07 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk

[2010/09/06 13:18:20 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2010/09/06 13:05:11 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk

[2010/09/06 08:51:03 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/08/31 20:16:11 | 000,027,335 | ---- | M] () -- C:\Users\Becki\AppData\Roaming\nvModes.dat

[2010/08/31 19:53:00 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010/08/31 19:49:44 | 000,001,394 | ---- | M] () -- C:\Users\Becki\Desktop\DivX Movies.lnk

[2010/08/31 19:49:11 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk

[2010/08/25 20:00:37 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

[2010/08/24 22:53:35 | 000,010,367 | ---- | M] () -- C:\Users\Becki\Documents\Camping Weekend.xlsx

[2010/08/21 16:46:36 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest

[2010/08/21 15:57:10 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll

[2010/08/21 15:56:57 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll

[2010/08/21 15:24:26 | 000,059,904 | ---- | M] () -- C:\Users\Becki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/08/21 15:21:16 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk

[2010/08/21 15:15:02 | 000,001,597 | ---- | M] () -- C:\Users\Becki\Desktop\Bluetooth File Transfer Wizard.lnk

[2010/08/14 19:30:22 | 003,261,762 | ---- | M] () -- C:\Users\Becki\Documents\System Info.nfo

[2010/08/14 14:16:29 | 003,902,766 | ---- | M] () -- C:\Users\Becki\Documents\HP Guie.pdf

[2010/08/14 14:11:36 | 000,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv9500 Notebook PC_Y5335KV_0U_QCNF7394K53_E445841-033_4A_I30DA_SQuanta_V85.26_F.32_T090303_WV3-0_L409_M1023_J160_7AMD_8F81_91.90_#071225_N10DE0450;14E44328_(GQ237EA#ABU)_XMOBILE_CN10_Z.MRK

[2010/08/14 13:55:23 | 000,000,804 | ---- | M] () -- C:\Users\Becki\Desktop\CCleaner.lnk

[2010/08/10 05:15:58 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx

[2010/08/10 05:15:58 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts

========== Files Created - No Company Name ==========

[2010/09/08 18:15:33 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\ysqgq.sys

[2010/09/08 16:08:53 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/09/08 11:43:02 | 000,009,651 | ---- | C] () -- C:\Users\Becki\Documents\Calls and Texts.xlsx

[2010/09/07 10:47:54 | 000,001,388 | ---- | C] () -- C:\Users\Becki\Desktop\WILL-PC.lnk

[2010/09/06 22:46:49 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

[2010/09/06 17:00:23 | 000,008,988 | ---- | C] () -- C:\Windows\System32\Config.MPF

[2010/09/06 15:22:39 | 000,000,811 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk

[2010/09/06 15:21:49 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\McAfee EasyNetwork.lnk

[2010/09/06 15:17:38 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\McDefragTask.job

[2010/09/06 15:17:35 | 000,000,318 | ---- | C] () -- C:\Windows\tasks\McQcTask.job

[2010/09/06 13:55:03 | 000,010,164 | ---- | C] () -- C:\Users\Becki\Documents\McAfee Serial Number.docx

[2010/09/06 13:44:07 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk

[2010/09/06 13:18:20 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2010/09/06 13:02:32 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk

[2010/09/06 10:01:48 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2010/09/06 09:52:54 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2010/09/06 09:52:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2010/09/06 09:52:47 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex

[2010/09/06 09:37:06 | 000,003,374 | ---- | C] () -- C:\Windows\System32\RacUR.xml

[2010/09/06 08:51:03 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/08/31 19:53:00 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010/08/31 19:49:11 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk

[2010/08/25 20:00:37 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

[2010/08/24 22:53:32 | 000,010,367 | ---- | C] () -- C:\Users\Becki\Documents\Camping Weekend.xlsx

[2010/08/21 15:23:59 | 000,001,394 | ---- | C] () -- C:\Users\Becki\Desktop\DivX Movies.lnk

[2010/08/21 15:21:16 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk

[2010/08/21 15:15:02 | 000,001,597 | ---- | C] () -- C:\Users\Becki\Desktop\Bluetooth File Transfer Wizard.lnk

[2010/08/14 19:30:13 | 003,261,762 | ---- | C] () -- C:\Users\Becki\Documents\System Info.nfo

[2010/08/14 14:16:24 | 003,902,766 | ---- | C] () -- C:\Users\Becki\Documents\HP Guie.pdf

[2010/08/14 14:11:36 | 000,000,000 | RHS- | C] () -- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv9500 Notebook PC_Y5335KV_0U_QCNF7394K53_E445841-033_4A_I30DA_SQuanta_V85.26_F.32_T090303_WV3-0_L409_M1023_J160_7AMD_8F81_91.90_#071225_N10DE0450;14E44328_(GQ237EA#ABU)_XMOBILE_CN10_Z.MRK

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2008/12/28 16:53:06 | 000,007,237 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini

[2008/01/21 12:18:07 | 000,021,871 | ---- | C] () -- C:\Users\Becki\AppData\Roaming\UserTile.png

[2007/12/26 10:51:38 | 000,027,335 | ---- | C] () -- C:\Users\Becki\AppData\Roaming\nvModes.001

[2007/12/26 10:51:36 | 000,027,335 | ---- | C] () -- C:\Users\Becki\AppData\Roaming\nvModes.dat

[2007/12/25 19:23:08 | 000,059,904 | ---- | C] () -- C:\Users\Becki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/12/25 12:23:36 | 000,000,680 | ---- | C] () -- C:\Users\Becki\AppData\Local\d3d9caps.dat

[2007/12/25 12:09:30 | 000,000,000 | ---- | C] () -- C:\Users\Becki\AppData\Local\QSwitch.txt

[2007/12/25 12:09:30 | 000,000,000 | ---- | C] () -- C:\Users\Becki\AppData\Local\DSwitch.txt

[2007/12/25 12:09:30 | 000,000,000 | ---- | C] () -- C:\Users\Becki\AppData\Local\AtStart.txt

[2007/08/18 19:52:21 | 000,001,321 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2007/03/29 13:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll

[2007/02/27 21:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006/12/14 07:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006/12/14 07:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/03/10 01:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2005/05/07 13:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/11/27 22:02:40 | 000,000,000 | ---D | M] -- C:\Users\Becki\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2008/12/25 22:31:43 | 000,000,000 | ---D | M] -- C:\Users\Becki\AppData\Roaming\GARMIN

[2009/06/10 15:49:38 | 000,000,000 | ---D | M] -- C:\Users\Becki\AppData\Roaming\LimeWire

[2008/01/21 12:18:06 | 000,000,000 | ---D | M] -- C:\Users\Becki\AppData\Roaming\PeerNetworking

[2009/06/10 16:13:13 | 000,000,000 | ---D | M] -- C:\Users\Becki\AppData\Roaming\Research In Motion

[2010/09/06 23:12:23 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job

[2010/09/06 23:12:23 | 000,000,318 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job

[2010/09/08 15:57:45 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2010/09/07 10:02:03 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8B8CB6F0-4EA1-45EE-A456-92E6B5ABB9E5}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2007/08/18 20:06:20 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys

[2007/08/18 20:06:21 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys

[2007/08/18 20:06:21 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys

[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys

[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >

[2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys

[2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2008/02/13 09:59:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys

[2008/02/13 09:59:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys

[2008/02/13 09:59:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >

[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >

[2008/01/19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008/01/19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys

[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >

[2006/11/02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

[2008/01/19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll

[2008/01/19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >

[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys

[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008/01/19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008/01/19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >

[2008/01/19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll

[2008/01/19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2006/11/02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2009/03/08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll

[2009/03/08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

[2008/01/19 08:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll

[2008/01/19 08:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >

------------------------------------------------------------------------------------------------------------------------------

Jellybeans27 · September 11, 2010

Extras.txt

OTL Extras logfile created on: 08/09/2010 18:18:44 - Run 1

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Becki\Downloads

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 238.00 Mb Available Physical Memory | 23.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 141.30 Gb Total Space | 67.05 Gb Free Space | 47.46% Space Free | Partition Type: NTFS

Drive D: | 7.75 Gb Total Space | 5.31 Gb Free Space | 68.47% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: BECKI

Current User Name: Becki

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02B33B60-5BC3-4347-83C1-1D89AC4539A2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{04B0274E-7DFB-4770-935F-9E6E7372094B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{06DC3B2D-3C24-481B-B7FC-5CBF87B79316}" = lport=137 | protocol=17 | dir=in | app=system |

"{1A5C9FD3-9FD8-4B7E-829E-F22F737D6370}" = lport=2869 | protocol=6 | dir=in | app=system |

"{256AF1AC-A720-46BD-8708-B07E4F88D7C3}" = lport=10244 | protocol=6 | dir=in | app=system |

"{2CA97E12-D260-47F6-95EA-A087A753ED5D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |

"{33B333AC-8ABB-4164-8C36-E7D3B828519D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{38307167-7D1D-4637-BAAC-DE619FD85137}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{394139A9-057D-4398-BCD0-547AC1B60DC4}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |

"{3CD1A8F9-9649-4AE3-A952-806275679A6D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |

"{4C194B1A-98D7-40A4-B4B8-9782DBB35E1D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |

"{4F515DB3-F3C2-4B3B-89D1-6A1B6680AF26}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{593DDFD2-DB77-4A50-A024-DB5328E11D79}" = rport=139 | protocol=6 | dir=out | app=system |

"{60FB2ACE-14F2-42BD-B097-C7704FAA8906}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{64BA58D5-EBB1-4410-8692-EABC218F8BCC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{758503C4-8341-40F5-A398-1CAD3BE2ED3D}" = rport=445 | protocol=6 | dir=out | app=system |

"{7E706499-2F40-440F-B9CA-1C5C80A2EF62}" = rport=137 | protocol=17 | dir=out | app=system |

"{8629DCC6-9A96-4FE9-8B4D-84976293E6FB}" = lport=2869 | protocol=6 | dir=in | app=system |

"{8CB81E7C-0837-4DF9-8F8D-35111E153DCC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |

"{9D35247D-15BE-43C5-84FD-94389BA47927}" = lport=2869 | protocol=6 | dir=in | app=system |

"{9E47EE8C-1E09-4D19-B70E-ABE3A51E2ECA}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A7DBC4AB-F81E-437D-A16D-B6417D2AAF18}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |

"{AAA1DDBC-1416-4D33-A8B3-1843BC005991}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{B12775B4-7ED4-4952-906F-CF275CD35D8E}" = rport=138 | protocol=17 | dir=out | app=system |

"{B3D67CFD-E15A-4BBF-BD7E-DD8874312DD2}" = lport=2869 | protocol=6 | dir=in | app=system |

"{B5119340-3B76-4564-9A09-39B23139D3B8}" = lport=3390 | protocol=6 | dir=in | app=system |

"{C2D5219B-3D86-4CB1-936D-399F8F966D7B}" = rport=10244 | protocol=6 | dir=out | app=system |

"{C33B7D36-E283-411E-9FF0-8866CCB2827C}" = lport=139 | protocol=6 | dir=in | app=system |

"{C3A49EDA-E10B-41EE-99DA-7B8BAFEC9235}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{C53510F6-5AA3-413D-93ED-B7745557C797}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{CABB8E8D-5C75-4E3D-82E9-CD06050CCA09}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{CB842B0F-15D2-461D-BEEE-6C934FAA1445}" = lport=2869 | protocol=6 | dir=in | app=system |

"{D69CC9D5-82DF-4A1C-BF8A-DE8BF307926D}" = lport=138 | protocol=17 | dir=in | app=system |

"{D7AF8924-82DC-4965-9FC9-E87D6B344958}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E0635F78-4750-4D53-81BD-53C76315D4DD}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E75218A0-230E-471B-9585-B0F21E878FB2}" = lport=445 | protocol=6 | dir=in | app=system |

"{FD86C274-F465-464C-9275-E9C86C01D356}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{06E9FF61-79E9-4B23-8615-6BF39E87B2E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{18B87A82-DB1E-433A-812E-3B63F0664D14}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |

"{1BECF5B2-3A6A-480E-B743-8715865BC13A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{2A4C139A-E6F8-4098-9B22-F4D682C9990A}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |

"{3ED02C98-05D5-42EB-A18B-DE239DBA4E77}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{3FD74E8E-9A7B-4ECD-8CAC-3CA2832ABDD9}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{40973AE6-3AA7-4CFE-8718-4747C04CC111}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{41FFC188-FA9F-4E5D-BA7F-1CD3F5A57686}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{489B7160-0D8C-4FC8-8C5F-2E3D38FBD728}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{556A25D0-BDFB-4F3A-856C-E026710DBAB9}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{629377DC-D7BD-4754-B462-4C4ADF8415E9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{64D39CA0-A62B-4593-AB3B-3333655B1EFE}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |

"{65F960AD-F650-4905-99E3-6B8E07876FA4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{698ECC8F-B149-4AB2-9F48-FC00AE0DC083}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{6C34D256-141E-4D83-BE37-3FD9FE334550}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{6C825DBF-8153-4227-A9BE-8E9016BAC6DF}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |

"{6E29F356-D745-481F-A6EC-8B07C70FB376}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{78E0DA89-EEC6-4F51-8F5A-0F9995B11D22}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{86B6B116-E31D-4004-B591-7193DDA53F37}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{882A3AAE-9D8D-459A-AD0D-0B58CC7CD7B5}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

"{8E1D94D7-DE21-408E-8166-5593497E6C39}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{8E6820D7-CD0B-469E-9046-4B618ECAD328}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{8ED69574-CE17-4509-AE4D-54C17712DEDF}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |

"{A1BCBF1F-5C8B-4B5A-8F0A-AB1B42A9E37F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{A4BC2DD3-8889-4F95-B25C-5BC1A3320540}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{A88D3AE4-734B-4DCE-83F4-C9DDA1587FD0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{B393D83C-8667-4D36-95C2-1879F9F01A3B}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |

"{B398ECB8-1833-4D51-BE3D-0E53948B3A8D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{BDF898C7-3469-4D61-8976-B3130AB9E363}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |

"{C64D8098-35FA-46D4-B315-56ECE6D599CE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{C9F777AB-6767-4FD9-A14B-536A796AD831}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{DD0A2198-5971-4F24-A138-FB75FA6C3D74}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{E0B153FB-23E6-4DC7-8358-894E87C829DC}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{EAC7E041-442C-4729-A272-D01ACA6ED23E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{ECEF5437-3AD7-49BE-A2B2-189634CC56BE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{F6D0F8B5-9922-4105-8F23-1A9FADF8DC5A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{FD23CFF9-CC2E-404A-82FD-0A5699D33121}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |

"TCP Query User{001766AF-1488-47B8-9881-91D54FC1C4A1}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"TCP Query User{3E60296F-AAC3-4FF4-B5DA-208BDA07A41C}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |

"TCP Query User{4290467F-D8F0-41F1-924D-F6CEA84518BA}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

"TCP Query User{CF32E611-314D-4923-894E-4346117BDCF9}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

"UDP Query User{6A2A33FA-FAFC-44D9-9EB8-F2EFBCFDD123}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

"UDP Query User{717B0B30-9D49-4858-89B2-23E6E2C3EA7C}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"UDP Query User{E6E89160-A854-4609-8C02-3A9CBAF58397}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

"UDP Query User{EFD23686-4ED0-46B5-8795-F5212BA38369}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.4900

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 21

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1

"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel

"{5AB56552-6938-4686-9F87-DB0ED8D1E06B}" = HP User Guides 0056

"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library

"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.4.1

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9833D727-8FF5-40AE-A193-525747555FF1}" = BlackBerry Desktop Software 4.7

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements

"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3

"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8

"{AC93F461-132C-4A10-983D-7DAFE2917D67}" = Roxio Media Manager

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B720A76D-1274-4DBB-AA24-853DDDBEB9E1}" = ESU for Microsoft Vista

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9

"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant

"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime

"{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}" = Garmin Communicator Plugin

"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista

"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components

"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"BlackBerry_{9833D727-8FF5-40AE-A193-525747555FF1}" = BlackBerry Desktop Software 4.7

"CCleaner" = CCleaner

"CNXT_HDAUDIO" = Conexant HD Audio

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = HDAUDIO Soft Data Fax Modem with SmartCP

"DivX Setup.divx.com" = DivX Setup

"HitmanPro35" = Hitman Pro 3.5

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)

"MSC" = McAfee SecurityCenter

"NVIDIA Drivers" = NVIDIA Drivers

"SmartAudio" = SmartAudio

"SynTPDeinstKey" = Synaptics Pointing Device Driver

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 06/09/2010 17:52:50 | Computer Name = Becki-PC | Source = VSS | ID = 8194

Description =

Error - 06/09/2010 18:15:57 | Computer Name = Becki-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 07/09/2010 05:03:29 | Computer Name = Becki-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 07/09/2010 05:43:15 | Computer Name = Becki-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 08/09/2010 07:04:22 | Computer Name = Becki | Source = Windows Search Service | ID = 3013

Description =

Error - 08/09/2010 07:04:22 | Computer Name = Becki | Source = Windows Search Service | ID = 3013

Description =

Error - 08/09/2010 11:13:10 | Computer Name = Becki | Source = Windows Search Service | ID = 3013

Description =

Error - 08/09/2010 11:13:10 | Computer Name = Becki | Source = Windows Search Service | ID = 3013

Description =

Error - 08/09/2010 11:15:41 | Computer Name = Becki | Source = Windows Search Service | ID = 3013

Description =

Error - 08/09/2010 11:15:41 | Computer Name = Becki | Source = Windows Search Service | ID = 3013

Description =

[ Media Center Events ]

Error - 26/05/2008 07:22:25 | Computer Name = Becki-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ System Events ]

Error - 08/09/2010 10:35:14 | Computer Name = Becki | Source = Service Control Manager | ID = 7009

Description =

Error - 08/09/2010 10:36:23 | Computer Name = Becki | Source = Service Control Manager | ID = 7022

Description =

Error - 08/09/2010 10:36:23 | Computer Name = Becki | Source = Service Control Manager | ID = 7001

Description =

Error - 08/09/2010 10:56:08 | Computer Name = Becki | Source = Service Control Manager | ID = 7031

Description =

Error - 08/09/2010 10:59:23 | Computer Name = Becki | Source = HTTP | ID = 15016

Description =

Error - 08/09/2010 10:59:23 | Computer Name = Becki | Source = Microsoft-Windows-TaskScheduler | ID = 412

Description =

Error - 08/09/2010 11:00:37 | Computer Name = Becki | Source = Service Control Manager | ID = 7000

Description =

Error - 08/09/2010 11:00:37 | Computer Name = Becki | Source = Service Control Manager | ID = 7009

Description =

Error - 08/09/2010 11:01:28 | Computer Name = Becki | Source = Service Control Manager | ID = 7022

Description =

Error - 08/09/2010 11:01:29 | Computer Name = Becki | Source = Service Control Manager | ID = 7001

Description =

< End of report >

Starbuck · September 12, 2010

Hi Jellybeans27,

My startup time is now 3-4 mins which still seems quite slow,

I see you only have 1gb of Ram installed:

1,022.00 Mb Total Physical Memory

This is the bare minimum for running Vista.

1.5gb - 2gb would make a big difference.

Let's cleanup a few entries, check out one and then find out if there's any other traces of Vundo left.

Step 1

Please remove the few items from your add/remove.

Java SE Runtime Environment 6

Java 6 Update 5

Old versions of Java which should have been removed when updating.

Do not remove:

Java 6 Update 21

LiveUpdate 3.2 (Symantec Corporation)

Not needed as there are no Symantec/Norton products in your list.

Reboot the system when these items have been removed.

Step 2

Let's check a file on your system:

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Windows\System32\drivers\ysqgq.sys

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: VirusTotal - Free Online Virus, Malware and URL Scanner

Step 3

Double click on OTL.exe to run it.

Copy the lines in the codebox below. (make sure that :Otl is on the first line )

:Otl
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
MsConfig - StartUpFolder: C:^Users^Becki^AppData^Roaming^Microsoft^Windows^S tart Menu^Programs^Startup^BBC iPlayer Desktop.lnk - C:\PROGRA~1\BBCIPL~1\BBCIPL~1.EXE - File not found
MsConfig - StartUpReg: AVG8_TRAY - hkey= - key= - C:\PROGRA~1\AVG\AVG8\avgtray.exe File not found

:commands
[emptytemp]
[purity]
[RESETHOSTS]
[EMPTYFLASH]

Return to OTL,
right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
Click the red Run Fix button.

http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png
OTL will reboot your system once the fix has completed.
After the reboot, you may need to double click OTL to launch the program and retrieve the log.

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:

C:\_OTL\MovedFiles

Step 4

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1

Link 2

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

This is an example, you may rename ComboFix to anything you want.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
For more information read:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Then:

Double click on Combo-Fix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If running Vista, you may not see this screen
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

http://img.photobucket.com/albums/v708/starbuck50/cf1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png

Click on Yes, to continue scanning for malware.

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

In your next reply, please submit:

Jotti report

OTL fix report

Combofix.txt

Thanks.

Jellybeans27 · September 14, 2010

Starbuck,

I will indeed upgrade to 2GB RAM, I would go higher but I think this laptop has a max. of 2GB.

Completed Step 1.

However, for Step 2, I could not find a file named 'ysqgq.sys' in the folder you specified, or anywhere else, so could not do a scan.

Step 3:

All processes killed

========== OTL ==========

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

C:\Windows\Downloaded Program Files\erma.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\AVG8_TRAY\ deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Becki

->Temp folder emptied: 34102 bytes

->Temporary Internet Files folder emptied: 201583 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 34968805 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 595 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Guest

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 4096 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 34.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Becki

->Flash cache emptied: 0 bytes

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Guest

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.11.0 log created on 09142010_215812

Files\Folders moved on Reboot...

C:\Users\Becki\AppData\Local\Temp\ehmsas.txt moved successfully.

File\Folder C:\Windows\temp\mcmsc_cfMcc7SashjaXAu not found!

File\Folder C:\Windows\temp\mcmsc_UIuUaZKHktqL1pI not found!

File\Folder C:\Windows\temp\sqlite_4bs0gbsJcp1st43 not found!

File\Folder C:\Windows\temp\sqlite_5QQYlQYcpoAehB9 not found!

C:\Windows\temp\sqlite_9hKbwm7PLfgT0M3 moved successfully.

File\Folder C:\Windows\temp\sqlite_aX06bkz6C0IHbwO not found!

File\Folder C:\Windows\temp\sqlite_cklrc5HTMa7pGz3 not found!

C:\Windows\temp\sqlite_NF0IqFtpyoAGUsO moved successfully.

C:\Windows\temp\sqlite_QDBGHDsdacUVRAa moved successfully.

Registry entries deleted on Reboot...

Step 4:

ComboFix 10-09-14.01 - Becki 14/09/2010 22:17:25.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1022.257 [GMT 1:00]

Running from: c:\users\Becki\Downloads\Combo100.exe

SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2010-08-14 to 2010-09-14 )))))))))))))))))))))))))))))))

.

2010-09-14 21:31 . 2010-09-14 21:31 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-09-12 19:10 . 2010-09-12 19:10 -------- d-----w- c:\program files\Windows Portable Devices

2010-09-12 18:46 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll

2010-09-12 18:46 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll

2010-09-12 18:46 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2010-09-12 18:44 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe

2010-09-12 18:41 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2010-09-12 18:41 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2010-09-12 18:41 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll

2010-09-11 10:20 . 2010-09-11 10:22 -------- d-----w- c:\windows\system32\ca-ES

2010-09-11 10:20 . 2010-09-11 10:21 -------- d-----w- c:\windows\system32\eu-ES

2010-09-11 10:20 . 2010-09-11 10:21 -------- d-----w- c:\windows\system32\vi-VN

2010-09-11 08:50 . 2010-09-11 08:50 -------- d-----w- c:\windows\system32\EventProviders

2010-09-11 08:44 . 2009-04-11 06:28 1077248 ----a-w- c:\windows\system32\vssapi.dll

2010-09-11 08:43 . 2009-04-11 06:28 107008 ----a-w- c:\windows\system32\regsvc.dll

2010-09-11 08:42 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll

2010-09-11 08:42 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll

2010-09-11 08:42 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll

2010-09-11 08:42 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll

2010-09-11 08:42 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll

2010-09-11 08:42 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll

2010-09-11 08:42 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll

2010-09-11 08:42 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll

2010-09-11 08:42 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll

2010-09-11 08:42 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe

2010-09-11 08:42 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll

2010-09-11 07:55 . 2010-09-11 07:55 -------- d-----w- c:\windows\system32\URTTEMP

2010-09-08 19:48 . 2010-09-08 19:48 -------- d-----w- C:\_OTL

2010-09-08 15:09 . 2010-09-08 15:09 -------- d-----w- c:\users\Becki\AppData\Roaming\Malwarebytes

2010-09-08 15:08 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-08 15:08 . 2010-09-08 15:08 -------- d-----w- c:\programdata\Malwarebytes

2010-09-08 15:08 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-08 15:08 . 2010-09-08 15:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-08 09:22 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-09-06 21:47 . 2010-09-06 21:47 -------- d-----w- c:\users\Becki\AppData\Local\VS Revo Group

2010-09-06 21:46 . 2009-12-30 11:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys

2010-09-06 21:46 . 2010-09-06 21:46 -------- d-----w- c:\program files\VS Revo Group

2010-09-06 16:15 . 2010-09-06 16:58 -------- d-----w- C:\Temp

2010-09-06 14:22 . 2010-09-06 14:22 -------- d-----w- c:\programdata\SiteAdvisor

2010-09-06 14:18 . 2010-02-17 15:52 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys

2010-09-06 14:18 . 2010-02-17 15:52 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2010-09-06 14:18 . 2010-02-17 15:52 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2010-09-06 14:18 . 2010-07-15 14:18 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys

2010-09-06 14:17 . 2010-09-06 14:18 -------- d-----w- c:\program files\Common Files\McAfee

2010-09-06 14:17 . 2010-09-06 14:17 -------- d-----w- c:\program files\McAfee.com

2010-09-06 14:16 . 2010-09-14 19:45 -------- d-----w- c:\program files\McAfee

2010-09-06 14:11 . 2010-02-17 15:52 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys

2010-09-06 13:54 . 2010-09-06 17:19 -------- d-----w- c:\programdata\McAfee

2010-09-06 12:18 . 2010-09-06 12:18 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-09-06 12:02 . 2010-09-06 12:02 -------- d-----w- c:\programdata\Hitman Pro

2010-09-06 12:02 . 2010-09-06 12:02 -------- d-----w- c:\program files\Hitman Pro 3.5

2010-09-06 08:52 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin

2010-09-06 08:46 . 2009-11-08 09:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-09-06 08:46 . 2009-11-08 09:55 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-09-06 08:46 . 2009-11-08 09:55 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-09-06 08:46 . 2009-11-08 09:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-09-06 08:46 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-09-06 08:40 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll

2010-09-06 08:36 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll

2010-09-06 08:36 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll

2010-09-06 08:36 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys

2010-09-06 08:36 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-09-06 07:49 . 2010-09-06 07:49 -------- d-----w- c:\program files\iPod

2010-09-06 07:49 . 2010-09-06 07:50 -------- d-----w- c:\program files\iTunes

2010-08-31 18:52 . 2010-08-31 18:53 -------- d-----w- c:\program files\QuickTime

2010-08-21 15:23 . 2010-08-21 15:23 -------- d-----w- C:\PerfLogs

2010-08-21 14:15 . 2010-08-31 18:49 -------- d-----w- c:\programdata\DivX

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-14 21:00 . 2007-09-30 05:12 12 ----a-w- c:\windows\bthservsdp.dat

2010-09-14 20:13 . 2007-08-18 19:23 -------- d-----w- c:\program files\Java

2010-09-14 20:13 . 2007-08-18 19:23 -------- d-----w- c:\program files\Common Files\Java

2010-09-12 19:10 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2010-09-12 19:10 . 2010-09-12 19:10 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

2010-09-12 19:09 . 2010-09-12 19:09 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf

2010-09-12 18:34 . 2009-02-10 19:37 -------- d-----w- c:\program files\Microsoft.NET

2010-09-12 17:45 . 2009-05-14 09:08 -------- d-----w- c:\programdata\NVIDIA

2010-09-11 10:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar

2010-09-11 10:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-09-11 10:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar

2010-09-11 10:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal

2010-09-11 10:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration

2010-09-11 10:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery

2010-09-11 10:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender

2010-09-11 10:15 . 2010-09-11 10:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2010-09-08 17:14 . 2007-08-18 18:34 -------- d-----w- c:\program files\MSN Messenger

2010-09-06 22:03 . 2008-12-28 16:35 -------- d-----w- c:\program files\AVG

2010-09-06 12:43 . 2008-02-06 11:39 -------- d-----w- c:\program files\Common Files\Adobe

2010-09-06 07:49 . 2007-12-25 12:04 -------- d-----w- c:\program files\Common Files\Apple

2010-09-06 07:39 . 2010-09-06 07:39 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-08-31 19:16 . 2007-12-26 09:51 27335 ----a-w- c:\users\Becki\AppData\Roaming\nvModes.dat

2010-08-31 19:02 . 2010-08-21 14:24 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-08-31 18:49 . 2010-08-31 18:49 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-08-31 18:49 . 2009-10-16 21:00 -------- d-----w- c:\program files\DivX

2010-08-31 18:49 . 2010-08-31 18:49 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe

2010-08-31 18:49 . 2010-08-31 18:49 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe

2010-08-31 18:49 . 2010-08-31 18:49 57691 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe

2010-08-31 18:48 . 2010-08-31 18:48 84063 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe

2010-08-31 18:48 . 2010-08-31 18:48 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe

2010-08-31 18:43 . 2010-08-31 18:49 185640 ----a-w- c:\programdata\DivX\Setup\finishPlugin.dll

2010-08-31 18:43 . 2010-08-31 18:43 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-08-31 18:43 . 2010-08-21 14:24 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll

2010-08-31 18:43 . 2010-08-21 14:24 850200 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe

2010-08-25 19:00 . 2010-08-25 19:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2010-08-21 14:57 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll

2010-08-21 14:56 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll

2010-08-21 14:23 . 2009-10-16 21:00 -------- d-----w- c:\program files\Common Files\DivX Shared

2010-08-21 14:23 . 2009-10-16 21:01 -------- d-----w- c:\users\Becki\AppData\Roaming\DivX

2010-08-21 14:21 . 2009-06-10 14:46 -------- d-----w- c:\program files\Common Files\PX Storage Engine

2010-08-21 14:21 . 2010-08-21 14:21 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe

2010-08-21 14:21 . 2010-08-21 14:21 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe

2010-08-21 14:21 . 2010-08-21 14:21 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe

2010-08-21 14:21 . 2010-08-21 14:21 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe

2010-08-21 14:21 . 2010-08-21 14:21 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe

2010-08-21 14:21 . 2010-08-21 14:21 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe

2010-08-21 14:21 . 2010-08-21 14:21 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe

2010-08-21 14:20 . 2010-08-21 14:20 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe

2010-08-21 14:20 . 2010-08-21 14:20 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe

2010-08-21 14:20 . 2010-08-21 14:20 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe

2010-08-21 14:20 . 2010-08-21 14:20 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe

2010-08-21 14:20 . 2010-08-21 14:20 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe

2010-08-15 07:31 . 2007-08-18 18:39 -------- d-----w- c:\programdata\Microsoft Help

2010-08-14 14:17 . 2007-12-25 10:50 -------- d-----w- c:\users\Becki\AppData\Roaming\Hewlett-Packard

2010-08-14 13:13 . 2007-08-18 17:56 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-08-14 13:13 . 2009-06-11 20:36 -------- d-----w- c:\program files\Electronic Arts

2010-08-14 13:11 . 2010-08-14 13:11 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv9500 Notebook PC_Y5335KV_0U_QCNF7394K53_E445841-033_4A_I30DA_SQuanta_V85.26_F.32_T090303_WV3-0_L409_M1023_J160_7AMD_8F81_91.90_#071225_N10DE0450;14E44328_(GQ237EA#ABU)_XMOBILE_CN10_Z.MRK

2010-08-14 13:09 . 2007-08-18 17:53 -------- d-----w- c:\program files\Hewlett-Packard

2010-08-14 12:58 . 2010-08-14 12:58 -------- d-----w- c:\programdata\LightScribe

2010-08-14 12:55 . 2007-12-25 13:13 -------- d-----w- c:\program files\CCleaner

2010-07-17 04:00 . 2010-08-15 07:36 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-26 06:05 . 2010-09-06 09:01 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-26 06:02 . 2010-09-06 09:01 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-06-26 06:02 . 2010-09-06 09:01 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-06-26 04:25 . 2010-09-06 09:01 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-06-21 13:37 . 2010-09-06 08:37 2037760 ----a-w- c:\windows\system32\win32k.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]

"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-10 1218008]

"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^Users^Becki^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]

path=c:\users\Becki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk

backup=c:\windows\pss\BBC iPlayer Desktop.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]

2008-09-19 14:06 615696 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-08-20 19:45 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

2008-08-26 11:23 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

2010-06-02 c:\windows\Tasks\HPCeeScheduleForBecki.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-08-18 21:23]

2010-09-06 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-09-06 11:22]

2010-09-06 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-09-06 11:22]

2010-09-07 c:\windows\Tasks\User_Feed_Synchronization-{8B8CB6F0-4EA1-45EE-A456-92E6B5ABB9E5}.job

- c:\windows\system32\msfeedssync.exe [2010-09-06 04:24]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

FF - ProfilePath - c:\users\Becki\AppData\Roaming\Mozilla\Firefox\Profiles\lg6qn2ro.default\

FF - prefs.js: browser.startup.homepage - Google

FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p=

FF - prefs.js: network.proxy.type - 4

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-09-14 22:31

Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)