No start up menu or icons

[jamieboy]

Hi, When i turn my computer on i can log in ok,but when it starts up i only have a blank screen with my wallpaper and mouse.I can open task manager using ctrl alt delete,but any attempts to open anything else results in a error message.Any help or advice appreciated.Thanks,Jamie

[guestolo]

Are you still in need of a hand?

can open task manager using ctrl alt delete,but any attempts to open anything else results in a error message

Can you navigate thru Task manager and access any files?
What error message?

[jamieboy]

[quote name=\'guestolo\' post=\'464850\' date=\'Aug 22 2009, 05:54 PM\']Are you still in need of a hand?


Can you navigate thru Task manager and access any files?
What error message?[/quote]

Hi,
   Yes thanks,i still need help.I can navigate through task manager but with limited options.I get different error messages when trying different solutions to resolve the issue.One thing i have noticed is that explorer.exe is missing even in safe mode.

[guestolo]

What operating system do you have installed?
Are you able to do the following

download Malwarebytes' Anti-Malware from Here or Here
Save the installer to your C: folder
Navigate through the task manager to the location of the installer

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to [color=\"#006400\"]Update Malwarebytes' Anti-Malware[/color] and [color=\"#006400\"]Launch Malwarebytes' Anti-Malware[/color], then click Finish.
     
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
     
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
     
  
• Make sure that everything is checked, and click Remove Selected.
      * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
     
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply
  

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

[jamieboy]

I have windows xp installed but cannot access the internet.Even when i try to install anything via a memory stick,it either freezes or comes up with a error message.Even when i change the name of the install it still will not let me download.

[guestolo]

Even when i change the name of the install it still will not let me download.

Your USB Mem sticks may be infected
What do you mean you can't download? Are you posting this from another computer?
It could also be infected

[jamieboy]

yes i am using a friends computer,how can i check this is not infected as i have used the usb memory stick on both computers.

[guestolo]

I need to see at least one log from this computer
Do the following please
Download [color=\"#FF0000\"]OTL.exe[/color][/url] by OldTimer to your Desktop.

• Close all windows and double click OTL.exe.
• Click Run Scan and let the program run uninterrupted.
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.

[jamieboy]

Hi, Tried to run but get the error message "OTL.exe is not a valid win32 application"

[guestolo]

Are you able to run Malwarebytes Antimalware on this computer?
If so, post it's log

[jamieboy]

Malwarebytes' Anti-Malware 1.28
Database version: 1230
Windows 5.1.2600 Service Pack 2

28/08/2009 20:19:46
mbam-log-2009-08-28 (20-19-46).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 172720
Time elapsed: 5 hour(s), 32 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:

[guestolo]

That copy of Malwarebytes is way out of date, can you uninstall it from Add and Remove programs
download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to [color=\"#006400\"]Update Malwarebytes' Anti-Malware[/color] and [color=\"#006400\"]Launch Malwarebytes' Anti-Malware[/color], then click Finish.
     
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
     
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
     
  
• Make sure that everything is checked, and click Remove Selected.
      * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
     
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply
  

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

[jamieboy]

[quote name=\'guestolo\' post=\'465013\' date=\'Aug 29 2009, 03:57 PM\']That copy of Malwarebytes is way out of date, can you uninstall it from Add and Remove programs
download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to [color=\"#006400\"]Update Malwarebytes' Anti-Malware[/color] and [color=\"#006400\"]Launch Malwarebytes' Anti-Malware[/color], then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
      * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply
  

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.[/quote]

Malwarebytes' Anti-Malware 1.40
Database version: 2713
Windows 5.1.2600 Service Pack 2

29/08/2009 21:25:42
mbam-log-2009-08-29 (21-25-42).txt

Scan type: Quick Scan
Objects scanned: 121015
Time elapsed: 52 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{db893839-10f0-4af9-92fa-b23528f530af} (Dialer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ad7fafb0-16d6-40c3-af27-585d6e6453fd} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{288c5f13-7e52-4ada-a32e-f5bf9d125f99} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\bhookpl.dll (Backdoor.Agent) -> Quarantined and deleted successfully.

[guestolo]

On this computer you just ran Malwarebytes
Can you do the following:
Download [color=\"#FF0000\"]OTL.exe[/color][/url] by OldTimer to your Desktop.

• Close all windows and double click OTL.exe.
• Click Run Scan and let the program run uninterrupted.
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.

[jamieboy]

OTL logfile created on: 30/08/2009 13:03:26 - Run 1
OTL by OldTimer - Version 3.0.10.7     Folder = C:\Documents and Settings\TONY\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
509.98 Mb Total Physical Memory | 297.67 Mb Available Physical Memory | 58.37% Memory free
1.09 Gb Paging File | 0.84 Gb Available in Paging File | 76.82% Paging File free
Paging file location(s): C:\pagefile.sys 640 1152 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 10.05 Gb Free Space | 13.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ARMSTRONGFAMILY
Current User Name: TONY
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2007/09/05 13:09:38 | 00,293,104 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Broadband\PCguard\Fws.exe
PRC - [2005/04/30 16:02:26 | 00,086,016 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\bgsvcgen.exe
PRC - [2009/03/23 13:46:55 | 00,266,240 | ---- | M] () -- C:\WINDOWS\System32\CSHelper.exe
PRC - [2007/11/27 13:02:46 | 00,177,448 | R--- | M] (Authentium, Inc.) -- C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
PRC - [2006/12/19 12:45:16 | 00,280,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
PRC - [2009/03/09 04:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/04/28 06:23:28 | 00,414,984 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
PRC - [2008/04/28 06:23:36 | 00,738,568 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
PRC - [2007/06/13 10:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/09/05 13:10:02 | 00,310,000 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Broadband\PCguard\Rps.exe
PRC - [2002/07/23 11:09:48 | 00,477,184 | ---- | M] (Chicony) -- C:\WINDOWS\mHotkey.exe
PRC - [2007/08/07 17:49:30 | 02,061,552 | ---- | M] (Virgin Broadband) -- C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
PRC - [2008/04/16 09:28:11 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/06/21 15:48:18 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
PRC - [2005/06/21 15:44:34 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2009/03/09 04:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2007/08/07 17:49:30 | 00,292,080 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
PRC - [2008/09/29 09:48:56 | 00,099,056 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
PRC - [2008/04/15 08:46:01 | 00,661,776 | -H-- | M] (IVT Corporation.) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe
PRC - [2009/08/30 13:02:48 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TONY\Desktop\OTL.exe
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/04/30 16:02:26 | 00,086,016 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen [Auto | Running])
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/03/23 13:46:55 | 00,266,240 | ---- | M] () -- C:\WINDOWS\System32\CSHelper.exe -- (CSHelper [Auto | Running])
SRV - [2007/11/27 13:02:46 | 00,177,448 | R--- | M] (Authentium, Inc.) -- C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe -- (dvpapi [Auto | Running])
SRV - [2002/07/17 01:03:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2 [On_Demand | Stopped])
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004/08/03 23:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/01/15 03:22:44 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2006/12/19 12:45:16 | 00,280,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC [Auto | Running])
SRV - [2009/03/09 04:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/04/28 06:23:28 | 00,414,984 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent [Auto | Running])
SRV - [2008/04/28 06:23:36 | 00,738,568 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine [On_Demand | Running])
SRV - [2004/03/18 16:55:48 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2008/09/29 09:48:56 | 00,099,056 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe -- (RPSUpdaterR [On_Demand | Running])
SRV - [2007/09/05 13:09:38 | 00,293,104 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Broadband\PCguard\Fws.exe -- (RP_FWS [Auto | Running])
SRV - [2004/08/03 23:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr [Auto | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
 
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2002/06/29 23:05:00 | 00,654,508 | ---- | M] (Avance Logic, Inc.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2007/05/11 02:10:50 | 00,034,704 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\DRIVERS\blueletaudio.sys -- (BlueletAudio [On_Demand | Running])
DRV - [2007/03/05 05:00:04 | 00,027,792 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio [On_Demand | Running])
DRV - [2007/03/05 04:59:04 | 00,018,320 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\DRIVERS\btnetdrv.sys -- (BT [On_Demand | Running])
DRV - [2007/05/09 00:59:40 | 00,036,496 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\btcusb.sys -- (Btcsrusb [On_Demand | Stopped])
DRV - [2007/03/05 04:55:12 | 00,020,880 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\vbtenum.sys -- (BTHidEnum [Boot | Running])
DRV - [2007/03/05 04:56:18 | 00,035,600 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr [Boot | Running])
DRV - [2006/11/21 21:41:18 | 00,022,416 | ---- | M] (IVT Corporation.) -- C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys -- (BTNetFilter [On_Demand | Stopped])
DRV - [2007/11/26 15:33:52 | 00,835,792 | ---- | M] (Authentium, Inc) -- C:\WINDOWS\System32\DRIVERS\css-dvp.sys -- (CSS DVP [Auto | Running])
DRV - [2004/04/06 13:08:06 | 00,100,957 | ---- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\emDevice.sys -- (DCamUSBEMPIA [On_Demand | Stopped])
DRV - [2008/04/25 05:38:22 | 00,071,184 | ---- | M] (Raxco Software, Inc.) -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS [Boot | Running])
DRV - [2004/05/05 12:40:38 | 00,019,584 | ---- | M] (Pinnacle Systems, Inc.) -- C:\WINDOWS\System32\drivers\emAudio.sys -- (emAudio [On_Demand | Stopped])
DRV - [2004/04/06 13:07:58 | 00,005,245 | ---- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\emFilter.sys -- (FiltUSBEMPIA [On_Demand | Stopped])
DRV - [2004/08/03 22:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2006/09/19 15:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2001/11/08 08:53:54 | 00,018,120 | R--- | M] (   ) -- C:\WINDOWS\System32\Drivers\gt680x.sys -- (GT680x [On_Demand | Stopped])
DRV - [2004/03/18 09:52:00 | 00,051,088 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2004/03/18 09:52:00 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2004/03/18 09:51:00 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2002/02/13 18:27:30 | 00,166,419 | ---- | M] (Conexant Systems) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2002/02/13 18:26:54 | 01,171,584 | ---- | M] (Conexant Systems) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2005/06/21 16:12:34 | 00,807,998 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2001/10/22 21:46:42 | 00,009,855 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/17 14:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
DRV - [2002/06/17 13:09:56 | 00,014,604 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys -- (Pfc [On_Demand | Running])
DRV - [2003/09/04 10:38:56 | 00,152,576 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\LV532AV.SYS -- (PID_0920 [On_Demand | Stopped])
DRV - [2002/08/29 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/09/27 21:53:22 | 00,036,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2002/08/29 12:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2007/04/19 10:36:50 | 00,048,384 | ---- | M] (Radialpoint, Inc.) -- C:\WINDOWS\System32\DRIVERS\rp_pkt32.sys -- (RPPKT [On_Demand | Running])
DRV - [2008/09/29 09:49:09 | 00,053,192 | ---- | M] (Radialpoint Inc.) -- C:\WINDOWS\System32\DRIVERS\rp_skt32.sys -- (RPSKT [Auto | Running])
DRV - [2004/08/03 21:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Running])
DRV - [2004/04/06 13:07:54 | 00,004,493 | ---- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\emScan.sys -- (ScanUSBEMPIA [On_Demand | Stopped])
DRV - [2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/08/30 17:57:18 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\ss_bus.sys -- (ss_bus [On_Demand | Stopped])
DRV - [2005/08/30 17:58:56 | 00,008,304 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\ss_mdfl.sys -- (ss_mdfl [On_Demand | Stopped])
DRV - [2005/08/30 17:59:00 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\ss_mdm.sys -- (ss_mdm [On_Demand | Stopped])
DRV - [2007/03/05 04:52:18 | 00,034,448 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\DRIVERS\VComm.sys -- (VComm [On_Demand | Running])
DRV - [2007/03/05 04:53:18 | 00,044,304 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\VcommMgr.sys -- (VcommMgr [On_Demand | Running])
DRV - [2001/08/09 18:26:02 | 00,022,608 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\System32\DRIVERS\wandrv.sys -- (wandrv [On_Demand | Stopped])
DRV - [2002/02/13 18:20:46 | 00,594,032 | ---- | M] (Conexant Systems) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2002/10/25 09:03:22 | 00,091,774 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [System | Stopped])
DRV - [2002/10/25 09:03:30 | 00,071,514 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/en-us/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=\"#E56717\"]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://uk.msn.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.6
FF - prefs.js..extensions.enabledItems: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}:0.7.20
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13
 
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/17 13:58:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/21 15:56:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/06 15:33:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/06 15:33:01 | 00,000,000 | ---D | M]
 
[2008/09/30 16:45:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TONY\Application Data\mozilla\Extensions
[2008/09/30 16:45:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TONY\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/29 20:03:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TONY\Application Data\mozilla\Firefox\Profiles\yjv066nl.default\extensions
[2009/07/17 12:04:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TONY\Application Data\mozilla\Firefox\Profiles\yjv066nl.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2009/07/30 13:38:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TONY\Application Data\mozilla\Firefox\Profiles\yjv066nl.default\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
[2009/08/29 20:03:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/06 15:33:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/10/06 10:13:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/17 13:59:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/05/14 19:24:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/06 15:32:34 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/06 15:32:34 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/01/15 18:53:03 | 00,616,448 | ---- | M] (ArtistScope) -- C:\Program Files\mozilla firefox\plugins\npArtistScope42.dll
[2009/02/02 06:06:56 | 00,211,456 | ---- | M] (ArtistScope) -- C:\Program Files\mozilla firefox\plugins\npArtistScopeDRM11.dll
[2008/06/18 05:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/03/09 04:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/06 15:32:47 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/01/04 15:36:50 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2006/07/05 18:47:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/01/04 15:36:50 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/03/08 09:35:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/16 15:51:27 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/04/16 04:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/03/28 18:11:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/01/04 15:36:50 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
 
O1 HOSTS File: (736 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (PopKill Class) - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll (Radialpoint Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Broadbandadvisor.exe] C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe (Virgin Broadband)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe (Chicony)
O4 - HKLM..\Run: [-FreedomNeedsReboot] C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe (Virgin Media)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [NWEReboot]  File not found
O4 - HKLM..\Run: [PCguard] C:\Program Files\Virgin Broadband\PCguard\Rps.exe (Virgin Media)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra Button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains:   ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: 26 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (Checkers Class)
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} http://www.midasplayer.com/midasa.cab (GameControl Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1819853F-A3CA-4BC4-AD65-EC29D7448494} http://centrebet.com/external/cust_static/...kerlauncher.cab (CBPLauncher Class)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://download.microsoft.com/download/0/5...b?1091609548500 (MSSecurityAdvisor Class)
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} http://musicmix.messenger.msn.com/Medialogic.CAB (CMediaMix Object)
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} http://download.ebay.com/turbo_lister/UK/install.cab (Reg Error: Key error.)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab (Minesweeper Flags Class)
O16 - DPF: {32FA9DC4-8CB0-4849-8A9A-D201F8B21EEE} http://www.totesport.com/casino/totesportlauncher.cab (TSLauncher Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} http://www.couponreport.net/ftp/v3123/csauie1.cab (csauie1 Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.truprint.co.uk/TruprintActivia.cab (Snapfish Activia)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} http://sib1.od2.com/common/Member/ClientIn...2/OCI/setup.exe (InstallShield Setup Player 2K2)
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} http://www.xblock.com/download/xclean_micro.exe (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab (Windows Live Safety Center Base Module)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} http://216.249.24.140/code/PWActiveXImgCtl.CAB (PWMediaSendControl Class)
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} http://content.ancestry.co.uk/asfiles/file...ll/MFImgVwr.cab (ImageControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} http://www.truprint.co.uk/TruprintUpload.cab (Snapfish File Upload ActiveX Control)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8028.2441666667 (Reg Error: Key error.)
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} http://www.microsoft.com/security/controls/DoomCln.CAB (DoomCln Object)
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab (InetDownload Class)
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} http://activex.microgaming.com/DLhelper/ve...n7/dlhelper.cab (WebHandler Class)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMesse...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} http://photos8.msn.co.uk/r/neutral/control....cab?5,0,1730,0 (MSN Photo Upload Tool)
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} http://sib1.od2.com/common/musicmanager/in...nagerPlugin.CAB (MSN Music Mediabar)
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe (Virtools WebPlayer Class)
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab (NsvPlayX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} http://static.photobox.co.uk/sg/common/uploader.cab (PB_Uploader Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valueactive.com/Register/Br...018/flashax.cab (FlashXControl Object)
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab (EPSImageControl Class)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://upload.mediamax.com/Upload/XUpload.ocx (Persits Software XUpload)
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} http://www2.incredimail.com/contents/setup...er/imloader.cab (IMDownloader Class)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://flashcasino.ladbrokes.com/instant-p...en/FlashAX2.cab (Flash Casino Helper Object)
O16 - DPF: Aces Up! by pogo http://game3.pogo.com/applet-6.1.0.39/aces...s-ob-assets.cab (Reg Error: Key error.)
O16 - DPF: Big Shot Roulette TM by pogo http://roulet.pogo.com/applet-6.1.0.39/rou...e-ob-assets.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Dominoes by pogo http://game4.pogo.com/applet-6.1.0.39/domi...o-ob-assets.cab (Reg Error: Key error.)
O16 - DPF: First Class Solitaire by pogo http://game1.pogo.com/applet-6.1.0.39/soli...2-ob-assets.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Perfect Pair Solitaire by pogo http://waterwheel.pogo.com/applet-6.1.0.39...l-ob-assets.cab (Reg Error: Key error.)
O16 - DPF: World Class Solitaire by pogo http://game4.pogo.com/applet-6.1.0.39/worl...s-ob-assets.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/03/22 01:11:17 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5c14b637-713c-11de-93d6-00402b45bb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{5c14b637-713c-11de-93d6-00402b45bb5d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5c14b637-713c-11de-93d6-00402b45bb5d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{65ab4b9a-67cd-11de-93c9-00402b45bb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{65ab4b9a-67cd-11de-93c9-00402b45bb5d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{65ab4b9a-67cd-11de-93c9-00402b45bb5d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8d9ac297-7224-11de-93d8-00402b45bb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{8d9ac297-7224-11de-93d8-00402b45bb5d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8d9ac297-7224-11de-93d8-00402b45bb5d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d48f5e0a-8b3d-11de-93f0-00402b45bb5d}\Shell\AutoRun\command - "" = F:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe -- File not found
O33 - MountPoints2\{d48f5e0a-8b3d-11de-93f0-00402b45bb5d}\Shell\open\command - "" = F:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
 
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[23 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/08/30 13:02:46 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TONY\Desktop\OTL.exe
[2009/08/29 20:27:34 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/29 20:27:29 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/29 20:27:08 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/29 20:27:08 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/29 20:25:16 | 03,942,080 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\TONY\Desktop\mbam-setup(2).exe
[2009/08/29 17:29:24 | 20,971,5201 | ---- | C] () -- C:\Documents and Settings\TONY\Desktop\wiz-stash.part2.rar
[2009/08/29 11:49:20 | 20,971,5201 | ---- | C] () -- C:\Documents and Settings\TONY\Desktop\wiz-stash.part3.rar
[2009/08/29 10:53:46 | 87,658,174 | ---- | C] () -- C:\Documents and Settings\TONY\Desktop\wiz-stash.part4.rar
[2009/08/25 21:29:25 | 73,607,5776 | ---- | C] () -- C:\Documents and Settings\TONY\Desktop\2nd Coming  MATRICZ.avi
[2009/08/25 14:08:39 | 73,402,5728 | ---- | C] () -- C:\Documents and Settings\TONY\Desktop\nedivx-danceflick.avi
[2009/08/25 11:22:28 | 00,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ladbrokes Casino.lnk
[2009/08/25 11:21:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microgaming
[2009/08/25 11:18:29 | 00,461,168 | ---- | C] (Microgaming) -- C:\Documents and Settings\TONY\Desktop\Setup_LadbrokesCasino.exe
[2009/08/22 15:42:26 | 73,351,3728 | ---- | C] () -- C:\Documents and Settings\TONY\Desktop\p-app-cd1.avi
[2009/08/22 14:08:34 | 01,089,601 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/08/21 18:38:56 | 73,447,2192 | ---- | C] () -- C:\Documents and Settings\TONY\Desktop\p-app-cd2.avi
[2009/08/21 15:52:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/08/21 15:51:41 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/08/21 15:51:06 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/08/21 15:48:27 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/08/21 15:48:27 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/08/21 15:48:26 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/08/21 15:48:26 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/08/21 15:48:26 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/08/21 15:48:24 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/08/21 15:48:24 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/08/21 15:48:20 | 00,000,000 | ---D | C] -- C:\de156bbfa17f4a5f22ca2fc1dcf7b4
[2009/08/21 15:46:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/08/21 15:13:10 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2009/08/20 15:41:20 | 72,920,8832 | ---- | C] () -- C:\Documents and Settings\TONY\Desktop\dmd-310yuma-cd2.avi
[2009/08/20 15:31:22 | 73,356,2880 | ---- | C] () -- C:\Documents and Settings\TONY\Desktop\dmd-310yuma-cd1.avi
[2009/08/13 20:29:02 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/13 20:27:49 | 00,655,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2009/08/05 09:11:47 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/02 13:39:58 | 00,000,000 | --SD | C] -- C:\Documents and Settings\TONY\Desktop\Samotny Wilk
[2009/06/24 17:48:06 | 00,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2008/05/22 11:19:25 | 00,336,896 | ---- | C] () -- C:\WINDOWS\System32\ammppg.dll
[2008/05/22 11:19:25 | 00,303,104 | ---- | C] () -- C:\WINDOWS\System32\qscl.dll
[2008/05/22 11:19:25 | 00,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/05/22 11:19:25 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\a1.dll
[2008/05/22 11:19:24 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\amrdec.dll
[2008/05/22 11:19:24 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\qcpsdk.dll
[2007/11/12 16:07:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2007/11/02 12:02:36 | 00,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2007/11/02 09:27:35 | 00,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/25 08:31:19 | 00,000,004 | ---- | C] () -- C:\WINDOWS\jknradee.sys
[2007/04/18 12:01:06 | 02,729,472 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll
[2007/02/20 13:07:56 | 00,005,632 | R--- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2006/10/20 18:23:50 | 00,000,017 | ---- | C] () -- C:\WINDOWS\crwcu.ini
[2006/10/20 18:18:29 | 00,000,827 | ---- | C] () -- C:\WINDOWS\CafeUK.ini
[2006/07/28 10:55:18 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/07/03 22:19:46 | 00,000,059 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2006/07/03 22:19:46 | 00,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2006/07/03 22:19:46 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2005/10/30 17:15:03 | 00,000,017 | ---- | C] () -- C:\WINDOWS\crwlk.ini
[2005/10/30 17:14:56 | 00,667,648 | ---- | C] () -- C:\WINDOWS\System32\jabbercom.dll
[2005/10/30 17:14:56 | 00,000,036 | ---- | C] () -- C:\WINDOWS\LFM.ini
[2005/10/30 17:13:51 | 00,001,078 | ---- | C] () -- C:\WINDOWS\LinerUK.ini
[2005/09/23 15:47:25 | 00,000,070 | ---- | C] () -- C:\WINDOWS\FA2974B4.ini
[2005/09/14 15:01:07 | 00,002,202 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2005/07/26 18:54:23 | 00,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/05/14 18:29:20 | 00,000,492 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2005/04/27 12:40:30 | 00,002,572 | ---- | C] () -- C:\WINDOWS\WINDVDBOOTRECDOE.sys
[2005/01/19 10:18:33 | 00,000,059 | ---- | C] () -- C:\WINDOWS\LTDLG13N.INI
[2005/01/10 14:04:11 | 00,015,387 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2004/12/04 19:15:13 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2004/12/04 19:15:13 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2004/09/21 11:56:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2004/08/02 13:19:01 | 00,000,063 | ---- | C] () -- C:\WINDOWS\PixieTool.INI
[2004/08/02 13:13:35 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2004/08/02 13:13:35 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2004/08/02 13:13:35 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2004/08/02 13:13:35 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2004/08/02 13:13:35 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2004/08/02 13:10:54 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/02 13:10:53 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2004/08/02 13:10:53 | 01,287,168 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/07/27 21:51:46 | 00,000,017 | ---- | C] () -- C:\WINDOWS\crw.ini
[2004/07/27 21:50:05 | 00,000,488 | ---- | C] () -- C:\WINDOWS\GeishaBingo.ini
[2004/03/12 18:18:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/02/15 12:35:51 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2003/12/23 11:15:29 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2003/11/15 20:22:21 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\micr0st.dll
[2003/11/15 14:13:00 | 00,002,040 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/07/27 12:12:47 | 00,018,120 | R--- | C] (   ) -- C:\WINDOWS\System32\drivers\gt680x.sys
[2003/07/22 16:26:45 | 00,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/03/22 07:53:32 | 00,001,490 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/03/22 07:53:14 | 00,000,607 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/03/22 07:53:11 | 00,000,284 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/03/22 02:16:30 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/03/22 02:13:17 | 00,000,455 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2003/03/22 01:32:41 | 00,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2003/03/22 01:32:41 | 00,000,491 | ---- | C] () -- C:\WINDOWS\Instit.ini
[2003/03/22 01:26:19 | 00,266,240 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2003/03/22 01:25:48 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[1999/08/10 17:02:20 | 00,116,736 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[1999/08/10 17:02:16 | 00,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1999/01/27 13:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1998/10/11 00:07:38 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1997/06/13 07:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
 
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
 
[23 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/08/30 13:02:48 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TONY\Desktop\OTL.exe
[2009/08/30 12:48:24 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/30 12:47:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/30 12:46:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/30 12:46:54 | 53,482,7008 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/29 20:27:35 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/29 20:25:39 | 03,942,080 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\TONY\Desktop\mbam-setup(2).exe
[2009/08/29 18:39:09 | 20,971,5201 | ---- | M] () -- C:\Documents and Settings\TONY\Desktop\wiz-stash.part2.rar
[2009/08/29 12:35:12 | 20,971,5201 | ---- | M] () -- C:\Documents and Settings\TONY\Desktop\wiz-stash.part3.rar
[2009/08/29 11:05:31 | 87,658,174 | ---- | M] () -- C:\Documents and Settings\TONY\Desktop\wiz-stash.part4.rar
[2009/08/27 08:06:30 | 00,441,898 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/27 08:06:30 | 00,071,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/27 08:06:27 | 00,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/26 15:51:28 | 00,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/26 15:51:26 | 00,036,864 | ---- | M] () -- C:\Documents and Settings\TONY\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/25 17:20:57 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/08/25 13:44:11 | 00,031,096 | ---- | M] () -- C:\Documents and Settings\TONY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/25 11:22:29 | 00,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ladbrokes Casino.lnk
[2009/08/25 11:18:30 | 00,461,168 | ---- | M] (Microgaming) -- C:\Documents and Settings\TONY\Desktop\Setup_LadbrokesCasino.exe
[2009/08/24 23:33:08 | 73,402,5728 | ---- | M] () -- C:\Documents and Settings\TONY\Desktop\nedivx-danceflick.avi
[2009/08/22 15:12:45 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/21 16:24:23 | 00,133,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/05 09:11:47 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 09:11:47 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
< End of report >

[jamieboy]

OTL Extras logfile created on: 30/08/2009 13:03:26 - Run 1
OTL by OldTimer - Version 3.0.10.7     Folder = C:\Documents and Settings\TONY\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
509.98 Mb Total Physical Memory | 297.67 Mb Available Physical Memory | 58.37% Memory free
1.09 Gb Paging File | 0.84 Gb Available in Paging File | 76.82% Paging File free
Paging file location(s): C:\pagefile.sys 640 1152 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 10.05 Gb Free Space | 13.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ARMSTRONGFAMILY
Current User Name: TONY
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=\"#E56717\"]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3511:UDP" = 3511:UDP:*:Enabled:Windows Media Format SDK (firefox.exe)
"3510:UDP" = 3510:UDP:*:Enabled:Windows Media Format SDK (firefox.exe)
 
[color=\"#E56717\"]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Anfield Alerts\anfieldalerts.exe" = C:\Program Files\Anfield Alerts\anfieldalerts.exe -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Documents and Settings\TONY\Local Settings\Temp\CRY79F1.tmp\install.exe" = C:\Documents and Settings\TONY\Local Settings\Temp\CRY79F1.tmp\install.exe:*:Enabled:setup wizard -- File not found
"C:\Program Files\Anfield Alerts\anfieldalerts.exe" = C:\Program Files\Anfield Alerts\anfieldalerts.exe -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\tvants\Tvants.exe" = C:\Program Files\tvants\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Documents and Settings\TONY\Application Data\SopCast\adv\SopAdver.exe" = C:\Documents and Settings\TONY\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime Essentials -- (Nero AG)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe:*:Enabled:BlueSoleil -- (IVT Corporation.)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\Zattoo\zattood.exe" = C:\Program Files\Zattoo\zattood.exe:*:Enabled:zattood -- File not found
"C:\Program Files\Zattoo\Zattoo2.exe" = C:\Program Files\Zattoo\Zattoo2.exe:*:Enabled:  -- ()
"C:\Program Files\Zattoo\Zattoo.exe" = C:\Program Files\Zattoo\Zattoo.exe:*:Enabled:  -- File not found
"C:\Casino\Twosixes.com\casino.exe" = C:\Casino\Twosixes.com\casino.exe:*:Enabled:casino -- File not found
"C:\Casino\bwin Casino\casino.exe" = C:\Casino\bwin Casino\casino.exe:*:Enabled:casino -- File not found
"C:\Casino\Paddy Power Casino\casino.exe" = C:\Casino\Paddy Power Casino\casino.exe:*:Enabled:casino -- File not found
 
 
[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0463B519-E4C8-4C16-84AA-4743D1ED91B5}" = Labtec WebCam
"{05BCCF27-DC23-4ED9-87A2-F8D5B244B4C4}" = RPS AntiVirus
"{153BC7CA-9F2F-45AC-B4A1-AFAFBD5D904B}" = Virgin Broadband PCguard
"{179624B1-2683-45ED-965A-B72189EB5820}" = Opera 9.51
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio
"{212F5777-1190-4DEF-8E4D-6B2F313B45E7}" = PerfectDisk
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(tm) 6 Update 13
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2EBA5473-558B-462C-AEE4-FE50FA799F2A}" = Mouse Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(tm) 6 Update 7
"{324D4909-7A7B-45CD-B199-E975DC108249}" = RPS PopupBlocker
"{3476E8FA-00F1-48AF-8771-236C84FC7CB8}" = iPod for Windows 2005-01-11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A836186-46F8-4388-9830-820E35C02992}" = RPS Diagnostic Utility
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3AFF4279-A590-4010-8C8A-3B096A220CFC}" = RPS Zip
"{3C441434-737C-4D54-8EAB-B409BE54E734}" = RPS App Detector
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{438BB9B4-65FE-4626-91D9-A8F57B18001D}" = Bluesoleil2.6.0.8 Release 070517
"{43D092A7-D91E-45D1-A3F0-4060B9CA5E4F}" = HP Photosmart Cameras 4.0
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{53C32728-D434-4143-9C9D-D73D68D00893}" = RPS ParentalControl
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{5AFA4872-16B2-419E-ADCA-8E96E739115D}" = Music Manager
"{5C820C4F-ACEE-4C26-BFE5-1FF4CB0D20E5}" = SVCD2DVD 2.5
"{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}" = Radialpoint Security Services
"{5E7EBB6D-F44B-4D8B-9C52-F0F9173FD166}" = RPS Security Cleanup
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 SP1
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6EA0ABC4-172B-48D4-AF26-93322D7FDE72}" = RPS Ad Blocker
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{725249C3-B94C-4141-8799-0D3BA43D0812}" = CameraDrivers
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{9810C3D4-4799-42AB-BCF8-48D93A6C5E15}" = PCTV USB2
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{99CC78D1-2356-497C-84C1-F239884001EC}" = Turbo Lister
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9E6894B0-51DE-424E-BCDE-2ABADC5651A1}" = PS7400
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A542D695-16D3-4F89-A6F1-091F009B8ABA}" = RPS Burn
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AFE0D559-DAC2-4DF0-B432-4CBA15769AA9}" = RPS RpsCore
"{B2EFE303-A594-11D5-95EB-005004BC1C65}" = EPSON PhotoQuicker3.2
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B5C0FD16-3A5D-40D5-8B59-4B43279BB5D0}" = RPS Backup
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}" = iTunes
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C45B1500-7B63-47C2-AB25-C28CB46AFDEE}" = MSN Music Mediabar
"{C70EF769-8296-4ED0-966F-D624BC6D4927}" = Authentium AntiVirus SDK - 2
"{C831972C-3834-4D9D-A095-8350B324AC3C}" = RPS AntiFraud
"{C869F4FF-E5FF-4FBB-9A31-33C23605E170}" = PPSDKRedistributables
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{D8AEA1D1-78FE-4CE1-9405-D7E55E797C4D}" = RPS AsRealtime
"{DD1C392B-226D-42C9-B8E6-2A9BEF7583B4}" = RPS Performance Tool
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{ECBDDBD7-43CC-417C-B87A-943AFED8EB57}" = RPS Firewall
"{EE1D5780-AF29-4DC4-A107-3FD5F79AC63A}" = RPS AntiSpyware
"{F17F7703-1E72-40C1-A0DD-E5B365661033}" = Nero 7 Essentials
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F652D238-5F29-42D5-BAF3-0115EF977EC2}" = Windows Live Sign-in Assistant
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Avance AC'97 Audio
"{FD2EC356-DB5E-40AE-907A-9A1D38F9396D}" = RPS Privacy Manager
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"ABBYY FineReader 4.0 Sprint" = ABBYY FineReader 4.0 Sprint
"Abiword" = Abiword (remove only)
"AddressBook" =
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ArtistScope Plugin FX4.2.0.3" = ArtistScope Plugin FX
"AudibleManager" = AudibleManager
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_8D8B155D" = Conexant SoftK56 Modem(M)
"Connection Manager" =
"Coupon Printer2.0" = Coupon Printer
"Crush'Em 2.0" = Crush'Em 2.0
"DirectAnimation" =
"DirectDrawEx" =
"DXM_Runtime" =
"EPSON Printer and Utilities" = EPSON Printer Software
"FLV Player" = FLV Player 2.0, build 24
"Fontcore" =
"Foxit Reader" = Foxit Reader
"GenoPro" = GenoPro
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.0
"ICW" =
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"ie7" = Windows Internet Explorer 7
"IEData" =
"InstallShield Uninstall Information" =
"InstallShield_{3476E8FA-00F1-48AF-8771-236C84FC7CB8}" = iPod for Windows 2005-01-11
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{99CC78D1-2356-497C-84C1-F239884001EC}" = Turbo Lister
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"Ladbrokesviper" = Ladbrokes Casino
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoderSE" = MediaCoderSE 0.5.1
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft NetShow Player 2.0" =
"MobileOptionPack" =
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"MP3 To Ringtone Gold_is1" = MP3 To Ringtone Gold 5.50
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"MsJavaVM" =
"NetMeeting" =
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NokiaFREE Unlock Codes Calculator" = NokiaFREE Unlock Codes Calculator
"OutlookExpress" =
"Packard Bell Diamond 1200Plus v1.0" = Packard Bell Diamond 1200Plus v1.0
"PCFriendly" = PCFriendly
"PCHealth" =
"PhotoRecord" =
"Puzzl'Em1.0Beta2" = Puzzl'Em 1.0 Beta2
"QuickTime" = QuickTime
"RadialpointClientGateway_is1" = Virgin Broadband advisor 1.5.14
"RealPlayer 6.0" = RealPlayer
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SchedulingAgent" =
"Shockwave" = Shockwave
"SopCast" = SopCast 3.0.3
"SopCore" = SopCore 1.0.1
"SpywareBlaster_is1" = SpywareBlaster 4.1
"SystemRequirementsLab" = System Requirements Lab
"Tvants 1.0" = TVAnts 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
[color=\"#E56717\"]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 13/04/2009 08:03:33 | Computer Name = ARMSTRONGFAMILY | Source = MsiInstaller | ID = 11500
Description = Product: SVCD2DVD 2.5 -- Error 1500. Another installation is in progress.
 You must complete that installation before continuing this one.
 
Error - 14/04/2009 13:11:32 | Computer Name = ARMSTRONGFAMILY | Source = Application Error | ID = 1000
Description = Faulting application nerostartsmart.exe, version 3.2.2.0, faulting
 module mfc71.dll, version 7.10.3077.0, fault address 0x000347b8.
 
Error - 18/04/2009 17:15:16 | Computer Name = ARMSTRONGFAMILY | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.9.8.1, faulting module libvout_directx_plugin.dll,
 version 0.0.0.0, fault address 0x000058ac.
 
Error - 24/04/2009 17:17:00 | Computer Name = ARMSTRONGFAMILY | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.9.8.1, faulting module libvout_directx_plugin.dll,
 version 0.0.0.0, fault address 0x000058ac.
 
Error - 02/06/2009 10:37:19 | Computer Name = ARMSTRONGFAMILY | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.9.8.1, faulting module libvout_directx_plugin.dll,
 version 0.0.0.0, fault address 0x000058ac.
 
Error - 11/06/2009 07:48:37 | Computer Name = ARMSTRONGFAMILY | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.9.8.1, faulting module libvout_directx_plugin.dll,
 version 0.0.0.0, fault address 0x0000592c.
 
Error - 23/06/2009 08:43:46 | Computer Name = ARMSTRONGFAMILY | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
 dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
 
Error - 15/07/2009 10:57:28 | Computer Name = ARMSTRONGFAMILY | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.9.8.1, faulting module libvout_directx_plugin.dll,
 version 0.0.0.0, fault address 0x000058f3.
 
Error - 18/08/2009 07:46:01 | Computer Name = ARMSTRONGFAMILY | Source = Application Error | ID = 1000
Description = Faulting application abiword.exe, version 0.0.0.0, faulting module
 abiword.exe, version 0.0.0.0, fault address 0x00103269.
 
Error - 25/08/2009 09:57:13 | Computer Name = ARMSTRONGFAMILY | Source = Application Error | ID = 1000
Description = Faulting application casinogame.exe, version 16.0.0.3104, faulting
 module , version 0.0.0.0, fault address 0x00000000.
 
[ System Events ]
Error - 30/08/2009 08:47:02 | Computer Name = ARMSTRONGFAMILY | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.  Reference
 error message: The referenced assembly is not installed on your system.  .
 
Error - 30/08/2009 08:47:02 | Computer Name = ARMSTRONGFAMILY | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.363_x-ww_3a00bc02\MFC80.DLL.
Reference
 error message: The operation completed successfully.  .
 
Error - 30/08/2009 08:47:19 | Computer Name = ARMSTRONGFAMILY | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
   %%1079
 
Error - 30/08/2009 08:47:20 | Computer Name = ARMSTRONGFAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   IntelIde  SASKUTIL
 
Error - 30/08/2009 08:48:36 | Computer Name = ARMSTRONGFAMILY | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
 Error was The referenced assembly is not installed on your system.  
 
Error - 30/08/2009 08:48:36 | Computer Name = ARMSTRONGFAMILY | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.  Reference
 error message: The referenced assembly is not installed on your system.  .
 
Error - 30/08/2009 08:48:36 | Computer Name = ARMSTRONGFAMILY | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.363_x-ww_3a00bc02\MFC80.DLL.
Reference
 error message: The operation completed successfully.  .
 
Error - 30/08/2009 08:48:37 | Computer Name = ARMSTRONGFAMILY | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
 Error was The referenced assembly is not installed on your system.  
 
Error - 30/08/2009 08:48:37 | Computer Name = ARMSTRONGFAMILY | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.  Reference
 error message: The referenced assembly is not installed on your system.  .
 
Error - 30/08/2009 08:48:37 | Computer Name = ARMSTRONGFAMILY | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.363_x-ww_3a00bc02\MFC80.DLL.
Reference
 error message: The operation completed successfully.  .
 
 
< End of report >

[guestolo]

Let's finish dealing with this computer, then we'll get back to the one that won't startup with taskbar/icons

One more scanner please
Download ComboFix from one of these locations:

[color=\"#0000FF\"]Link 1[/color]
[color=\"#0000FF\"]Link 2[/color]
[color=\"#FF0000\"]Save it ONLY to your Desktop[/color]

      --------------------------------------------------------------------
[color=\"#2E8B57\"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

[jamieboy]

ComboFix 09-08-30.01 - TONY 30/08/2009 19:33.1.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.44.1033.18.510.188 [GMT 0:00]
Running from: c:\documents and settings\TONY\Desktop\ComboFix.exe
AV: PCguard Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\recycler\S-1-5-21-1645522239-616249376-1801674531-1003
c:\recycler\S-1-5-21-2286133478-4061408910-1782281043-1003
c:\recycler\S-1-5-21-2663425790-2513651952-527665643-1003
c:\recycler\S-1-5-21-3052558007-2587601237-3204678038-1003
c:\recycler\S-1-5-21-3360376872-3171618-694743999-1003
c:\recycler\S-1-5-21-3629361120-2161768091-4284080124-1003
c:\recycler\S-1-5-21-579328389-3818186387-353775699-1003
c:\recycler\S-1-5-21-768468522-4059537020-3727132638-1003
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\Downloaded Program Files\dlhelper.dll
c:\windows\Installer\29a0de3.msi
c:\windows\Installer\29a0de4.msp
c:\windows\system32\ammppg.dll

.
(((((((((((((((((((((((((   Files Created from 2009-07-28 to 2009-08-30  )))))))))))))))))))))))))))))))
.

2009-08-29 20:27 . 2009-08-03 13:36    38160    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-29 20:27 . 2009-08-29 20:27    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2009-08-29 20:27 . 2009-08-03 13:36    19096    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-08-25 13:56 . 2009-08-25 13:56    73811    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\_\_crt_mhblackjack.031a97dbfc22ce8c3c008e321e750432.dll
2009-08-25 13:48 . 2009-08-25 13:48    421888    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\l\lua51host.65f8dee3181dee3bfc68ab23c9f2782b.dll
2009-08-25 13:48 . 2009-08-25 13:48    225280    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\m\myslot.14d73c530d6c095843c7fbfb86364c4e.dll
2009-08-25 11:50 . 2009-08-25 11:50    618496    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\g\gamble2_wealthspa.a58c586ab4d974ea2d4142fb4d851c2b.dll
2009-08-25 11:49 . 2009-08-25 11:49    213264    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\g\gamble2.9d7f0f3cf78a68d28fc5a3e77fdc77da.dll
2009-08-25 11:49 . 2009-08-25 11:49    307472    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\g\gamble2_tggg.436ea9e59e2a2b9a2106e598920cba26.dll
2009-08-25 11:49 . 2009-08-25 11:49    221456    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\g\gamble2_temp.5a22e38498bf34a124cc458bf6408ad3.dll
2009-08-25 11:49 . 2009-08-25 11:49    602112    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\g\gamble2_flightzone.d149c5c0a243e45a82d87b40855052ab.dll
2009-08-25 11:49 . 2009-08-25 11:49    606208    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\g\gamble2_summerholiday.b02744e18c4cdb3dd3394f69d8987073.dll
2009-08-25 11:48 . 2009-08-25 11:48    499984    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus.4968e33b858e6c30beb0ac4b11a9c459.dll
2009-08-25 11:48 . 2009-08-25 11:48    1032192    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_flightzone.4d281f29a7152da50722695b99821fe6.dll
2009-08-25 11:48 . 2009-08-25 11:48    213264    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\c\choosebonus.df815bbfb8ae7a29a353f0ae65e4af17.dll
2009-08-25 11:47 . 2009-08-25 11:47    508176    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_temp.556fffdfd1bc700038c0a1370a1eb004.dll
2009-08-25 11:47 . 2009-08-25 11:47    323856    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\h\hitmancontractbonus.339a969d902930975b3194643e289fc9.dll
2009-08-25 11:47 . 2009-08-25 11:47    367747    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\m\mptleaderboard.91fac472d1ff352976950258719d35a2.dll
2009-08-25 11:46 . 2009-08-25 11:46    524560    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_tggg.f8ba0ccac248b6026b2705996790640a.dll
2009-08-25 11:46 . 2009-08-25 11:46    327784    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\m\mpvtabletournamentlobby.fea1be7b63b308e9fdb6e8d4bd356052.dll
2009-08-25 11:45 . 2009-08-25 11:45    303204    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\m\mpvblackjackplugin.49e5f42fbdf0e1e2df5232e5ea419897.dll
2009-08-25 11:43 . 2009-08-25 11:43    262416    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\t\transition_temp.c6aaf42b66fa6688c8ea18a671984287.dll
2009-08-25 11:43 . 2009-08-25 11:43    909584    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_temp.05f0b16a67acb189be99508aa088d348.dll
2009-08-25 11:43 . 2009-08-25 11:43    1216512    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_flightzone.a761e5b6d3a2ea66d5501258ee2ed22b.dll
2009-08-25 11:42 . 2009-08-25 11:42    663824    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx.53bb68e70e798b2ecdf8b9f3b7384e99.dll
2009-08-25 11:42 . 2009-08-25 11:42    1249399    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_tggg.a33335318f7b89139ecd4652b6e8c4b9.dll
2009-08-25 11:41 . 2009-08-25 11:41    655360    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\t\transition_flightzone.2d8aa10da872f1ac4a34a2122bf3c4b2.dll
2009-08-25 11:41 . 2009-08-25 11:41    672016    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_temp.20587ea0b10b8a6428639d5dfe4fb9c2.dll
2009-08-25 11:40 . 2009-08-25 11:40    266512    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\t\transition_tggg.399218aff849d2e187d4554dd62a73b6.dll
2009-08-25 11:40 . 2009-08-25 11:40    1032192    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_wealthspa.2cac89b1bff8f25a6a8d3748201af558.dll
2009-08-25 11:40 . 2009-08-25 11:40    643344    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_temp2.42ac279a5f1c55ac224683685ec4fc49.dll
2009-08-25 11:37 . 2009-08-25 11:37    1904753    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_tggg.6e62948f458013fa99694cc031068e8a.dll
2009-08-25 11:37 . 2009-08-25 11:37    829840    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\m\mptadvancedslots.039a84427e76ab4e1715f80765a76305.dll
2009-08-25 11:37 . 2009-08-25 11:37    122880    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\x\xmlparserplugin_mt.7619c07631f1fc927d66a473e3f53a46.dll
2009-08-25 11:36 . 2009-08-25 11:36    1224704    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_summerholiday.ca5125cc93020b208c8104895ffd4a80.dll
2009-08-25 11:36 . 2009-08-25 11:36    254224    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\t\transition.26c3e2ce55c7cca8b63e5e8d7b4627e4.dll
2009-08-25 11:36 . 2009-08-25 11:36    1474560    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_wealthspa.548276e787b133afb9b912eb95b8b5c5.dll
2009-08-25 11:35 . 2009-08-25 11:35    823568    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_temp2.198f2a88c7f89c1d0b1ded39e546e22b.dll
2009-08-25 11:35 . 2009-08-25 11:35    1638400    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_summerholiday.19e3e7b6f28b2f036c0b87d00fc799b9.dll
2009-08-25 11:34 . 2009-08-25 11:34    823568    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1.d6634c03808be76623e7497fcb1eb424.dll
2009-08-25 11:34 . 2009-08-25 11:34    679936    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\t\transition_wealthspa.5a3f4e96415d8b3050681cdd275f3d88.dll
2009-08-25 11:34 . 2009-08-25 11:34    944033    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\m\mpvslotxxx.e5675e7198cee47ae84db3a4020d9441.dll
2009-08-25 11:34 . 2009-08-25 11:34    1626112    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_flightzone.40d3a7b3fae72091b79e1759db110c70.dll
2009-08-25 11:34 . 2009-08-25 11:34    581904    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\l\levelbonus.f133a53ea3279bce1fc3bc7aa9ad6839.dll
2009-08-25 11:33 . 2009-08-25 11:33    311398    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\m\mpvblackjacktourxxx.e4ccb563efd75763602af7373fbd8cec.dll
2009-08-25 11:31 . 2009-08-25 11:31    412685    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\g\goldseries_roulette.1edb0f45625215829abaaca345d96e06.dll
2009-08-25 11:31 . 2009-08-25 11:31    233472    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\b\bjstrategyui1.5a2f52359fe99e4484435bbaf8f92b30.dll
2009-08-25 11:31 . 2009-08-25 11:31    225280    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\b\bjgoldautoplayplugin.9e04124b2f25d98a562d14260b995f0c.dll
2009-08-25 11:31 . 2009-08-25 11:31    126976    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\m\mhbjstrategyui1.95a00a7e6658ab8736067b646ccd9783.dll
2009-08-25 11:31 . 2009-08-25 11:31    589824    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\b\bjgoldplugin.30ebac308b430f373d22851023dddb58.dll
2009-08-25 11:31 . 2009-08-25 11:31    512000    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\b\bjgoldxxx.098a7b3de069b4b076bd8c2cc92131be.dll
2009-08-25 11:31 . 2009-08-25 11:31    147456    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\b\bjstrategylogic1.cae96e5e68740973929725d2ac549cc0.dll
2009-08-25 11:31 . 2009-08-25 11:31    233472    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\b\bjgoldstatsplugin.67546387f1af1fe46f021dbce8a072f4.dll
2009-08-25 11:31 . 2009-08-25 11:31    413696    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\m\mhbjgoldplugin.5d832144ec1b88e6caeb7446bbe13d54.dll
2009-08-25 11:31 . 2009-08-25 11:31    225280    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\m\mhbjgoldxxx.042cb38dc856800dc292666302eb33ed.dll
2009-08-25 11:23 . 2009-08-25 11:23    417792    ----a-w-    c:\documents and settings\All Users\Application Data\MGS\cache\m\menucore.e2df50a5930ba5d46a68f5564d204ba0.dll
2009-08-25 11:21 . 2009-08-25 11:21    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microgaming
2009-08-21 15:52 . 2009-08-21 15:52    --------    d-----w-    c:\windows\system32\XPSViewer
2009-08-21 15:51 . 2009-08-21 15:51    --------    d-----w-    c:\program files\MSBuild
2009-08-21 15:51 . 2009-08-21 15:51    --------    d-----w-    c:\program files\Reference Assemblies
2009-08-21 15:48 . 2008-07-06 12:06    89088    -c----w-    c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-21 15:48 . 2008-07-06 12:06    117760    ------w-    c:\windows\system32\prntvpt.dll
2009-08-21 15:48 . 2008-07-06 12:06    575488    -c----w-    c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-21 15:48 . 2008-07-06 12:06    575488    ------w-    c:\windows\system32\xpsshhdr.dll
2009-08-21 15:48 . 2008-07-06 10:50    597504    -c----w-    c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-21 15:48 . 2008-07-06 12:06    1676288    -c----w-    c:\windows\system32\dllcache\xpssvcs.dll
2009-08-21 15:48 . 2008-07-06 12:06    1676288    ------w-    c:\windows\system32\xpssvcs.dll
2009-08-21 15:48 . 2009-08-21 15:50    --------    d-----w-    C:\de156bbfa17f4a5f22ca2fc1dcf7b4
2009-08-21 15:46 . 2009-08-21 16:24    --------    d-----w-    c:\windows\SxsCaPendDel
2009-08-21 15:13 . 2009-08-21 15:13    --------    d-----w-    c:\program files\MSXML 6.0
2009-08-13 20:27 . 2009-06-05 07:42    655872    -c----w-    c:\windows\system32\dllcache\mstscax.dll
2009-08-05 09:11 . 2009-08-05 09:11    204800    -c----w-    c:\windows\system32\dllcache\mswebdvd.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-30 14:00 . 2009-07-03 12:35    --------    d-----w-    c:\documents and settings\TONY\Application Data\U3
2009-08-25 13:44 . 2003-09-09 20:50    31096    -c--a-w-    c:\documents and settings\TONY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-23 19:48 . 2007-06-26 12:16    --------    d-----w-    c:\program files\FinePixViewer
2009-08-05 09:11 . 2003-03-22 02:28    204800    ----a-w-    c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2003-03-22 07:52    58880    ----a-w-    c:\windows\system32\atl.dll
2009-07-13 22:43 . 2004-05-23 15:00    286208    ----a-w-    c:\windows\system32\wmpdxm.dll
2009-07-08 09:11 . 2004-07-01 10:51    --------    d-----w-    c:\program files\Spybot - Search & Destroy
2009-06-29 16:12 . 2004-02-06 17:05    827392    ----a-w-    c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-10 19:14    78336    ----a-w-    c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2003-03-22 07:52    17408    ----a-w-    c:\windows\system32\corpol.dll
2009-06-24 17:48 . 2009-06-24 17:48    31    ---ha-w-    c:\windows\UKCpInfo.sys
2009-06-16 14:55 . 2003-03-22 07:53    119808    ----a-w-    c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2003-03-22 07:52    82432    ----a-w-    c:\windows\system32\fontsub.dll
2009-06-12 11:50 . 2003-03-22 07:53    76288    ----a-w-    c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2003-03-22 07:52    84992    ----a-w-    c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2008-07-17 10:35    132096    ----a-w-    c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2003-03-22 01:05    655872    ----a-w-    c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2004-08-02 13:10    1290752    ----a-w-    c:\windows\system32\quartz.dll
.
--a------ 27/06/2007 14:34 823808 c:\windows\system32\oldwn.tmp
--a------ 03/08/2004 23:56 82944 c:\windows\system32\oldws.tmp
--a------ 27/06/2007 14:34 823808 c:\windows\system32\winrc.tmp
--a------ 03/08/2004 23:56 82944 c:\windows\system32\wsrec.tmp


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCguard"="c:\program files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 310000]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 2061552]
"-FreedomNeedsReboot"="c:\program files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 13552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-16 185896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"CHotkey"="mHotkey.exe" - c:\windows\mHotkey.exe [2002-07-23 477184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-10-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 24576]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       PDBoot.exe\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher 2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher 2.lnk
backup=c:\windows\pss\Exif Launcher 2.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\tvants\\Tvants.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\TONY\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Zattoo\\Zattoo2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3511:UDP"= 3511:UDP:Windows Media Format SDK (firefox.exe)
"3510:UDP"= 3510:UDP:Windows Media Format SDK (firefox.exe)

R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [23/03/2009 13:46 266240]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [10/01/2005 14:04 152576]
S3 Radialpoint Security Services;Virgin Broadband PCguard;c:\windows\system32\dllhost.exe [22/03/2003 07:52 5120]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NWEReboot - (no file)
HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
Notify-dimsntfy - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0}
LSP: c:\program files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
DPF: Aces Up! by pogo - hxxp://game3.pogo.com/applet-6.1.0.39/aces/aces-ob-assets.cab
DPF: Big Shot Roulette TM by pogo - hxxp://roulet.pogo.com/applet-6.1.0.39/roulette/roulette-ob-assets.cab
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Dominoes by pogo - hxxp://game4.pogo.com/applet-6.1.0.39/domino/domino-ob-assets.cab
DPF: First Class Solitaire by pogo - hxxp://game1.pogo.com/applet-6.1.0.39/solitaire2/solitaire2-ob-assets.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Perfect Pair Solitaire by pogo - hxxp://waterwheel.pogo.com/applet-6.1.0.39/waterwheel/waterwheel-ob-assets.cab
DPF: World Class Solitaire by pogo - hxxp://game4.pogo.com/applet-6.1.0.39/worldclass/worldclass-ob-assets.cab
DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} - hxxp://www.midasplayer.com/midasa.cab
DPF: {1819853F-A3CA-4BC4-AD65-EC29D7448494} - hxxp://centrebet.com/external/cust_static/activex/centrebetpokerlauncher.cab
DPF: {32FA9DC4-8CB0-4849-8A9A-D201F8B21EEE} - hxxp://www.totesport.com/casino/totesportlauncher.cab
DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} - hxxp://www.couponreport.net/ftp/v3123/csauie1.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://flashcasino.ladbrokes.com/instant-play-en/FlashAX2.cab
FF - ProfilePath - c:\documents and settings\TONY\Application Data\Mozilla\Firefox\Profiles\yjv066nl.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.msn.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-30 19:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,84,14,95,30,86,
   e0,54,7a,e2,63,26,f1,3f,c8,ff,68,58,b7,cb,c9,3e,7c,08,5b,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,a6,7d,11,a2,23,
   26,92,4e,6a,9c,d6,61,af,45,84,18,11,e8,49,35,a5,0a,5d,4b,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,58,34,55,54,eb,
   50,d0,91,ff,7c,85,e0,43,d4,0e,fe,53,02,e2,58,a4,3b,80,b4,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,9a,fc,b5,3e,be,
   88,77,39,86,8c,21,01,be,91,eb,e7,ee,6c,f9,76,bc,67,8d,5e,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,ac,ce,14,9f,4e,
   8d,6b,ce,f5,1d,4d,73,a8,13,5c,05,83,a1,47,03,5e,49,17,04,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,d8,41,d5,75,78,
   e7,62,23,df,20,58,62,78,6b,cf,c8,17,9e,db,46,94,e8,fe,2e,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,37,ba,70,bd,3c,
   7b,ea,78,fb,a7,78,e6,12,2f,9a,ea,3f,63,76,37,43,98,a1,80,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,cb,86,cf,c5,b3,
   b0,31,89,01,3a,48,fc,e8,04,4a,f1,07,bc,de,39,91,41,7f,b0,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,90,2c,4c,ca,67,
   75,35,24,f6,0f,4e,58,98,5b,89,c9,78,53,4e,2f,cf,36,10,a6,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,fe,8a,17,e2,52,
   72,42,c6,3d,ce,ea,26,2d,45,aa,78,54,76,2b,0e,4a,cb,29,7d,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,55,ff,40,7c,ea,
   0c,21,da,2a,b7,cc,b5,b9,7f,41,e7,30,58,8b,91,15,c0,7e,36,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,12,04,0d,a5,55,
   84,ae,60,6c,43,2d,1e,aa,22,2f,9c,a4,4f,78,ce,c1,68,b6,c8,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3988)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Virgin Broadband\PCguard\Fws.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe
c:\program files\CA\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Virgin Broadband\PCguard\rpsupdaterR.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleil_.exe
c:\windows\system32\wscntfy.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-08-30 20:07 - machine was rebooted
ComboFix-quarantined-files.txt  2009-08-30 20:07

Pre-Run: 14,210,625,536 bytes free
Post-Run: 14,834,909,184 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

313    --- E O F ---    2009-08-26 15:10

[guestolo]

Can you do the following, the computer that will not startup with no taskbar and Icons
Can you use this computer to
Follow the instructions to download, burn, and run the Dr.Web Live CD on the other computer
http://www.freedrweb.com/livecd/
Click on Download Live Cd at the bottom of the page
Click the Folder icon that represents the Latest Available modified date
As eg..The latest as of now is 20090830042001    30/08/2009    12:20:00 AM
Save it to desktop and burn the Image file with your burning program to disk

In addition: On this computer that we ran ComboFix, it's looking good, just a possibility of legit infected files
Can you do one last scanner
Again, temporarily disable your AntiVirus and Antispyware realtime protections
Please use the Internet Explorer and run a ESET Online Scanner from [color=\"#0000FF\"]Here[/color][/url]
 [color=\"red\"]IMPORTANT:[/color] Administrator privileges are required to run ESET Online Scanner!

• Please click the green ESET Online Scanner button.
  
• Please check YES, I accept the Terms of Use and click Start
  
• You will need to allow an Active X install for the scan to run.

[color=\"#006400\"]OPTION 1[/color]

• Leave the scanning options at default and click Start
  [color=\"#006400\"]OPTION 2[/color]
  
• Please check Scan archives and click Start
  

[color=\"#000080\"]Eset will now download virus signature database and start to scan your computer.[/color]
Please post the results in your next reply.

[color=\"red\"]Note![/color] Please check Uninstall application on close if you want to remove ESET Online Scanner from your computer and click the Finish button.

We'll finish up with this computer after you post the results of the Eset scan
If you can try and run the Dr. Web Live CD on the computer with no taskbar/icons as soon as possible, let's see if we can get anything else to run on it
Edit>>Before you start the computer with the LiveCD, can you insert your USB thumbdrive that may be infected, Dr.Web should autodetect it when you boot with it's CD
Have it also scan that usb thumbdrive, it should be selected by default

[jamieboy]

used the ESET Online Scanner but it produced no log, though it did find 2 threats.
   the other computer would not let me run anything either from disc or usb. the only access is through task manager.