Solved Google redirect and unremovable viruses

Status
Not open for further replies.
W

warren90

Posts: 15   +0
Hi,

Tried various different antivirus programs, all of which either don't install or identify problems but are unable to remove them. Infections include worm.win32.koobface.as and worm.win32.ramnit. I am also redirected to websites such as licosearch and hugosearch when using google. Any help would be much appreciated.
 

Attachments

  • hijackthis.log
    10.1 KB · Views: 5
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Thanks for your response, here are the first 3 logs:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6046

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

13/03/2011 23:17:40
mbam-log-2011-03-13 (23-17-40).txt

Scan type: Quick scan
Objects scanned: 197061
Time elapsed: 18 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-03-13 23:50:37
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800VE-75HDT1 rev.11.07D11
Running: t87s0e8h.exe; Driver: C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\uftdapog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAA4CD026]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAA4CCE91]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAA5168DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----



.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Michael Lunn at 23:57:53.03 on 13/03/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.503.192 [GMT 0:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Oxigen\bin\Oxigen.exe
C:\Program Files\Oxigen\bin\OxiTray.exe
C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\taskmgr.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Virgin Media\HUB\ServicepointService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Virgin Media\HUB\VirginMediaHUBComHandler.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Michael Lunn\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.autocompletepro.com/?si=10205&bi=400
uSearch Page = hxxp://search.autocompletepro.com/?si=10205&bi=400
uSearch Bar = hxxp://search.autocompletepro.com/?si=10205&bi=400
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uDefault_Search_URL = hxxp://search.autocompletepro.com/?si=10205&bi=400
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\jtlgjjrk\radstjxx.exe
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: MSN Search Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\documents and settings\michael lunn\application data\mozilla\firefox\profiles\8ihyvxt4.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.87.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: MSN Search Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\michael lunn\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [<NO NAME>]
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [OxigenClientAdmin] "c:\program files\oxigen\bin\Oxigen.exe"
mRun: [OxigenTrayIcon] c:\program files\oxigen\bin\OxiTray.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [VirginMediaHUB.exe] "c:\program files\virgin media\hub\VirginMediaHUB.exe" /AUTORUN
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [jfokoeyc] c:\windows\temp\ndkgcffky\pdjinkluerb.exe
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &MSN Search - c:\program files\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD}
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\michae~1\applic~1\mozilla\firefox\profiles\8ihyvxt4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.autocompletepro.com?si=10205
FF - prefs.js: keyword.URL - hxxp://search.autocompletepro.com?si=10205&q=
FF - prefs.js: browser.search.selectedEngine - ACPro
FF - component: c:\documents and settings\michael lunn\application data\mozilla\firefox\profiles\8ihyvxt4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\michael lunn\application data\mozilla\firefox\profiles\8ihyvxt4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\documents and settings\michael lunn\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virgin media\hub\nprpspa.dll
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Googlebar Lite: {79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f} - %profile%\extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}
FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-3-7 239168]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-9 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-9 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-9 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-9 42184]
R2 ServicepointService;ServicepointService;c:\program files\virgin media\hub\ServicepointService.exe [2010-10-14 668912]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-9 136176]
S2 PDSched;PDScheduler;c:\program files\raxco\perfectdisk\PDSched.exe [2005-5-12 241731]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-3-7 16968]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
.
=============== Created Last 30 ================
.
2011-03-12 23:30:50 -------- d-----w- c:\program files\AutocompletePro
2011-03-12 23:24:58 -------- d-----w- c:\program files\GustoSoft
2011-03-12 23:13:01 -------- d-----w- c:\windows\FLV Player
2011-03-09 19:32:16 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-09 19:30:55 40648 ----a-w- c:\windows\avastSS.scr
2011-03-09 19:30:33 -------- d-----w- c:\program files\AVAST Software
2011-03-09 19:30:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
2011-03-09 16:56:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan
2011-03-09 15:34:08 -------- d-----w- c:\program files\Trend Micro
2011-03-08 13:23:54 -------- d-----w- c:\program files\Zone Labs
2011-03-08 12:59:07 -------- d-----w- c:\windows\Internet Logs
2011-03-08 11:51:42 -------- d-----w- c:\program files\jtlgjjrk
2011-03-07 23:34:40 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-03-07 23:34:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2011-03-07 16:21:42 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-03-07 16:21:42 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-03-07 16:20:46 -------- d-----w- c:\program files\common files\PC Tools
2011-03-07 16:20:45 -------- d-----w- c:\program files\PC Tools Security
2011-03-07 16:18:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-03-07 15:03:50 616 ---ha-w- C:\aaw7boot.cmd
2011-03-07 13:56:31 5943120 ------w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\updates\mpengine.dll
2011-03-06 20:25:10 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-05 21:46:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\RegInOut
2011-03-05 21:46:23 -------- d-----w- c:\windows\RegInOut System Utilities
2011-03-05 21:46:01 -------- d-----w- c:\program files\RegInOut
2011-03-01 17:03:02 -------- d-----w- c:\docume~1\michae~1\locals~1\applic~1\Spotify
2011-03-01 17:03:02 -------- d-----w- c:\docume~1\michae~1\applic~1\Spotify
2011-03-01 17:02:43 -------- d-----w- c:\program files\Spotify
.
==================== Find3M ====================
.
2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 23:59:32.78 ===============
 
The fourth is too long for one post. This is the first half:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 03/12/2005 21:54:45
System Uptime: 13/03/2011 23:37:19 (0 hours ago)
.
Motherboard: Dell Inc. | | 0WF351
Processor: Intel(R) Pentium(R) M processor 1.73GHz | Microprocessor | 795/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 31.967 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1212: 09/03/2011 16:17:04 - System Checkpoint
RP1213: 09/03/2011 17:34:09 - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP1214: 09/03/2011 17:35:57 - Removed J2SE Runtime Environment 5.0 Update 10
RP1215: 09/03/2011 17:49:26 - Removed Adobe Reader 7.0.9
RP1216: 09/03/2011 18:42:31 - Installed Adobe Reader X (10.0.1).
RP1217: 09/03/2011 19:30:33 - avast! Free Antivirus Setup
RP1218: 10/03/2011 19:36:08 - System Checkpoint
RP1219: 11/03/2011 20:45:38 - System Checkpoint
RP1220: 12/03/2011 19:31:17 - Software Distribution Service 3.0
RP1221: 13/03/2011 14:02:52 - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
944plc32
AAC Decoder
Ace DivX Player v2.1
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.2
ALPS Touch Pad Driver
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
ARTEuro
AutocompletePro
Autograph 3.20 (30-day)
AutoUpdate
avast! Free Antivirus
Bonjour
Broadcom Management Programs 2
CCleaner
Compatibility Pack for the 2007 Office system
Conexant D110 MDC V.9x Modem
Critical Update for Windows Media Player 11 (KB959772)
Defraggler (remove only)
Dell Driver Reset Tool
Dell Media Experience
Dell Photo AIO Printer 944
Dell Picture Studio v3.0
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DMX Update
FLV Player
FLV Player 1.3.3
Google Chrome
Google Earth
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
Internet Explorer Default Page
iPIX ActiveX Viewer
iPod for Windows 2005-09-23
iPod for Windows 2006-03-23
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java Auto Updater
Java(TM) 6 Update 22
Learn2 Player (Uninstall Only)
LimeWire 5.1.2
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft AutoRoute 2005
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
mIWA
mIWCA
MKV Splitter
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.6.15)
mPfMgr
mPfWiz
mProSafe
MSN
MSN Search Toolbar
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
mToolkit
mWlsSafe
mXML
MyWay Search Assistant
mZConfig
NetWaiting
Oxigen Client v5.00.0000
PerfectDisk
PHOTOfunSTUDIO -viewer-
PowerDVD 5.5
QuickSet
QuickTime
RealPlayer
RegInOut System Utilities
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Shockwave
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SopCast 1.0.1
Spotify
Spybot - Search & Destroy
Startup Delayer v2.5 (build 138)
Tiscali Internet
TOSHIBA Bluetooth Stack for Apache by CSR
TVAnts 1.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
Viewpoint Media Player
Virgin Media HUB 3.5.12
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.1
Wanadoo Europe Installer
WebFldrs XP
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888310
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
WinRAR archiver
Works Upgrade
Xvid 1.1.3 final uninstall
Z-Plot Premium 1.0
.
 
And the second half:

==== Event Viewer Messages From Past Week ========
.
13/03/2011 22:49:40, error: Service Control Manager [7034] - The ServicepointService service terminated unexpectedly. It has done this 1 time(s).
13/03/2011 22:49:40, error: Service Control Manager [7034] - The RegSrvc service terminated unexpectedly. It has done this 1 time(s).
13/03/2011 22:49:40, error: Service Control Manager [7034] - The PDEngine service terminated unexpectedly. It has done this 1 time(s).
13/03/2011 22:49:40, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).
13/03/2011 22:49:37, error: Service Control Manager [7034] - The WLANKEEPER service terminated unexpectedly. It has done this 1 time(s).
13/03/2011 22:49:37, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
13/03/2011 22:49:37, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
13/03/2011 22:49:37, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
13/03/2011 22:49:36, error: Service Control Manager [7034] - The Spectrum24 Event Monitor service terminated unexpectedly. It has done this 1 time(s).
13/03/2011 22:49:36, error: Service Control Manager [7034] - The EvtEng service terminated unexpectedly. It has done this 1 time(s).
13/03/2011 20:26:28, error: Service Control Manager [7034] - The SupportSoft Sprocket Service (dellsupportcenter) service terminated unexpectedly. It has done this 1 time(s).
13/03/2011 14:11:39, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Update for Microsoft Office Outlook 2003 (KB2449798).
13/03/2011 14:05:46, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for the 2007 Microsoft Office System (KB2344875).
13/03/2011 14:05:38, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for the 2007 Microsoft Office System (KB2345043).
13/03/2011 14:05:33, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2508974).
13/03/2011 14:05:18, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2003 (KB2289163).
12/03/2011 19:57:50, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Microsoft Office Outlook 2003 (KB2449798).
12/03/2011 19:57:50, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft Office 2007 System (KB2289158).
12/03/2011 19:38:54, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Security Update for Microsoft Office 2003 (KB2289163).
12/03/2011 19:38:54, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2508974).
12/03/2011 19:38:54, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for the 2007 Microsoft Office System (KB2345043).
12/03/2011 19:38:54, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for the 2007 Microsoft Office System (KB2344875).
12/03/2011 19:38:36, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for the 2007 Microsoft Office System (KB2284654).
12/03/2011 19:30:46, error: Service Control Manager [7022] - The PDEngine service hung on starting.
12/03/2011 19:30:46, error: Service Control Manager [7001] - The PDScheduler service depends on the PDEngine service which failed to start because of the following error: After starting, the service hung in a start-pending state.
09/03/2011 22:02:48, information: Windows File Protection [64004] - The protected system file wmplayer.exe could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
09/03/2011 22:02:48, information: Windows File Protection [64004] - The protected system file wmpband.dll could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
09/03/2011 22:02:48, information: Windows File Protection [64004] - The protected system file wabimp.dll could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
09/03/2011 22:02:48, information: Windows File Protection [64004] - The protected system file wab32.dll could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
09/03/2011 22:02:48, information: Windows File Protection [64004] - The protected system file vgx.dll could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
09/03/2011 22:02:48, information: Windows File Protection [64004] - The protected system file triedit.dll could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
09/03/2011 22:02:48, information: Windows File Protection [64004] - The protected system file setup_wm.exe could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
09/03/2011 22:02:48, information: Windows File Protection [64004] - The protected system file msoe.dll could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
09/03/2011 22:02:48, information: Windows File Protection [64004] - The protected system file msjro.dll could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
09/03/2011 22:02:48, information: Windows File Protection [64004] - The protected system file msadox.dll could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
09/03/2011 22:02:48, information: Windows File Protection [64004] - The protected system file msadomd.dll could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
09/03/2011 22:02:48, information: Windows File Protection [64004] - The protected system file msadco.dll could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
09/03/2011 22:02:48, information: Windows File Protection [64004] - The protected system file mpvis.dll could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
09/03/2011 22:02:48, information: Windows File Protection [64004] - The protected system file directdb.dll could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
09/03/2011 21:39:15, information: Windows File Protection [64004] - The protected system file npdsplay.dll could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
09/03/2011 18:02:02, error: ipnathlp [31008] - The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code.
09/03/2011 17:35:03, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
09/03/2011 17:32:25, information: Windows File Protection [64004] - The protected system file wab32res.dll could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
09/03/2011 17:32:25, information: Windows File Protection [64004] - The protected system file sqlxmlx.dll could not be restored to its original, valid version. The file version of the bad file is 2000.85.1117.0 The specific error code is 0xfffffdda.
09/03/2011 17:32:25, information: Windows File Protection [64004] - The protected system file msxactps.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
09/03/2011 17:32:25, information: Windows File Protection [64004] - The protected system file msdaurl.dll could not be restored to its original, valid version. The file version of the bad file is 9.2.1117.0 The specific error code is 0xfffffdda.
09/03/2011 17:32:25, information: Windows File Protection [64004] - The protected system file msdatt.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
09/03/2011 17:32:19, information: Windows File Protection [64004] - The protected system file msdasc.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
09/03/2011 17:32:19, information: Windows File Protection [64004] - The protected system file msdaps.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
09/03/2011 17:32:19, information: Windows File Protection [64004] - The protected system file msdaosp.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
09/03/2011 17:32:19, information: Windows File Protection [64004] - The protected system file msdaorar.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
09/03/2011 17:32:19, information: Windows File Protection [64004] - The protected system file msdaora.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
09/03/2011 17:32:19, information: Windows File Protection [64004] - The protected system file msdaer.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
09/03/2011 17:32:19, information: Windows File Protection [64004] - The protected system file msdaenum.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
09/03/2011 17:32:19, information: Windows File Protection [64004] - The protected system file msdadc.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
09/03/2011 17:32:10, information: Windows File Protection [64004] - The protected system file msdfmap.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
09/03/2011 17:32:10, information: Windows File Protection [64004] - The protected system file msdaremr.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
09/03/2011 17:32:10, information: Windows File Protection [64004] - The protected system file msdarem.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
09/03/2011 17:32:10, information: Windows File Protection [64004] - The protected system file msdaprst.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
09/03/2011 17:32:10, information: Windows File Protection [64004] - The protected system file msdaprsr.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
09/03/2011 17:32:10, information: Windows File Protection [64004] - The protected system file msadrh15.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
09/03/2011 17:32:10, information: Windows File Protection [64004] - The protected system file msador15.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
09/03/2011 17:32:10, information: Windows File Protection [64004] - The protected system file msader15.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
09/03/2011 17:32:10, information: Windows File Protection [64004] - The protected system file msaddsr.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
09/03/2011 17:32:10, information: Windows File Protection [64004] - The protected system file msadds.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
09/03/2011 17:32:10, information: Windows File Protection [64004] - The protected system file msadcs.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
09/03/2011 17:32:10, information: Windows File Protection [64004] - The protected system file msadcor.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
09/03/2011 17:32:10, information: Windows File Protection [64004] - The protected system file msadcfr.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
09/03/2011 17:32:10, information: Windows File Protection [64004] - The protected system file msadcf.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
09/03/2011 17:32:01, information: Windows File Protection [64004] - The protected system file spttseng.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.4111.0 The specific error code is 0xfffffdda.
09/03/2011 17:32:01, information: Windows File Protection [64004] - The protected system file spcommon.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.4111.0 The specific error code is 0xfffffdda.
09/03/2011 17:30:56, information: Windows File Protection [64004] - The protected system file wisc10.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.814.0 The specific error code is 0xfffffdda.
09/03/2011 17:30:56, information: Windows File Protection [64004] - The protected system file mssoapr.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.814.0 The specific error code is 0xfffffdda.
09/03/2011 17:30:56, information: Windows File Protection [64004] - The protected system file mssoap1.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.814.0 The specific error code is 0xfffffdda.
09/03/2011 17:30:41, information: Windows File Protection [64004] - The protected system file fp4autl.dll could not be restored to its original, valid version. The file version of the bad file is 4.0.2.7523 The specific error code is 0xfffffdda.
09/03/2011 17:29:53, information: Windows File Protection [64004] - The protected system file spcplui.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.4111.0 The specific error code is 0xfffffdda.
09/03/2011 17:29:53, information: Windows File Protection [64004] - The protected system file sapisvr.exe could not be restored to its original, valid version. The file version of the bad file is 5.1.4111.0 The specific error code is 0xfffffdda.
09/03/2011 17:29:53, information: Windows File Protection [64004] - The protected system file sapi.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.4111.0 The specific error code is 0xfffffdda.
09/03/2011 17:29:19, information: Windows File Protection [64004] - The protected system file msinfo32.exe could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.0 The specific error code is 0xfffffdda.
09/03/2011 17:28:27, information: Windows File Protection [64004] - The protected system file dao360.dll could not be restored to its original, valid version. The file version of the bad file is 3.60.9512.0 The specific error code is 0xfffffdda.
09/03/2011 16:28:28, error: ipnathlp [30005] - The DHCP allocator has detected a DHCP server with IP address 192.168.0.1 on the same network as the interface with IP address 192.168.0.4. The allocator has disabled itself on the interface in order to avoid confusing DHCP clients.
09/03/2011 15:28:17, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The system cannot find the file specified.
09/03/2011 15:28:17, error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The system cannot find the file specified.
09/03/2011 14:42:00, error: DCOM [10000] - Unable to start a DCOM Server: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}. The error: "%5" Happened while starting this command: C:\WINDOWS\system32\igfxsrvc.exe -Embedding
08/03/2011 11:50:44, error: Service Control Manager [7024] - The Hitman Pro 3.5 Crusader (Boot) service terminated with service-specific error 0 (0x0).
08/03/2011 11:21:47, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
08/03/2011 00:10:03, error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 3 time(s).
08/03/2011 00:06:10, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
07/03/2011 23:58:42, information: Windows File Protection [64004] - The protected system file wordpad.exe could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.3355 The specific error code is 0xfffffdda.
07/03/2011 23:58:17, information: Windows File Protection [64004] - The protected system file moviemk.exe could not be restored to its original, valid version. The file version of the bad file is 2.1.4027.0 The specific error code is 0xfffffdda.
07/03/2011 23:57:50, information: Windows File Protection [64004] - The protected system file iedw.exe could not be restored to its original, valid version. The file version of the bad file is 7.0.5730.11 The specific error code is 0xfffffdda.
07/03/2011 23:57:50, information: Windows File Protection [64004] - The protected system file hmmapi.dll could not be restored to its original, valid version. The file version of the bad file is 8.0.6001.18702 The specific error code is 0xfffffdda.
07/03/2011 23:15:10, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Installer service to connect.
07/03/2011 23:15:10, error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07/03/2011 23:15:10, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
07/03/2011 23:14:11, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
07/03/2011 23:14:11, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07/03/2011 23:12:41, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
07/03/2011 23:12:41, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SPService service to connect.
07/03/2011 23:12:41, error: Service Control Manager [7000] - The SPService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07/03/2011 21:48:49, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
07/03/2011 21:48:49, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07/03/2011 21:48:49, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
07/03/2011 20:05:52, information: Windows File Protection [64004] - The protected system file wabmig.exe could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
07/03/2011 20:05:52, information: Windows File Protection [64004] - The protected system file wabfind.dll could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
07/03/2011 20:05:52, information: Windows File Protection [64004] - The protected system file wab.exe could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
07/03/2011 20:05:52, information: Windows File Protection [64004] - The protected system file setup50.exe could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
07/03/2011 20:05:52, information: Windows File Protection [64004] - The protected system file oemiglib.dll could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
07/03/2011 20:05:52, information: Windows File Protection [64004] - The protected system file oemig50.exe could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
07/03/2011 20:05:52, information: Windows File Protection [64004] - The protected system file oeimport.dll could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
07/03/2011 20:05:52, information: Windows File Protection [64004] - The protected system file msoeres.dll could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
07/03/2011 20:05:52, information: Windows File Protection [64004] - The protected system file msimn.exe could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
07/03/2011 20:05:43, information: Windows File Protection [64004] - The protected system file wb32.exe could not be restored to its original, valid version. The file version of the bad file is 4.4.0.3400 The specific error code is 0xfffffdda.
07/03/2011 20:05:43, information: Windows File Protection [64004] - The protected system file rrcm.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
07/03/2011 20:05:43, information: Windows File Protection [64004] - The protected system file nmwb.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
07/03/2011 20:05:43, information: Windows File Protection [64004] - The protected system file nmoldwb.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
07/03/2011 20:05:43, information: Windows File Protection [64004] - The protected system file nmft.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
07/03/2011 20:05:43, information: Windows File Protection [64004] - The protected system file nmcom.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
07/03/2011 20:05:43, information: Windows File Protection [64004] - The protected system file nmchat.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
07/03/2011 20:05:43, information: Windows File Protection [64004] - The protected system file nmasnt.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
07/03/2011 20:05:43, information: Windows File Protection [64004] - The protected system file nmas.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
07/03/2011 20:05:43, information: Windows File Protection [64004] - The protected system file nac.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
07/03/2011 20:05:43, information: Windows File Protection [64004] - The protected system file mst123.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
07/03/2011 20:05:41, information: Windows File Protection [64004] - The protected system file mst120.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
07/03/2011 20:05:41, information: Windows File Protection [64004] - The protected system file h323cc.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
07/03/2011 20:05:41, information: Windows File Protection [64004] - The protected system file dcap32.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
07/03/2011 20:05:41, information: Windows File Protection [64004] - The protected system file confmrsl.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
07/03/2011 20:05:41, information: Windows File Protection [64004] - The protected system file conf.exe could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
07/03/2011 20:05:41, information: Windows File Protection [64004] - The protected system file cb32.exe could not be restored to its original, valid version. The file version of the bad file is 4.4.0.3400 The specific error code is 0xfffffdda.
07/03/2011 20:05:41, information: Windows File Protection [64004] - The protected system file callcont.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
07/03/2011 20:04:34, information: Windows File Protection [64004] - The protected system file zonelibm.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
07/03/2011 20:04:34, information: Windows File Protection [64004] - The protected system file zoneclim.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
07/03/2011 20:04:34, information: Windows File Protection [64004] - The protected system file znetm.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
07/03/2011 20:04:34, information: Windows File Protection [64004] - The protected system file zeeverm.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.629.1 The specific error code is 0xfffffdda.
07/03/2011 20:04:34, information: Windows File Protection [64004] - The protected system file zcorem.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
07/03/2011 20:04:34, information: Windows File Protection [64004] - The protected system file zclientm.exe could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
07/03/2011 20:04:34, information: Windows File Protection [64004] - The protected system file uniansi.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
07/03/2011 20:04:34, information: Windows File Protection [64004] - The protected system file shvlzm.exe could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
07/03/2011 20:04:34, information: Windows File Protection [64004] - The protected system file shvlres.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
07/03/2011 20:04:34, information: Windows File Protection [64004] - The protected system file shvl.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
07/03/2011 20:04:34, information: Windows File Protection [64004] - The protected system file rvsezm.exe could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
07/03/2011 20:04:34, information: Windows File Protection [64004] - The protected system file rvseres.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
07/03/2011 20:04:26, information: Windows File Protection [64004] - The protected system file rvse.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
07/03/2011 20:04:26, information: Windows File Protection [64004] - The protected system file hrtzzm.exe could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
07/03/2011 20:04:26, information: Windows File Protection [64004] - The protected system file hrtzres.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
07/03/2011 20:04:25, information: Windows File Protection [64004] - The protected system file hrtz.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
07/03/2011 20:04:25, information: Windows File Protection [64004] - The protected system file cmnresm.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
07/03/2011 20:04:25, information: Windows File Protection [64004] - The protected system file cmnclim.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.629.1 The specific error code is 0xfffffdda.
07/03/2011 20:04:25, information: Windows File Protection [64004] - The protected system file chkrzm.exe could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
07/03/2011 20:04:24, information: Windows File Protection [64004] - The protected system file chkrres.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
07/03/2011 20:04:24, information: Windows File Protection [64004] - The protected system file chkr.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
07/03/2011 20:04:24, information: Windows File Protection [64004] - The protected system file bckgzm.exe could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
07/03/2011 20:04:23, information: Windows File Protection [64004] - The protected system file bckgres.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
07/03/2011 20:04:21, information: Windows File Protection [64004] - The protected system file bckg.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
07/03/2011 20:03:10, information: Windows File Protection [64004] - The protected system file wmm2res2.dll could not be restored to its original, valid version. The file version of the bad file is 2.1.4026.0 The specific error code is 0xfffffdda.
07/03/2011 20:03:10, information: Windows File Protection [64004] - The protected system file wmm2res.dll could not be restored to its original, valid version. The file version of the bad file is 2.1.4026.0 The specific error code is 0xfffffdda.
07/03/2011 20:03:10, information: Windows File Protection [64004] - The protected system file wmm2fxb.dll could not be restored to its original, valid version. The file version of the bad file is 2.1.4026.0 The specific error code is 0xfffffdda.
07/03/2011 20:03:10, information: Windows File Protection [64004] - The protected system file wmm2fxa.dll could not be restored to its original, valid version. The file version of the bad file is 2.1.4026.0 The specific error code is 0xfffffdda.
07/03/2011 20:03:10, information: Windows File Protection [64004] - The protected system file wmm2filt.dll could not be restored to its original, valid version. The file version of the bad file is 2.1.4026.0 The specific error code is 0xfffffdda.
07/03/2011 20:03:10, information: Windows File Protection [64004] - The protected system file wmm2ext.dll could not be restored to its original, valid version. The file version of the bad file is 2.1.4026.0 The specific error code is 0xfffffdda.
07/03/2011 20:03:10, information: Windows File Protection [64004] - The protected system file wmm2eres.dll could not be restored to its original, valid version. The file version of the bad file is 2.1.4026.0 The specific error code is 0xfffffdda.
07/03/2011 20:03:10, information: Windows File Protection [64004] - The protected system file wmm2ae.dll could not be restored to its original, valid version. The file version of the bad file is 2.1.4026.0 The specific error code is 0xfffffdda.
07/03/2011 19:36:32, information: Windows File Protection [64004] - The protected system file iexplore.exe could not be restored to its original, valid version. The file version of the bad file is 8.0.6001.18702 The specific error code is 0xfffffdda.
07/03/2011 19:36:31, information: Windows File Protection [64004] - The protected system file trialoc.dll could not be restored to its original, valid version. The file version of the bad file is 6.0.2600.0 The specific error code is 0xfffffdda.
07/03/2011 19:36:31, information: Windows File Protection [64004] - The protected system file isignup.exe could not be restored to its original, valid version. The file version of the bad file is 6.0.2600.0 The specific error code is 0xfffffdda.
07/03/2011 19:36:31, information: Windows File Protection [64004] - The protected system file inetwiz.exe could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
07/03/2011 19:36:31, information: Windows File Protection [64004] - The protected system file icwutil.dll could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
07/03/2011 19:36:31, information: Windows File Protection [64004] - The protected system file icwtutor.exe could not be restored to its original, valid version. The file version of the bad file is 6.0.2600.0 The specific error code is 0xfffffdda.
07/03/2011 19:36:31, information: Windows File Protection [64004] - The protected system file icwrmind.exe could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
07/03/2011 19:36:31, information: Windows File Protection [64004] - The protected system file icwres.dll could not be restored to its original, valid version. The file version of the bad file is 6.0.2600.0 The specific error code is 0xfffffdda.
07/03/2011 19:36:31, information: Windows File Protection [64004] - The protected system file icwhelp.dll could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
07/03/2011 19:36:31, information: Windows File Protection [64004] - The protected system file icwdl.dll could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
07/03/2011 19:36:31, information: Windows File Protection [64004] - The protected system file icwconn2.exe could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
07/03/2011 19:36:31, information: Windows File Protection [64004] - The protected system file icwconn1.exe could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
07/03/2011 19:36:31, information: Windows File Protection [64004] - The protected system file icwconn.dll could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
07/03/2011 16:55:59, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
07/03/2011 16:33:02, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07/03/2011 16:33:01, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service service to connect.
07/03/2011 15:46:09, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
07/03/2011 15:46:09, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07/03/2011 15:03:36, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
07/03/2011 14:32:56, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
07/03/2011 14:29:45, error: ipnathlp [30009] - The DHCP allocator encountered a network error while attempting to reply on IP address 172.48.70.102 to a request from a client. The data is the error code.
07/03/2011 13:29:35, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\SHELL32.dll. Reference error message: The operation completed successfully. .
07/03/2011 13:29:34, error: SideBySide [58] - Syntax error in manifest or policy file "C:\WINDOWS\system32\SHELL32.dll" on line 0.
06/03/2011 23:26:58, information: Windows File Protection [64004] - The protected system file wmpns.dll could not be restored to its original, valid version. The file version of the bad file is 9.0.0.3250 The specific error code is 0xfffffdda.
06/03/2011 23:26:58, information: Windows File Protection [64004] - The protected system file pinball.exe could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
06/03/2011 23:26:58, information: Windows File Protection [64004] - The protected system file htrn_jis.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.0 The specific error code is 0xfffffdda.
06/03/2011 23:26:58, information: Windows File Protection [64004] - The protected system file dialer.exe could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
06/03/2011 23:26:53, information: Windows File Protection [64004] - The protected system file npwmsdrm.dll could not be restored to its original, valid version. The file version of the bad file is 9.0.0.3250 The specific error code is 0xfffffdda.
06/03/2011 23:26:53, information: Windows File Protection [64004] - The protected system file npdrmv2.dll could not be restored to its original, valid version. The file version of the bad file is 9.0.0.3250 The specific error code is 0xfffffdda.
06/03/2011 23:26:53, information: Windows File Protection [64004] - The protected system file mplayer2.exe could not be restored to its original, valid version. The file version of the bad file is 6.4.9.1125 The specific error code is 0xfffffdda.
06/03/2011 23:26:53, information: Windows File Protection [64004] - The protected system file migrate.exe could not be restored to its original, valid version. The file version of the bad file is 9.0.0.3250 The specific error code is 0xfffffdda.
06/03/2011 23:26:53, information: Windows File Protection [64004] - The protected system file custsat.dll could not be restored to its original, valid version. The file version of the bad file is 9.0.2600.2180 The specific error code is 0xfffffdda.
06/03/2011 22:59:02, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
.
==== End Of File ===========================
 
Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 150):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806CE000 \WINDOWS\system32\hal.dll
0xF8972000 \WINDOWS\system32\KDCOM.DLL
0xF8882000 \WINDOWS\system32\BOOTVID.dll
0xF8343000 ACPI.sys
0xF8974000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8332000 pci.sys
0xF8472000 isapnp.sys
0xF8312000 fltMgr.sys
0xF8886000 compbatt.sys
0xF888A000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF8A3A000 pciide.sys
0xF86F2000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8976000 intelide.sys
0xF82F4000 pcmcia.sys
0xF8482000 MountMgr.sys
0xF82D5000 ftdisk.sys
0xF86FA000 PartMgr.sys
0xF8492000 VolSnap.sys
0xF82BD000 atapi.sys
0xF84A2000 disk.sys
0xF84B2000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF82AB000 sr.sys
0xF826E000 PCTCore.sys
0xF8258000 drvmcdb.sys
0xF84C2000 PxHelp20.sys
0xF8241000 KSecDD.sys
0xF84D2000 Defrag32b.sys
0xF81B4000 Ntfs.sys
0xF8187000 NDIS.sys
0xF84E2000 ohci1394.sys
0xF84F2000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF816C000 Mup.sys
0xF8512000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF8622000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF8133000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7460000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF744C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF8712000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7429000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF871A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF8662000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF7418000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF7108000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xF70C5000 \SystemRoot\system32\drivers\STAC97.sys
0xF70A1000 \SystemRoot\system32\drivers\portcls.sys
0xF8672000 \SystemRoot\system32\drivers\drmk.sys
0xF707E000 \SystemRoot\system32\drivers\ks.sys
0xF704D000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF6F4E000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6EA6000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF8722000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8682000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF6E8C000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF872A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8732000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8692000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF873A000 \SystemRoot\system32\drivers\Afc.sys
0xF8742000 \SystemRoot\system32\drivers\pfc.sys
0xF89C0000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF86D2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF86A2000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF86B2000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF86C2000 \SystemRoot\System32\Drivers\tosrfcom.sys
0xF6E4F000 \SystemRoot\system32\DRIVERS\iwca.sys
0xF8A95000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF86E2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8123000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6E38000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7A5A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7A4A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF874A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6E27000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7A3A000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8752000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF875A000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7A2A000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF89C2000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6DCE000 \SystemRoot\system32\DRIVERS\update.sys
0xF811B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8762000 \SystemRoot\system32\DRIVERS\omci.sys
0xF7A1A000 \SystemRoot\system32\DRIVERS\tosporte.sys
0xF7A0A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF79EA000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF89DA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF89F4000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF89F6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8A8E000 \SystemRoot\System32\Drivers\Null.SYS
0xF89F8000 \SystemRoot\System32\Drivers\Beep.SYS
0xF878A000 \SystemRoot\system32\drivers\ssrtln.sys
0xF8792000 \SystemRoot\System32\drivers\vga.sys
0xF89FA000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF89FC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF879A000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF87A2000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF892E000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA765000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA70D000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF79DA000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAA6EC000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAA6C4000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF87AA000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xAA6A2000 \SystemRoot\System32\drivers\afd.sys
0xF79CA000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA5D7000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA568000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8532000 \SystemRoot\System32\Drivers\Fips.SYS
0xAA4F8000 \SystemRoot\System32\Drivers\aswSP.SYS
0xAA49A000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xF896E000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xF87C2000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF8572000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAA45A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8986000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xF8592000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF85A2000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA540000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8832000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8A44000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF041000 \SystemRoot\System32\ialmdev5.DLL
0xBF075000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAA54C000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xAA632000 \SystemRoot\system32\drivers\drvnddm.sys
0xF8B15000 \SystemRoot\system32\dla\tfsndres.sys
0xAA304000 \SystemRoot\system32\dla\tfsnifs.sys
0xF889E000 \SystemRoot\system32\dla\tfsnopio.sys
0xF89F2000 \SystemRoot\system32\dla\tfsnpool.sys
0xF887A000 \SystemRoot\system32\dla\tfsnboio.sys
0xAA622000 \SystemRoot\system32\dla\tfsncofs.sys
0xF8B1F000 \SystemRoot\system32\dla\tfsndrct.sys
0xAA2EB000 \SystemRoot\system32\dla\tfsnudf.sys
0xAA2D2000 \SystemRoot\system32\dla\tfsnudfa.sys
0xAA31A000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xAA48E000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xAA2AA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAA0B3000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA992F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA991A000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9E33000 \SystemRoot\system32\drivers\sysaudio.sys
0xF89B8000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xA95C5000 \SystemRoot\system32\DRIVERS\srv.sys
0xA970C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA96B4000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xA91C1000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 56):
0 System Idle Process
4 System
580 C:\WINDOWS\system32\smss.exe
996 csrss.exe
1020 C:\WINDOWS\system32\winlogon.exe
1064 C:\WINDOWS\system32\services.exe
1076 C:\WINDOWS\system32\lsass.exe
1232 C:\WINDOWS\system32\svchost.exe
1328 svchost.exe
1392 C:\WINDOWS\system32\svchost.exe
1444 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1500 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1524 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
1604 svchost.exe
1692 svchost.exe
212 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
828 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
1596 C:\WINDOWS\explorer.exe
1776 C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
736 C:\WINDOWS\system32\hkcmd.exe
748 C:\WINDOWS\system32\igfxpers.exe
756 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
764 C:\Program Files\Dell\QuickSet\quickset.exe
776 C:\WINDOWS\system32\dla\tfswctrl.exe
792 C:\Program Files\Oxigen\bin\Oxigen.exe
800 C:\Program Files\Oxigen\bin\OxiTray.exe
788 C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe
852 C:\Program Files\AVAST Software\Avast\AvastUI.exe
864 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
884 C:\WINDOWS\system32\igfxsrvc.exe
928 C:\WINDOWS\system32\ctfmon.exe
420 C:\Program Files\Digital Line Detect\DLG.exe
640 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
712 C:\Program Files\Dell Support Center\gs_agent\dsc.exe
2136 svchost.exe
2544 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
2896 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
2920 C:\Program Files\Bonjour\mDNSResponder.exe
2936 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
2968 C:\WINDOWS\system32\cisvc.exe
3292 C:\Program Files\Java\jre6\bin\jqs.exe
3388 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
2632 C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
2720 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2956 C:\Program Files\Virgin Media\HUB\ServicepointService.exe
3040 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
3596 wmiprvse.exe
3456 C:\WINDOWS\system32\wuauclt.exe
3076 wmiprvse.exe
1628 alg.exe
1848 C:\WINDOWS\system32\svchost.exe
2424 C:\Program Files\Virgin Media\HUB\VirginMediaHUBComHandler.exe
2252 C:\WINDOWS\system32\taskmgr.exe
940 C:\WINDOWS\system32\mshta.exe
1872 C:\WINDOWS\system32\wscntfy.exe
2204 C:\Documents and Settings\Michael Lunn\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`065f9a00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800VE-75HDT1, Rev: 11.07D11

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 79BCE648F143823706869D592F56B05B3E4D6E83


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
ComboFix 11-03-13.01 - Michael Lunn 14/03/2011 11:33:47.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.503.210 [GMT 0:00]
Running from: c:\documents and settings\Michael Lunn\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AutocompletePro
c:\program files\AutocompletePro\64\AutocompletePro64.dll
c:\program files\AutocompletePro\AutocompletePro.dll
c:\program files\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files\AutocompletePro\ChromeSetSearchInBrowser.exe
c:\program files\AutocompletePro\FireFoxExtension.exe
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files\AutocompletePro\support@predictad.com\install.rdf
c:\program files\AutocompletePro\unins000.dat
c:\program files\AutocompletePro\unins000.exe
c:\program files\TVAnts\UNWISE.EXE
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_USNJSVC
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-02-14 to 2011-03-14 )))))))))))))))))))))))))))))))
.
.
2011-03-12 23:24 . 2011-03-12 23:24 -------- d-----w- c:\program files\GustoSoft
2011-03-12 23:13 . 2011-03-12 23:13 -------- d-----w- c:\program files\FLV Player
2011-03-12 23:13 . 2011-03-12 23:13 -------- d-----w- c:\windows\FLV Player
2011-03-09 19:32 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-09 19:32 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-09 19:32 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-09 19:32 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-09 19:32 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-09 19:32 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-03-09 19:32 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-03-09 19:32 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-03-09 19:30 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-09 19:30 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-09 19:30 . 2011-03-09 19:30 -------- d-----w- c:\program files\AVAST Software
2011-03-09 19:30 . 2011-03-09 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-03-09 18:08 . 2011-03-09 18:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-03-09 16:56 . 2011-03-09 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2011-03-09 15:34 . 2011-03-09 15:34 -------- d-----w- c:\program files\Trend Micro
2011-03-08 13:23 . 2011-03-08 13:23 -------- d-----w- c:\program files\Zone Labs
2011-03-08 12:59 . 2011-03-08 13:23 -------- d-----w- c:\windows\Internet Logs
2011-03-08 11:51 . 2011-03-09 22:57 -------- d-----w- c:\program files\jtlgjjrk
2011-03-07 23:34 . 2011-03-08 11:50 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-03-07 23:34 . 2011-03-07 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-03-07 16:21 . 2010-12-10 16:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-03-07 16:21 . 2010-12-10 13:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-03-07 16:20 . 2011-03-07 18:00 -------- d-----w- c:\program files\Common Files\PC Tools
2011-03-07 16:20 . 2011-03-07 18:00 -------- d-----w- c:\program files\PC Tools Security
2011-03-07 16:18 . 2011-03-07 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-03-07 15:03 . 2011-03-07 15:05 616 ---ha-w- C:\aaw7boot.cmd
2011-03-07 13:56 . 2011-02-23 09:35 5943120 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2011-03-06 20:25 . 2011-03-06 20:25 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-05 21:46 . 2011-03-05 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\RegInOut
2011-03-05 21:46 . 2011-03-05 21:46 -------- d-----w- c:\windows\RegInOut System Utilities
2011-03-05 21:46 . 2011-03-05 21:46 -------- d-----w- c:\program files\RegInOut
2011-03-05 19:24 . 2011-03-05 19:55 -------- d-----w- c:\documents and settings\Administrator
2011-03-01 17:03 . 2011-03-11 22:02 -------- d-----w- c:\documents and settings\Michael Lunn\Local Settings\Application Data\Spotify
2011-03-01 17:03 . 2011-03-02 16:47 -------- d-----w- c:\documents and settings\Michael Lunn\Application Data\Spotify
2011-03-01 17:02 . 2011-03-01 17:02 -------- d-----w- c:\program files\Spotify
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 17:11 . 2009-10-04 15:46 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-20 18:09 . 2009-06-18 12:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2009-06-18 12:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
------- Sigcheck -------
.
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
[7] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
.
c:\windows\System32\spoolsv.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Michael Lunn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-17 136176]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2011-03-07 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2011-03-07 684032]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"OxigenClientAdmin"="c:\program files\Oxigen\bin\Oxigen.exe" [2007-06-23 887264]
"OxigenTrayIcon"="c:\program files\Oxigen\bin\OxiTray.exe" [2007-06-23 557536]
"VirginMediaHUB.exe"="c:\program files\Virgin Media\HUB\VirginMediaHUB.exe" [2009-12-14 4277488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-11-24 24576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 ------w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 11:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2008-08-13 18:32 206064 ------w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 09:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-06-05 12:39 292136 ------w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-06-13 19:02 198160 ------w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Virgin Media\\HUB\\ServicepointService.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17140:TCP"= 17140:TCP:spport
"22557:TCP"= 22557:TCP:spport
"20686:TCP"= 20686:TCP:spport
"25278:TCP"= 25278:TCP:spport
"16053:TCP"= 16053:TCP:spport
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [07/03/2011 16:21 239168]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [09/03/2011 19:32 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [09/03/2011 19:32 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09/03/2011 19:32 19544]
R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\HUB\ServicepointService.exe [14/10/2010 14:13 668912]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [09/03/2011 18:03 136176]
S2 PDSched;PDScheduler;c:\program files\Raxco\PerfectDisk\PDSched.exe [12/05/2005 12:43 241731]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [07/03/2011 23:34 16968]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-09 18:03]
.
2011-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-09 18:03]
.
2011-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1825243142-2624455098-1337660762-1007Core.job
- c:\documents and settings\Michael Lunn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-17 13:03]
.
2011-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1825243142-2624455098-1337660762-1007UA.job
- c:\documents and settings\Michael Lunn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-17 13:03]
.
2011-03-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
2011-03-05 c:\windows\Tasks\RegInOut Scheduled Scan - Michael Lunn.job
- c:\program files\RegInOut\RegInOut.exe [2011-02-07 21:24]
.
2011-03-14 c:\windows\Tasks\User_Feed_Synchronization-{F7660274-59D4-4984-95B2-D388BFC36B20}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.autocompletepro.com/?si=10205&bi=400
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uDefault_Search_URL = hxxp://search.autocompletepro.com/?si=10205&bi=400
IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Michael Lunn\Application Data\Mozilla\Firefox\Profiles\8ihyvxt4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.autocompletepro.com?si=10205
FF - prefs.js: keyword.URL - hxxp://search.autocompletepro.com?si=10205&q=
FF - prefs.js: browser.search.selectedEngine - ACPro
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Googlebar Lite: {79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f} - %profile%\extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}
FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
SafeBoot-WinDefend
MSConfigStartUp-Apoint - c:\program files\Apoint\Apoint.exe
AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe
AddRemove-CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1 - c:\program files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE
AddRemove-InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} - c:\program files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
AddRemove-InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756} - c:\program files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
AddRemove-InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} - c:\program files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
AddRemove-Money2005b - c:\program files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe
AddRemove-MSNINST - c:\program files\MSN\MsnInstaller\msninst.exe
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe
AddRemove-StreetPlugin - c:\program files\Learn2.com\StRunner\stuninst.exe
AddRemove-TVAnts 1.0 - c:\progra~1\TVAnts\UNWISE.EXE
AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe
AddRemove-Windows Media Format Runtime - c:\program files\Windows Media Player\wmsetsdk.exe
AddRemove-Windows Media Player - c:\program files\Windows Media Player\Setup_wm.exe
AddRemove-WinRAR archiver - c:\program files\WinRAR\uninstall.exe
AddRemove-Works2005Setup - c:\program files\Microsoft Works Suite 2005\Setup\Launcher.exe
AddRemove-{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD} - c:\program files\Apoint\Uninstap.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-14 11:51
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1020)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
- - - - - - - > 'explorer.exe'(248)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Dell Support Center\gs_agent\dsc.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-03-14 11:57:28 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-14 11:57
.
Pre-Run: 34,198,654,976 bytes free
Post-Run: 34,166,603,776 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 42DD8F4A400D017C0ACB54F8165C03F2
 
Uninstall RegInOut System Utilities.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


=======================================================================

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
FCopy::
c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe | c:\windows\System32\spoolsv.exe

Folder::
c:\program files\jtlgjjrk


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 11-03-13.01 - Michael Lunn 15/03/2011 20:15:10.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.503.219 [GMT 0:00]
Running from: c:\documents and settings\Michael Lunn\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Michael Lunn\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\jtlgjjrk
.
.
--------------- FCopy ---------------
.
c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe --> c:\windows\System32\spoolsv.exe
.
((((((((((((((((((((((((( Files Created from 2011-02-15 to 2011-03-15 )))))))))))))))))))))))))))))))
.
.
2011-03-15 20:15 . 2005-06-11 00:17 57856 ----a-w- c:\windows\system32\spoolsv.exe
2011-03-15 20:15 . 2005-06-11 00:17 57856 ----a-w- c:\windows\system32\dllcache\spoolsv.exe
2011-03-12 23:24 . 2011-03-12 23:24 -------- d-----w- c:\program files\GustoSoft
2011-03-12 23:13 . 2011-03-12 23:13 -------- d-----w- c:\program files\FLV Player
2011-03-12 23:13 . 2011-03-12 23:13 -------- d-----w- c:\windows\FLV Player
2011-03-09 19:32 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-09 19:32 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-09 19:32 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-09 19:32 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-09 19:32 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-09 19:32 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-03-09 19:32 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-03-09 19:32 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-03-09 19:30 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-09 19:30 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-09 19:30 . 2011-03-09 19:30 -------- d-----w- c:\program files\AVAST Software
2011-03-09 19:30 . 2011-03-09 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-03-09 18:08 . 2011-03-09 18:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-03-09 16:56 . 2011-03-09 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2011-03-09 15:34 . 2011-03-09 15:34 -------- d-----w- c:\program files\Trend Micro
2011-03-08 13:23 . 2011-03-08 13:23 -------- d-----w- c:\program files\Zone Labs
2011-03-08 12:59 . 2011-03-08 13:23 -------- d-----w- c:\windows\Internet Logs
2011-03-07 23:34 . 2011-03-08 11:50 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-03-07 23:34 . 2011-03-07 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-03-07 16:21 . 2010-12-10 16:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-03-07 16:21 . 2010-12-10 13:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-03-07 16:20 . 2011-03-07 18:00 -------- d-----w- c:\program files\Common Files\PC Tools
2011-03-07 16:20 . 2011-03-07 18:00 -------- d-----w- c:\program files\PC Tools Security
2011-03-07 16:18 . 2011-03-07 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-03-07 15:03 . 2011-03-07 15:05 616 ---ha-w- C:\aaw7boot.cmd
2011-03-07 13:56 . 2011-02-23 09:35 5943120 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2011-03-06 20:25 . 2011-03-06 20:25 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-05 21:46 . 2011-03-05 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\RegInOut
2011-03-05 21:46 . 2011-03-05 21:46 -------- d-----w- c:\windows\RegInOut System Utilities
2011-03-05 19:24 . 2011-03-05 19:55 -------- d-----w- c:\documents and settings\Administrator
2011-03-01 17:03 . 2011-03-11 22:02 -------- d-----w- c:\documents and settings\Michael Lunn\Local Settings\Application Data\Spotify
2011-03-01 17:03 . 2011-03-02 16:47 -------- d-----w- c:\documents and settings\Michael Lunn\Application Data\Spotify
2011-03-01 17:02 . 2011-03-01 17:02 -------- d-----w- c:\program files\Spotify
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 17:11 . 2009-10-04 15:46 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-20 18:09 . 2009-06-18 12:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2009-06-18 12:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Michael Lunn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-17 136176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2011-03-07 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2011-03-07 684032]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"OxigenClientAdmin"="c:\program files\Oxigen\bin\Oxigen.exe" [2007-06-23 887264]
"OxigenTrayIcon"="c:\program files\Oxigen\bin\OxiTray.exe" [2007-06-23 557536]
"VirginMediaHUB.exe"="c:\program files\Virgin Media\HUB\VirginMediaHUB.exe" [2009-12-14 4277488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-11-24 24576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 ------w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 11:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2008-08-13 18:32 206064 ------w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 09:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-06-05 12:39 292136 ------w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-06-13 19:02 198160 ------w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Virgin Media\\HUB\\ServicepointService.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17140:TCP"= 17140:TCP:spport
"22557:TCP"= 22557:TCP:spport
"20686:TCP"= 20686:TCP:spport
"25278:TCP"= 25278:TCP:spport
"16053:TCP"= 16053:TCP:spport
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [07/03/2011 16:21 239168]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [09/03/2011 19:32 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [09/03/2011 19:32 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09/03/2011 19:32 19544]
R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\HUB\ServicepointService.exe [14/10/2010 14:13 668912]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [09/03/2011 18:03 136176]
S2 PDSched;PDScheduler;c:\program files\Raxco\PerfectDisk\PDSched.exe [12/05/2005 12:43 241731]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [07/03/2011 23:34 16968]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-09 18:03]
.
2011-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-09 18:03]
.
2011-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1825243142-2624455098-1337660762-1007Core.job
- c:\documents and settings\Michael Lunn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-17 13:03]
.
2011-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1825243142-2624455098-1337660762-1007UA.job
- c:\documents and settings\Michael Lunn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-17 13:03]
.
2011-03-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
2011-03-15 c:\windows\Tasks\User_Feed_Synchronization-{F7660274-59D4-4984-95B2-D388BFC36B20}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.autocompletepro.com/?si=10205&bi=400
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uDefault_Search_URL = hxxp://search.autocompletepro.com/?si=10205&bi=400
IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Michael Lunn\Application Data\Mozilla\Firefox\Profiles\8ihyvxt4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - ACPro
FF - prefs.js: browser.startup.homepage - hxxp://search.autocompletepro.com?si=10205
FF - prefs.js: keyword.URL - hxxp://search.autocompletepro.com?si=10205&q=
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Googlebar Lite: {79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f} - %profile%\extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}
FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-15 20:28
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1024)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
- - - - - - - > 'explorer.exe'(3744)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-03-15 20:33:34
ComboFix-quarantined-files.txt 2011-03-15 20:33
ComboFix2.txt 2011-03-14 11:57
.
Pre-Run: 33,604,444,160 bytes free
Post-Run: 33,589,784,576 bytes free
.
- - End Of File - - 0997783177E5DAD30DFE2633E9ADA9A0
 
How is computer doing?
Click to expand...

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Google is no longer redirecting and computer seems to be behaving normally.

First part of OTL.txt:

OTL logfile created on: 15/03/2011 22:20:06 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Michael Lunn\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

503.00 Mb Total Physical Memory | 255.00 Mb Available Physical Memory | 51.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.77 Gb Total Space | 31.17 Gb Free Space | 44.04% Space Free | Partition Type: NTFS

Computer Name: DAYNE2 | User Name: Michael Lunn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/15 22:15:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael Lunn\Desktop\OTL.exe
PRC - [2011/03/07 15:04:11 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2011/03/07 15:04:02 | 000,684,032 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2011/03/07 15:03:50 | 000,450,560 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2011/03/07 15:03:44 | 000,253,952 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2011/03/07 15:03:33 | 000,479,232 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2011/02/23 15:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 15:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/12/14 10:26:02 | 000,668,912 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\HUB\ServicepointService.exe
PRC - [2009/12/14 10:25:56 | 004,277,488 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe
PRC - [2009/12/14 10:25:56 | 000,468,208 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\HUB\VirginMediaHUBComHandler.exe
PRC - [2008/08/13 18:32:46 | 001,017,648 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2008/08/13 18:32:40 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/06/23 02:04:52 | 000,557,536 | ---- | M] () -- C:\Program Files\Oxigen\bin\OxiTray.exe
PRC - [2007/06/23 02:01:36 | 000,887,264 | ---- | M] () -- C:\Program Files\Oxigen\bin\Oxigen.exe
PRC - [2007/06/13 10:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/09/07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2004/09/07 16:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/09/07 16:03:40 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe


========== Modules (SafeList) ==========

MOD - [2011/03/15 22:15:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael Lunn\Desktop\OTL.exe
MOD - [2011/03/07 15:03:06 | 000,069,632 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2006/08/25 15:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/02/23 15:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/12/14 10:26:02 | 000,668,912 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\HUB\ServicepointService.exe -- (ServicepointService)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/05/12 12:43:28 | 000,241,731 | ---- | M] (Raxco Software, Inc.) [Auto | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDSched.exe -- (PDSched)
SRV - [2005/05/12 12:42:40 | 000,483,397 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2004/09/07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)


========== Driver Services (SafeList) ==========

DRV - [2011/03/08 11:50:38 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2011/02/23 14:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 14:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 14:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 14:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 14:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 14:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 14:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/08/03 10:44:16 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/05/12 09:47:14 | 000,061,544 | ---- | M] (Raxco Software, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\defrag32b.sys -- (Defrag32b)
DRV - [2005/03/10 22:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/08 01:15:40 | 000,051,582 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte)
DRV - [2005/01/06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/12/24 18:36:38 | 000,097,792 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2004/12/21 11:38:12 | 000,034,816 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2004/12/15 17:30:14 | 000,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2004/11/16 16:03:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/11/15 22:51:54 | 000,050,048 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2004/10/21 20:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2004/10/04 10:33:02 | 000,062,799 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2004/08/31 08:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/12 08:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/07/08 17:07:34 | 000,036,531 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2004/06/17 20:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 20:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 20:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/26 20:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/02/13 16:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/09/20 07:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/10/16 13:55:48 | 000,002,851 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Toshidpt.sys -- (toshidpt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.autocompletepro.com/?si=10205&bi=400
IE - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.autocompletepro.com/?si=10205&bi=400
IE - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.autocompletepro.com/?si=10205&bi=400
IE - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.autocompletepro.com/?si=10205&bi=400
IE - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.autocompletepro.com/?si=10205&bi=400
IE - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "ACPro"
FF - prefs.js..browser.search.defaultenginename: "ACPro"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "ACPro"
FF - prefs.js..browser.search.selectedEngine: "ACPro"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "http://search.autocompletepro.com?si=10205"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}:4.7.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..keyword.URL: "http://search.autocompletepro.com?si=10205&q="


FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/06/13 19:03:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/03/09 19:30:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/09 18:33:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/09 18:44:57 | 000,000,000 | ---D | M]

[2008/09/01 12:32:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael Lunn\Application Data\Mozilla\Extensions
[2011/03/14 17:39:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael Lunn\Application Data\Mozilla\Firefox\Profiles\8ihyvxt4.default\extensions
[2011/03/07 23:54:03 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Michael Lunn\Application Data\Mozilla\Firefox\Profiles\8ihyvxt4.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/04/30 16:26:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michael Lunn\Application Data\Mozilla\Firefox\Profiles\8ihyvxt4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/24 09:55:16 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Michael Lunn\Application Data\Mozilla\Firefox\Profiles\8ihyvxt4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/02/01 15:24:43 | 000,000,000 | ---D | M] (Googlebar Lite) -- C:\Documents and Settings\Michael Lunn\Application Data\Mozilla\Firefox\Profiles\8ihyvxt4.default\extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}
[2011/02/01 15:24:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Michael Lunn\Application Data\Mozilla\Firefox\Profiles\8ihyvxt4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/12 23:31:40 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Documents and Settings\Michael Lunn\Application Data\Mozilla\Firefox\Profiles\8ihyvxt4.default\extensions\support@predictad.com
[2009/10/22 19:38:09 | 000,002,434 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Application Data\Mozilla\Firefox\Profiles\8ihyvxt4.default\searchplugins\google-scholar.xml
[2011/03/09 18:57:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006/11/06 17:49:30 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/03/09 19:30:57 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/06/13 18:58:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/12 23:31:40 | 000,003,189 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\acpro.xml
[2011/03/09 18:33:15 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/03/09 18:33:15 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/03/09 18:33:15 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/09 18:33:15 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/03/14 11:49:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (MSN Search Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\..\Toolbar\WebBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [OxigenClientAdmin] C:\Program Files\Oxigen\bin\Oxigen.exe ()
O4 - HKLM..\Run: [OxigenTrayIcon] C:\Program Files\Oxigen\bin\OxiTray.exe ()
O4 - HKLM..\Run: [VirginMediaHUB.exe] C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe (Virgin Media)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &MSN Search - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : FireShot menu - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - Reg Error: Value error. File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - File not found
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Michael Lunn\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael Lunn\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\igm.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\igm.exe" -a "%1" %*
O37 - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 30 Days ==========

[2011/03/15 22:15:34 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael Lunn\Desktop\OTL.exe
[2011/03/14 11:31:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/14 11:27:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/14 11:27:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/14 11:27:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/14 11:27:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/14 11:27:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/14 11:27:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/13 17:40:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michael Lunn\Recent
[2011/03/12 23:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ace DivX Player
[2011/03/12 23:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\GustoSoft
[2011/03/12 23:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Lunn\Start Menu\Programs\FLV Player
[2011/03/12 23:13:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\FLV Player
[2011/03/12 23:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\FLV Player
[2011/03/09 19:32:22 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/03/09 19:32:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/03/09 19:32:21 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/03/09 19:32:18 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/03/09 19:32:17 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/03/09 19:32:16 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/03/09 19:32:14 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/03/09 19:32:14 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/03/09 19:32:12 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/03/09 19:30:55 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/03/09 19:30:54 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/03/09 19:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/03/09 19:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/03/09 18:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/03/09 16:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/03/09 16:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager
[2011/03/09 15:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/03/09 15:34:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2011/03/08 13:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2011/03/08 12:59:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2011/03/07 23:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/03/07 20:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/03/07 16:21:42 | 000,239,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/03/07 16:21:42 | 000,160,448 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/03/07 16:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/03/07 16:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/03/07 16:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/03/06 20:25:10 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/03/05 22:09:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wise Registry Cleaner Free
[2011/03/05 21:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegInOut
[2011/03/05 21:46:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegInOut System Utilities
[2011/03/01 17:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Lunn\Local Settings\Application Data\Spotify
[2011/03/01 17:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Lunn\Application Data\Spotify
[2011/03/01 17:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spotify
[27 C:\Documents and Settings\Michael Lunn\My Documents\*.tmp files -> C:\Documents and Settings\Michael Lunn\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/15 22:22:00 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F7660274-59D4-4984-95B2-D388BFC36B20}.job
[2011/03/15 22:21:03 | 000,001,004 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1825243142-2624455098-1337660762-1007UA.job
[2011/03/15 22:15:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael Lunn\Desktop\OTL.exe
[2011/03/15 22:08:06 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/15 20:42:08 | 000,000,548 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/03/15 20:39:06 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/15 20:38:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/15 20:38:34 | 527,892,480 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/15 16:21:15 | 000,000,952 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1825243142-2624455098-1337660762-1007Core.job
[2011/03/14 11:49:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/14 11:31:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/03/14 11:25:41 | 004,286,521 | R--- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\ComboFix.exe
[2011/03/14 11:20:06 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\MBRCheck.exe
[2011/03/13 23:52:38 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\dds.scr
[2011/03/13 23:45:43 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\t87s0e8h.exe
[2011/03/12 23:25:04 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\Ace DivX Player.lnk
[2011/03/12 23:13:02 | 000,001,573 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\FLV Player.lnk
[2011/03/12 20:25:11 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\Google Chrome.lnk
[2011/03/12 20:25:11 | 000,002,315 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/11 16:53:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/09 19:32:25 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/09 19:32:16 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/03/09 19:12:18 | 000,001,270 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\My Documents\cc_20110309_191215.reg
[2011/03/09 18:45:03 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/03/09 18:11:51 | 000,002,506 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\My Documents\cc_20110309_181138.reg
[2011/03/09 14:12:12 | 000,007,910 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\My Documents\cc_20110309_141130.reg
[2011/03/09 14:10:01 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/03/08 11:50:38 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/03/08 11:48:34 | 000,000,920 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2011/03/07 20:35:20 | 000,430,877 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110307-215251.backup
[2011/03/07 20:32:07 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\Spybot - Search & Destroy.lnk
[2011/03/07 16:22:20 | 001,114,596 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/03/07 16:04:19 | 000,513,032 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\sdasetup_aff.exe
[2011/03/07 15:05:07 | 000,000,616 | -H-- | M] () -- C:\aaw7boot.cmd
[2011/03/07 12:58:26 | 000,000,425 | ---- | M] () -- C:\WINDOWS\tot.ord
[2011/03/06 20:25:10 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/03/05 23:01:39 | 000,430,877 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110307-203520.backup
[2011/03/05 20:53:42 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/05 20:39:42 | 000,000,354 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\fix.reg
[2011/03/05 20:29:28 | 000,012,692 | -HS- | M] () -- C:\Documents and Settings\Michael Lunn\Local Settings\Application Data\1850343178
[2011/03/05 20:29:28 | 000,012,692 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1850343178
[2011/03/05 18:00:14 | 000,016,594 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1745090371
[2011/03/05 18:00:13 | 000,016,594 | -HS- | M] () -- C:\Documents and Settings\Michael Lunn\Local Settings\Application Data\1745090371
[2011/03/05 17:43:04 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/03/03 23:52:36 | 000,005,726 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Application Data\wklnhst.dat
[2011/03/01 17:02:47 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\Spotify.lnk
[2011/02/23 15:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/02/23 15:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/02/23 14:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/02/23 14:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/02/23 14:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/02/23 14:55:47 | 000,102,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/02/23 14:55:44 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/02/23 14:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/02/23 14:54:57 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/02/23 14:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[27 C:\Documents and Settings\Michael Lunn\My Documents\*.tmp files -> C:\Documents and Settings\Michael Lunn\My Documents\*.tmp -> ]
 
2nd part:


========== Files Created - No Company Name ==========

[2011/03/14 11:31:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/03/14 11:31:25 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/03/14 11:27:34 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/14 11:27:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/14 11:27:34 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/14 11:27:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/14 11:27:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/14 11:25:44 | 004,286,521 | R--- | C] () -- C:\Documents and Settings\Michael Lunn\Desktop\ComboFix.exe
[2011/03/14 11:20:22 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\Desktop\MBRCheck.exe
[2011/03/13 23:52:48 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\Desktop\dds.scr
[2011/03/13 23:45:42 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\Desktop\t87s0e8h.exe
[2011/03/12 23:25:04 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\Desktop\Ace DivX Player.lnk
[2011/03/12 23:13:02 | 000,001,573 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\Desktop\FLV Player.lnk
[2011/03/09 19:32:25 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/09 19:12:16 | 000,001,270 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\My Documents\cc_20110309_191215.reg
[2011/03/09 18:45:01 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/03/09 18:44:59 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/03/09 18:11:45 | 000,002,506 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\My Documents\cc_20110309_181138.reg
[2011/03/09 18:03:31 | 000,000,898 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/09 18:03:30 | 000,000,894 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/09 14:11:35 | 000,007,910 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\My Documents\cc_20110309_141130.reg
[2011/03/09 14:10:01 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/03/07 23:54:03 | 000,000,920 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2011/03/07 23:34:40 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/03/07 20:32:07 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\Desktop\Spybot - Search & Destroy.lnk
[2011/03/07 16:21:53 | 001,114,596 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/03/07 16:18:48 | 000,513,032 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\Desktop\sdasetup_aff.exe
[2011/03/07 15:03:50 | 000,000,616 | -H-- | C] () -- C:\aaw7boot.cmd
[2011/03/05 21:07:26 | 527,892,480 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/05 20:39:42 | 000,000,354 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\Desktop\fix.reg
[2011/03/05 17:57:57 | 000,016,594 | -HS- | C] () -- C:\Documents and Settings\Michael Lunn\Local Settings\Application Data\1745090371
[2011/03/05 17:56:45 | 000,016,594 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1745090371
[2011/03/05 17:56:45 | 000,012,692 | -HS- | C] () -- C:\Documents and Settings\Michael Lunn\Local Settings\Application Data\1850343178
[2011/03/05 17:54:41 | 000,018,152 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\1850343178
[2011/03/05 17:54:41 | 000,012,692 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1850343178
[2011/03/01 17:02:47 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\Desktop\Spotify.lnk
[2011/03/01 17:02:45 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\Start Menu\Programs\Spotify.lnk
[2011/02/21 19:04:20 | 000,000,425 | ---- | C] () -- C:\WINDOWS\tot.ord
[2010/11/16 14:10:05 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\Application Data\install
[2010/05/16 21:28:21 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\Local Settings\Application Data\fusioncache.dat
[2010/02/14 19:16:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\Local Settings\Application Data\prvlcl.dat
[2009/09/17 18:04:27 | 000,061,348 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/18 18:31:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/16 17:02:35 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/11/06 16:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/08/28 15:25:12 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/08/28 15:25:12 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/09/14 17:25:18 | 000,005,726 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\Application Data\wklnhst.dat
[2007/08/01 10:42:42 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/08/01 10:42:42 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/08/01 10:42:42 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2007/08/01 10:42:42 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2007/08/01 10:42:42 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/08/01 10:42:41 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/08/01 10:42:41 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/08/01 10:42:41 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/08/01 10:42:41 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/08/01 10:42:41 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/08/01 10:42:41 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/08/01 10:42:41 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/08/01 10:42:41 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/08/01 10:42:41 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2007/08/01 10:42:41 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/08/01 10:42:41 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/08/01 10:42:41 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/08/01 10:42:41 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/08/01 10:42:41 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/03/20 18:27:02 | 000,000,097 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2007/02/09 18:20:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2006/08/30 14:39:34 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/08/30 14:19:24 | 000,126,704 | ---- | C] () -- C:\WINDOWS\Unwise.exe
[2006/03/17 18:46:13 | 000,000,585 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/11/24 22:03:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/24 21:56:56 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/11/24 21:56:55 | 000,005,144 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/11/24 21:55:53 | 000,000,411 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/24 21:51:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/24 21:47:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/11/24 21:45:32 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/11/24 21:21:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/11/24 21:21:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/11/24 21:20:40 | 000,000,401 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/02 17:05:54 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlcdplc.ini
[2005/05/12 08:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/12/02 15:20:12 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2004/09/22 10:09:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/08/12 08:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:57:15 | 000,293,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:51:20 | 000,445,704 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 12:51:20 | 000,072,910 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 12:50:56 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/07/29 15:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/07/09 22:43:35 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll

========== LOP Check ==========

[2011/03/09 19:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/12/06 18:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/12/06 17:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/04/29 17:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2008/07/13 22:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/03/07 23:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/11/20 11:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2011/03/09 14:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/03/03 17:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2010/10/14 14:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2011/03/05 21:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegInOut
[2011/03/09 21:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008/02/28 18:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/08/04 22:13:42 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\System Restore
[2011/03/07 17:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/02/09 17:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/10/14 14:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Media
[2009/07/13 15:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/04/10 13:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Catherine Lunn\Application Data\MSN Search Toolbar
[2007/12/15 11:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Lunn\Application Data\Daog
[2010/12/06 16:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Lunn\Application Data\FireShot
[2006/08/30 12:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Lunn\Application Data\MSN Search Toolbar
[2011/03/02 16:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Lunn\Application Data\Spotify
[2011/02/08 22:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Lunn\Application Data\Vexel
[2010/10/14 14:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Lunn\Application Data\Virgin Media
[2011/03/05 21:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Lunn\Application Data\Wexi
[2011/03/05 17:43:04 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/03/15 22:22:00 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F7660274-59D4-4984-95B2-D388BFC36B20}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/03/07 15:05:07 | 000,000,616 | -H-- | M] () -- C:\aaw7boot.cmd
[2010/06/14 18:08:09 | 000,016,124 | ---- | M] () -- C:\aaw7boot.log
[2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/06/14 15:59:11 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/03/14 11:31:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/03/15 20:33:35 | 000,015,844 | ---- | M] () -- C:\ComboFix.txt
[2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/11/24 21:26:26 | 000,005,017 | RH-- | M] () -- C:\dell.sdr
[2011/03/15 20:38:34 | 527,892,480 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/26 19:44:43 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2005/11/24 21:48:37 | 000,000,884 | -H-- | M] () -- C:\IPH.PH
[2010/06/15 19:24:31 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2005/11/24 21:42:04 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/03/15 20:38:32 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys
[2009/03/24 17:06:57 | 000,001,584 | ---- | M] () -- C:\Rescued document.txt
[2010/06/07 17:41:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/06/09 18:14:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/06/10 00:43:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/06/10 17:52:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/02/21 16:23:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/03/12 14:29:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/03/14 21:21:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/04/03 19:42:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/04/03 23:09:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/04/18 17:56:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/05/03 20:30:40 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/05/05 18:31:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/05/06 13:39:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/05/09 20:55:10 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/05/10 19:15:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/05/12 11:50:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/05/12 19:43:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/05/13 17:26:07 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/05/15 15:37:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/05/25 16:04:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/06/07 17:41:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/06/09 18:14:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/06/10 00:43:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/06/10 17:52:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/02/21 16:23:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/03/12 14:29:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/03/14 21:21:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/04/03 19:42:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/04/03 23:09:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/04/18 17:56:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/05/03 20:30:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/05/05 18:31:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/05/06 13:39:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/05/09 20:55:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/05/10 19:15:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/05/12 11:50:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/05/12 19:43:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/05/13 17:26:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/05/15 15:37:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/05/25 16:04:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/10 13:03:42 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 10:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/02/23 15:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/06/14 19:30:24 | 000,001,618 | -H-- | M] () -- C:\Documents and Settings\Michael Lunn\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/10 12:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 12:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 12:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2004/08/10 13:04:12 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/08/30 12:39:22 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Michael Lunn\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/10 13:08:38 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/05/05 18:38:33 | 003,382,520 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Michael Lunn\Desktop\ccsetup231.exe
[2011/03/14 11:25:41 | 004,286,521 | R--- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\ComboFix.exe
[2011/03/14 11:20:06 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\MBRCheck.exe
[2011/03/15 22:15:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael Lunn\Desktop\OTL.exe
[2011/03/07 16:04:19 | 000,513,032 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\sdasetup_aff.exe
[2011/03/13 23:45:43 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\t87s0e8h.exe
[2009/10/29 13:25:15 | 000,866,163 | ---- | M] (Reinhard Nopper ) -- C:\Documents and Settings\Michael Lunn\Desktop\zplotpremiumsetup.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/08/30 12:39:20 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Michael Lunn\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >
[2011/03/09 18:32:12 | 000,000,016 | ---- | M] () -- C:\Program Files\Mozilla Firefox\dmlconf.dat

< %USERPROFILE%\Cookies\*.txt /x >
[2010/02/19 18:32:54 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Michael Lunn\Cookies\desktop.ini
[2011/03/15 20:44:31 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Michael Lunn\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >
[2004/10/29 21:56:50 | 000,466,944 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe
[11 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2004/08/04 05:00:00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2004/08/04 01:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2004/08/04 01:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 01:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 01:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
 
OTL Extras logfile created on: 15/03/2011 22:20:07 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Michael Lunn\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

503.00 Mb Total Physical Memory | 255.00 Mb Available Physical Memory | 51.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.77 Gb Total Space | 31.17 Gb Free Space | 44.04% Space Free | Partition Type: NTFS

Computer Name: DAYNE2 | User Name: Michael Lunn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\igm.exe" -a "%1" %*

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\igm.exe" -a "%1" %*

[HKEY_USERS\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with Paint Shop Pro Studio] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\\Paint Shop Pro Studio.exe" "/Browse" "%L" (Jasc Software, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"17140:TCP" = 17140:TCP:*:Enabled:spport
"22557:TCP" = 22557:TCP:*:Enabled:spport
"20686:TCP" = 20686:TCP:*:Enabled:spport
"25278:TCP" = 25278:TCP:*:Enabled:spport
"16053:TCP" = 16053:TCP:*:Enabled:spport

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Virgin Media\HUB\ServicepointService.exe" = C:\Program Files\Virgin Media\HUB\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055A0044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Encyclopedia Standard 2005
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12760E10-1413-4B35-91F4-7F5EB692B6E9}" = Autograph 3.20 (30-day)
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 22
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50AF9AC4-6E62-405A-A269-C02B70A21E64}" = 944plc32
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"{67E4EE98-59F4-4220-89A6-A20AF5BEC689}" = Microsoft AutoRoute 2005
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D1DCBBA-F6F5-42B4-B90B-F04ACE4DFD6C}" = MSN Search Toolbar
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}" = ArcSoft Software Suite
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7AC5A96-C8BC-431C-B661-27A09781DFA8}" = Wanadoo Europe Installer
"{BE8913B7-B2C4-48BE-8A26-84390FF4F231}" = DMX Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C190CB55-817E-4713-84F4-0BBB8961CED9}" = PerfectDisk
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = TOSHIBA Bluetooth Stack for Apache by CSR
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D6D532B2-22E1-43AA-B4B7-34D772314859}" = Oxigen Client v5.00.0000
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Ace DivX Player_is1" = Ace DivX Player v2.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Defraggler" = Defraggler (remove only)
"Dell Photo AIO Printer 944" = Dell Photo AIO Printer 944
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"FLV Player2.0.25" = FLV Player
"FLVPlayer" = FLV Player 1.3.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"IPIX ActiveX Viewer" = iPIX ActiveX Viewer
"LimeWire" = LimeWire 5.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel(R) PROSet/Wireless Software
"RadialpointClientGateway_is1" = Virgin Media HUB 3.5.12
"Shockwave" = Shockwave
"SopCast" = SopCast 1.0.1
"Spotify" = Spotify
"Startup Delayer" = Startup Delayer v2.5 (build 138)
"VLC media player" = VLC media player 1.0.1
"WIC" = Windows Imaging Component
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Z-Plot Premium_is1" = Z-Plot Premium 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/02/2011 15:02:57 | Computer Name = DAYNE2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 23/02/2011 09:18:00 | Computer Name = DAYNE2 | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
shlwapi.dll, version 6.0.2900.3653, fault address 0x0002c4d8.

Error - 23/02/2011 09:20:14 | Computer Name = DAYNE2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 23/02/2011 09:20:14 | Computer Name = DAYNE2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 23/02/2011 11:21:31 | Computer Name = DAYNE2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 23/02/2011 11:57:08 | Computer Name = DAYNE2 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 23/02/2011 13:22:09 | Computer Name = DAYNE2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 23/02/2011 13:22:09 | Computer Name = DAYNE2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 23/02/2011 15:27:14 | Computer Name = DAYNE2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 23/02/2011 17:30:12 | Computer Name = DAYNE2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

[ System Events ]
Error - 15/03/2011 09:38:46 | Computer Name = DAYNE2 | Source = Service Control Manager | ID = 7001
Description = The PDScheduler service depends on the PDEngine service which failed
to start because of the following error: %%1070

Error - 15/03/2011 09:38:46 | Computer Name = DAYNE2 | Source = Service Control Manager | ID = 7034
Description = The PDEngine service terminated unexpectedly. It has done this 1
time(s).

Error - 15/03/2011 09:52:48 | Computer Name = DAYNE2 | Source = ipnathlp | ID = 30005
Description = The DHCP allocator has detected a DHCP server with IP address 192.168.0.1
on
the same network as the interface with IP address 192.168.0.4. The allocator has
disabled itself on the interface in order to avoid confusing DHCP clients.

Error - 15/03/2011 09:52:48 | Computer Name = DAYNE2 | Source = ipnathlp | ID = 30009
Description = The DHCP allocator encountered a network error while attempting to
reply on IP address 240.49.70.102 to a request from a client. The data is the error
code.

Error - 15/03/2011 15:41:46 | Computer Name = DAYNE2 | Source = Service Control Manager | ID = 7034
Description = The SupportSoft Sprocket Service (dellsupportcenter) service terminated
unexpectedly. It has done this 1 time(s).

Error - 15/03/2011 16:41:55 | Computer Name = DAYNE2 | Source = Service Control Manager | ID = 7022
Description = The PDEngine service hung on starting.

Error - 15/03/2011 16:41:55 | Computer Name = DAYNE2 | Source = Service Control Manager | ID = 7001
Description = The PDScheduler service depends on the PDEngine service which failed
to start because of the following error: %%1070

Error - 15/03/2011 16:41:55 | Computer Name = DAYNE2 | Source = Service Control Manager | ID = 7034
Description = The PDEngine service terminated unexpectedly. It has done this 1
time(s).

Error - 15/03/2011 17:28:17 | Computer Name = DAYNE2 | Source = ipnathlp | ID = 30005
Description = The DHCP allocator has detected a DHCP server with IP address 192.168.0.1
on
the same network as the interface with IP address 192.168.0.4. The allocator has
disabled itself on the interface in order to avoid confusing DHCP clients.

Error - 15/03/2011 17:28:17 | Computer Name = DAYNE2 | Source = ipnathlp | ID = 30009
Description = The DHCP allocator encountered a network error while attempting to
reply on IP address 240.49.70.102 to a request from a client. The data is the error
code.


< End of report >
 
Good news :)

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultengine: "ACPro"
FF - prefs.js..browser.search.defaultenginename: "ACPro"
FF - prefs.js..browser.search.order.1: "ACPro"
FF - prefs.js..browser.search.selectedEngine: "ACPro"
FF - prefs.js..browser.startup.homepage: "http://search.autocompletepro.com?si=10205"
FF - prefs.js..keyword.URL: "http://search.autocompletepro.com?si=10205&q="
IE - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.autocompletepro.com/?si=10205&bi=400
IE - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.autocompletepro.com/?si=10205&bi=400
IE - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.autocompletepro.com/?si=10205&bi=400
IE - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.autocompletepro.com/?si=10205&bi=400
IE - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.autocompletepro.com/?si=10205&bi=400
[2011/03/12 23:31:40 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Documents and Settings\Michael Lunn\Application Data\Mozilla\Firefox\Profiles\8ihyvxt4.default\extensions\support@predictad .com
[2011/03/12 23:31:40 | 000,003,189 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\acpro.xml
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - File not found
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - File not found
O9 - Extra 'Tools' menuitem : FireShot menu - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - Reg Error: Value error. File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/sof...iveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - Reg Error: Key error. File not found
[27 C:\Documents and Settings\Michael Lunn\My Documents\*.tmp files -> C:\Documents and Settings\Michael Lunn\My Documents\*.tmp -> ]
[2011/03/05 20:29:28 | 000,012,692 | -HS- | M] () -- C:\Documents and Settings\Michael Lunn\Local Settings\Application Data\1850343178
[2011/03/05 20:29:28 | 000,012,692 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1850343178
[2011/03/05 18:00:14 | 000,016,594 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1745090371
[2011/03/05 18:00:13 | 000,016,594 | -HS- | M] () -- C:\Documents and Settings\Michael Lunn\Local Settings\Application Data\1745090371
[2011/03/05 17:54:41 | 000,018,152 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\1850343178
[2010/12/06 18:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/12/06 17:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/07/13 22:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/11/20 11:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2011/03/05 21:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegInOut
[2007/02/09 17:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.


========================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Prefs.js: "ACPro" removed from browser.search.defaultengine
Prefs.js: "ACPro" removed from browser.search.defaultenginename
Prefs.js: "ACPro" removed from browser.search.order.1
Prefs.js: "ACPro" removed from browser.search.selectedEngine
Prefs.js: "http://search.autocompletepro.com?si=10205" removed from browser.startup.homepage
Prefs.js: "http://search.autocompletepro.com?si=10205&q=" removed from keyword.URL
HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Search\\Search Page| /E : value set successfully!
Folder C:\Documents and Settings\Michael Lunn\Application Data\Mozilla\Firefox\Profiles\8ihyvxt4.default\extensions\support@predictad .com\ not found.
C:\Program Files\Mozilla Firefox\searchplugins\acpro.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Starting removal of ActiveX control {A8F2B9BD-A6A0-486A-9744-18920D898429}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A8F2B9BD-A6A0-486A-9744-18920D898429}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/x-internet-signup\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A173B69A-1F9B-4823-9FDA-412F641E65D6}\ not found.
C:\Documents and Settings\Michael Lunn\My Documents\~WRL0003.tmp deleted successfully.
C:\Documents and Settings\Michael Lunn\My Documents\~WRL0005.tmp deleted successfully.
C:\Documents and Settings\Michael Lunn\My Documents\~WRL0025.tmp deleted successfully.
C:\Documents and Settings\Michael Lunn\My Documents\~WRL0098.tmp deleted successfully.
C:\Documents and Settings\Michael Lunn\My Documents\~WRL0163.tmp deleted successfully.
C:\Documents and Settings\Michael Lunn\My Documents\~WRL0171.tmp deleted successfully.
C:\Documents and Settings\Michael Lunn\My Documents\~WRL0362.tmp deleted successfully.
C:\Documents and Settings\Michael Lunn\My Documents\~WRL0621.tmp deleted successfully.
C:\Documents and Settings\Michael Lunn\My Documents\~WRL0638.tmp deleted successfully.
C:\Documents and Settings\Michael Lunn\My Documents\~WRL0647.tmp deleted successfully.
C:\Documents and Settings\Michael Lunn\My Documents\~WRL1195.tmp deleted successfully.
C:\Documents and Settings\Michael Lunn\My Documents\~WRL1669.tmp deleted successfully.
C:\Documents and Settings\Michael Lunn\My Documents\~WRL1797.tmp deleted successfully.
C:\Documents and Settings\Michael Lunn\My Documents\~WRL1838.tmp deleted successfully.
C:\Documents and Settings\Michael Lunn\My Documents\~WRL1846.tmp deleted successfully.
C:\Documents and Settings\Michael Lunn\My Documents\~WRL2222.tmp deleted successfully.
C:\Documents and Settings\Michael Lunn\My Documents\~WRL2356.tmp deleted successfully.
C:\Documents and Settings\Michael Lunn\My Documents\~WRL2428.tmp deleted successfully.
C:\Documents and Settings\Michael Lunn\My Documents\~WRL2520.tmp deleted successfully.
C:\Documents and Settings\Michael Lunn\My Documents\~WRL2863.tmp deleted successfully.
C:\Documents and Settings\Michael Lunn\My Documents\~WRL3149.tmp deleted successfully.
C:\Documents and Settings\Michael Lunn\My Documents\~WRL3304.tmp deleted successfully.
C:\Documents and Settings\Michael Lunn\My Documents\~WRL3336.tmp deleted successfully.
C:\Documents and Settings\Michael Lunn\My Documents\~WRL3594.tmp deleted successfully.
C:\Documents and Settings\Michael Lunn\My Documents\~WRL3900.tmp deleted successfully.
C:\Documents and Settings\Michael Lunn\My Documents\~WRL3964.tmp deleted successfully.
C:\Documents and Settings\Michael Lunn\My Documents\~WRL3965.tmp deleted successfully.
C:\Documents and Settings\Michael Lunn\Local Settings\Application Data\1850343178 moved successfully.
C:\Documents and Settings\All Users\Application Data\1850343178 moved successfully.
C:\Documents and Settings\All Users\Application Data\1745090371 moved successfully.
C:\Documents and Settings\Michael Lunn\Local Settings\Application Data\1745090371 moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\1850343178 moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10\log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare\temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\backup folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\scanlogs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Dumps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\CfgAll folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Cfg folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\AvgApi folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\AvgAm folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\admincli folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Grisoft folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Kontiki folder moved successfully.
C:\Documents and Settings\All Users\Application Data\RegInOut folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Catherine Lunn
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dayne Lunn

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Michael Lunn
->Temp folder emptied: 42238798 bytes
->Temporary Internet Files folder emptied: 296088 bytes
->Java cache emptied: 3879 bytes
->FireFox cache emptied: 16993836 bytes
->Google Chrome cache emptied: 520715137 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 5082 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 553.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Catherine Lunn
->Flash cache emptied: 0 bytes

User: Dayne Lunn

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: Michael Lunn
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03152011_235156

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.2.152.32
Adobe Reader X (10.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````
 
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DropperMaximus.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\Michael Lunn\My Documents\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application
C:\i386\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent.LCKGTSG application
C:\WINDOWS\system32\123.js JS/TrojanDownloader.Agent.NWG trojan
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL

:Services

:Reg

:Files
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DropperMaximus.zip 
C:\Documents and Settings\Michael Lunn\My Documents\Downloads\registrybooster.exe 
C:\i386\GTDownDE_87.ocx 
C:\WINDOWS\system32\123.js 

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=====================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DropperMaximus.zip moved successfully.
C:\Documents and Settings\Michael Lunn\My Documents\Downloads\registrybooster.exe moved successfully.
C:\i386\GTDownDE_87.ocx moved successfully.
C:\WINDOWS\system32\123.js moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Catherine Lunn
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dayne Lunn

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Michael Lunn
->Temp folder emptied: 102760 bytes
->Temporary Internet Files folder emptied: 97914 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 9984070 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 343 bytes

User: NetworkService
->Temp folder emptied: 936 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18301 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 10.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Catherine Lunn
->Flash cache emptied: 0 bytes

User: Dayne Lunn

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: Michael Lunn
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03162011_123126

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Catherine Lunn
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dayne Lunn

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Michael Lunn
->Temp folder emptied: 3513 bytes
->Temporary Internet Files folder emptied: 71814 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6959138 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Catherine Lunn
->Flash cache emptied: 0 bytes

User: Dayne Lunn

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: Michael Lunn
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.22.3 log created on 03162011_123839

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Status
Not open for further replies.

Similar threads

Daniel Sims
Thousands of websites infected to redirect users in Google Ads view-pumping scam
Replies
5
Views
629
Feng Lengshun
F
Daniel Sims
  • Locked
For now, don't Google search for software downloads
Replies
13
Views
1K
Feng Lengshun
F
A
"Right to be forgotten" in the era of AI and large language models
Replies
0
Views
292
Alfonso Maruccia
A

Latest posts

Back