TechSpot

Google redirect and unremovable viruses

By warren90
Mar 9, 2011
  1. Hi,

    Tried various different antivirus programs, all of which either don't install or identify problems but are unable to remove them. Infections include worm.win32.koobface.as and worm.win32.ramnit. I am also redirected to websites such as licosearch and hugosearch when using google. Any help would be much appreciated.
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. warren90

    warren90 TS Rookie Topic Starter

    Thanks for your response, here are the first 3 logs:


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6046

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 8.0.6001.18702

    13/03/2011 23:17:40
    mbam-log-2011-03-13 (23-17-40).txt

    Scan type: Quick scan
    Objects scanned: 197061
    Time elapsed: 18 minute(s), 26 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-03-13 23:50:37
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800VE-75HDT1 rev.11.07D11
    Running: t87s0e8h.exe; Driver: C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\uftdapog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAA4CD026]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAA4CCE91]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAA5168DE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device aswSP.SYS (avast! self protection module/AVAST Software)
    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----



    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Michael Lunn at 23:57:53.03 on 13/03/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.503.192 [GMT 0:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Oxigen\bin\Oxigen.exe
    C:\Program Files\Oxigen\bin\OxiTray.exe
    C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Dell Support Center\gs_agent\dsc.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\WINDOWS\system32\taskmgr.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Virgin Media\HUB\ServicepointService.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Virgin Media\HUB\VirginMediaHUBComHandler.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Michael Lunn\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.autocompletepro.com/?si=10205&bi=400
    uSearch Page = hxxp://search.autocompletepro.com/?si=10205&bi=400
    uSearch Bar = hxxp://search.autocompletepro.com/?si=10205&bi=400
    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    uDefault_Search_URL = hxxp://search.autocompletepro.com/?si=10205&bi=400
    mURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\jtlgjjrk\radstjxx.exe
    BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
    BHO: MSN Search Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\documents and settings\michael lunn\application data\mozilla\firefox\profiles\8ihyvxt4.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.87.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: MSN Search Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    EB: {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\michael lunn\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [<NO NAME>]
    mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [OxigenClientAdmin] "c:\program files\oxigen\bin\Oxigen.exe"
    mRun: [OxigenTrayIcon] c:\program files\oxigen\bin\OxiTray.exe
    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
    mRun: [VirginMediaHUB.exe] "c:\program files\virgin media\hub\VirginMediaHUB.exe" /AUTORUN
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    dRun: [jfokoeyc] c:\windows\temp\ndkgcffky\pdjinkluerb.exe
    dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    IE: &MSN Search - c:\program files\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll/search.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    IE: {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
    IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD}
    DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Notify: igfxcui - igfxdev.dll
    Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\michae~1\applic~1\mozilla\firefox\profiles\8ihyvxt4.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.startup.homepage - hxxp://search.autocompletepro.com?si=10205
    FF - prefs.js: keyword.URL - hxxp://search.autocompletepro.com?si=10205&q=
    FF - prefs.js: browser.search.selectedEngine - ACPro
    FF - component: c:\documents and settings\michael lunn\application data\mozilla\firefox\profiles\8ihyvxt4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\documents and settings\michael lunn\application data\mozilla\firefox\profiles\8ihyvxt4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
    FF - plugin: c:\documents and settings\michael lunn\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\program files\virgin media\hub\nprpspa.dll
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Googlebar Lite: {79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f} - %profile%\extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}
    FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-3-7 239168]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-9 371544]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-9 301528]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-9 19544]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-9 42184]
    R2 ServicepointService;ServicepointService;c:\program files\virgin media\hub\ServicepointService.exe [2010-10-14 668912]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-9 136176]
    S2 PDSched;PDScheduler;c:\program files\raxco\perfectdisk\PDSched.exe [2005-5-12 241731]
    S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-3-7 16968]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-03-12 23:30:50 -------- d-----w- c:\program files\AutocompletePro
    2011-03-12 23:24:58 -------- d-----w- c:\program files\GustoSoft
    2011-03-12 23:13:01 -------- d-----w- c:\windows\FLV Player
    2011-03-09 19:32:16 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-03-09 19:30:55 40648 ----a-w- c:\windows\avastSS.scr
    2011-03-09 19:30:33 -------- d-----w- c:\program files\AVAST Software
    2011-03-09 19:30:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
    2011-03-09 16:56:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan
    2011-03-09 15:34:08 -------- d-----w- c:\program files\Trend Micro
    2011-03-08 13:23:54 -------- d-----w- c:\program files\Zone Labs
    2011-03-08 12:59:07 -------- d-----w- c:\windows\Internet Logs
    2011-03-08 11:51:42 -------- d-----w- c:\program files\jtlgjjrk
    2011-03-07 23:34:40 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-03-07 23:34:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
    2011-03-07 16:21:42 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2011-03-07 16:21:42 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2011-03-07 16:20:46 -------- d-----w- c:\program files\common files\PC Tools
    2011-03-07 16:20:45 -------- d-----w- c:\program files\PC Tools Security
    2011-03-07 16:18:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
    2011-03-07 15:03:50 616 ---ha-w- C:\aaw7boot.cmd
    2011-03-07 13:56:31 5943120 ------w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\updates\mpengine.dll
    2011-03-06 20:25:10 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-03-05 21:46:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\RegInOut
    2011-03-05 21:46:23 -------- d-----w- c:\windows\RegInOut System Utilities
    2011-03-05 21:46:01 -------- d-----w- c:\program files\RegInOut
    2011-03-01 17:03:02 -------- d-----w- c:\docume~1\michae~1\locals~1\applic~1\Spotify
    2011-03-01 17:03:02 -------- d-----w- c:\docume~1\michae~1\applic~1\Spotify
    2011-03-01 17:02:43 -------- d-----w- c:\program files\Spotify
    .
    ==================== Find3M ====================
    .
    2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 23:59:32.78 ===============
     
  4. warren90

    warren90 TS Rookie Topic Starter

    The fourth is too long for one post. This is the first half:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 03/12/2005 21:54:45
    System Uptime: 13/03/2011 23:37:19 (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0WF351
    Processor: Intel(R) Pentium(R) M processor 1.73GHz | Microprocessor | 795/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 71 GiB total, 31.967 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1212: 09/03/2011 16:17:04 - System Checkpoint
    RP1213: 09/03/2011 17:34:09 - Removed Java 2 Runtime Environment, SE v1.4.2_03
    RP1214: 09/03/2011 17:35:57 - Removed J2SE Runtime Environment 5.0 Update 10
    RP1215: 09/03/2011 17:49:26 - Removed Adobe Reader 7.0.9
    RP1216: 09/03/2011 18:42:31 - Installed Adobe Reader X (10.0.1).
    RP1217: 09/03/2011 19:30:33 - avast! Free Antivirus Setup
    RP1218: 10/03/2011 19:36:08 - System Checkpoint
    RP1219: 11/03/2011 20:45:38 - System Checkpoint
    RP1220: 12/03/2011 19:31:17 - Software Distribution Service 3.0
    RP1221: 13/03/2011 14:02:52 - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    944plc32
    AAC Decoder
    Ace DivX Player v2.1
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.0.1)
    Adobe Shockwave Player 11.5
    Adobe® Photoshop® Album Starter Edition 3.2
    ALPS Touch Pad Driver
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Software Suite
    ARTEuro
    AutocompletePro
    Autograph 3.20 (30-day)
    AutoUpdate
    avast! Free Antivirus
    Bonjour
    Broadcom Management Programs 2
    CCleaner
    Compatibility Pack for the 2007 Office system
    Conexant D110 MDC V.9x Modem
    Critical Update for Windows Media Player 11 (KB959772)
    Defraggler (remove only)
    Dell Driver Reset Tool
    Dell Media Experience
    Dell Photo AIO Printer 944
    Dell Picture Studio v3.0
    Dell Support Center (Support Software)
    Dell System Restore
    DellSupport
    Digital Line Detect
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Version Checker
    DivX Web Player
    DMX Update
    FLV Player
    FLV Player 1.3.3
    Google Chrome
    Google Earth
    Google Toolbar for Firefox
    Google Toolbar for Internet Explorer
    Google Update Helper
    H.264 Decoder
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) Graphics Media Accelerator Driver for Mobile
    Intel(R) PROSet/Wireless Software
    Internal Network Card Power Management
    Internet Explorer Default Page
    iPIX ActiveX Viewer
    iPod for Windows 2005-09-23
    iPod for Windows 2006-03-23
    iTunes
    Jasc Paint Shop Photo Album 5
    Jasc Paint Shop Pro Studio, Dell Editon
    Java Auto Updater
    Java(TM) 6 Update 22
    Learn2 Player (Uninstall Only)
    LimeWire 5.1.2
    Malwarebytes' Anti-Malware
    mCore
    mDrWiFi
    mHlpDell
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft AutoRoute 2005
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Encarta Encyclopedia Standard 2005
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Standard Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Microsoft Works 2005 Setup Launcher
    Microsoft Works Suite Add-in for Microsoft Word
    mIWA
    mIWCA
    MKV Splitter
    mLogView
    mMHouse
    Modem Helper
    Mozilla Firefox (3.6.15)
    mPfMgr
    mPfWiz
    mProSafe
    MSN
    MSN Search Toolbar
    mSSO
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    mToolkit
    mWlsSafe
    mXML
    MyWay Search Assistant
    mZConfig
    NetWaiting
    Oxigen Client v5.00.0000
    PerfectDisk
    PHOTOfunSTUDIO -viewer-
    PowerDVD 5.5
    QuickSet
    QuickTime
    RealPlayer
    RegInOut System Utilities
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911280)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Shockwave
    Sonic DLA
    Sonic MyDVD LE
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    SopCast 1.0.1
    Spotify
    Spybot - Search & Destroy
    Startup Delayer v2.5 (build 138)
    Tiscali Internet
    TOSHIBA Bluetooth Stack for Apache by CSR
    TVAnts 1.0
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB971180)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB932823-v3)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.762
    Viewpoint Media Player
    Virgin Media HUB 3.5.12
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 1.0.1
    Wanadoo Europe Installer
    WebFldrs XP
    Windows Defender
    Windows Genuine Advantage Notifications (KB905474)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 8
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885855
    Windows XP Hotfix - KB885884
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB888310
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB892627
    Windows XP Hotfix - KB893056
    WinRAR archiver
    Works Upgrade
    Xvid 1.1.3 final uninstall
    Z-Plot Premium 1.0
    .
     
  5. warren90

    warren90 TS Rookie Topic Starter

    And the second half:

    ==== Event Viewer Messages From Past Week ========
    .
    13/03/2011 22:49:40, error: Service Control Manager [7034] - The ServicepointService service terminated unexpectedly. It has done this 1 time(s).
    13/03/2011 22:49:40, error: Service Control Manager [7034] - The RegSrvc service terminated unexpectedly. It has done this 1 time(s).
    13/03/2011 22:49:40, error: Service Control Manager [7034] - The PDEngine service terminated unexpectedly. It has done this 1 time(s).
    13/03/2011 22:49:40, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).
    13/03/2011 22:49:37, error: Service Control Manager [7034] - The WLANKEEPER service terminated unexpectedly. It has done this 1 time(s).
    13/03/2011 22:49:37, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    13/03/2011 22:49:37, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    13/03/2011 22:49:37, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    13/03/2011 22:49:36, error: Service Control Manager [7034] - The Spectrum24 Event Monitor service terminated unexpectedly. It has done this 1 time(s).
    13/03/2011 22:49:36, error: Service Control Manager [7034] - The EvtEng service terminated unexpectedly. It has done this 1 time(s).
    13/03/2011 20:26:28, error: Service Control Manager [7034] - The SupportSoft Sprocket Service (dellsupportcenter) service terminated unexpectedly. It has done this 1 time(s).
    13/03/2011 14:11:39, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Update for Microsoft Office Outlook 2003 (KB2449798).
    13/03/2011 14:05:46, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for the 2007 Microsoft Office System (KB2344875).
    13/03/2011 14:05:38, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for the 2007 Microsoft Office System (KB2345043).
    13/03/2011 14:05:33, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2508974).
    13/03/2011 14:05:18, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2003 (KB2289163).
    12/03/2011 19:57:50, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Microsoft Office Outlook 2003 (KB2449798).
    12/03/2011 19:57:50, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft Office 2007 System (KB2289158).
    12/03/2011 19:38:54, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Security Update for Microsoft Office 2003 (KB2289163).
    12/03/2011 19:38:54, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2508974).
    12/03/2011 19:38:54, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for the 2007 Microsoft Office System (KB2345043).
    12/03/2011 19:38:54, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for the 2007 Microsoft Office System (KB2344875).
    12/03/2011 19:38:36, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for the 2007 Microsoft Office System (KB2284654).
    12/03/2011 19:30:46, error: Service Control Manager [7022] - The PDEngine service hung on starting.
    12/03/2011 19:30:46, error: Service Control Manager [7001] - The PDScheduler service depends on the PDEngine service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    09/03/2011 22:02:48, information: Windows File Protection [64004] - The protected system file wmplayer.exe could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
    09/03/2011 22:02:48, information: Windows File Protection [64004] - The protected system file wmpband.dll could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
    09/03/2011 22:02:48, information: Windows File Protection [64004] - The protected system file wabimp.dll could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
    09/03/2011 22:02:48, information: Windows File Protection [64004] - The protected system file wab32.dll could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
    09/03/2011 22:02:48, information: Windows File Protection [64004] - The protected system file vgx.dll could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
    09/03/2011 22:02:48, information: Windows File Protection [64004] - The protected system file triedit.dll could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
    09/03/2011 22:02:48, information: Windows File Protection [64004] - The protected system file setup_wm.exe could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
    09/03/2011 22:02:48, information: Windows File Protection [64004] - The protected system file msoe.dll could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
    09/03/2011 22:02:48, information: Windows File Protection [64004] - The protected system file msjro.dll could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
    09/03/2011 22:02:48, information: Windows File Protection [64004] - The protected system file msadox.dll could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
    09/03/2011 22:02:48, information: Windows File Protection [64004] - The protected system file msadomd.dll could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
    09/03/2011 22:02:48, information: Windows File Protection [64004] - The protected system file msadco.dll could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
    09/03/2011 22:02:48, information: Windows File Protection [64004] - The protected system file mpvis.dll could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
    09/03/2011 22:02:48, information: Windows File Protection [64004] - The protected system file directdb.dll could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
    09/03/2011 21:39:15, information: Windows File Protection [64004] - The protected system file npdsplay.dll could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0xfffffdda.
    09/03/2011 18:02:02, error: ipnathlp [31008] - The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code.
    09/03/2011 17:35:03, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    09/03/2011 17:32:25, information: Windows File Protection [64004] - The protected system file wab32res.dll could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
    09/03/2011 17:32:25, information: Windows File Protection [64004] - The protected system file sqlxmlx.dll could not be restored to its original, valid version. The file version of the bad file is 2000.85.1117.0 The specific error code is 0xfffffdda.
    09/03/2011 17:32:25, information: Windows File Protection [64004] - The protected system file msxactps.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
    09/03/2011 17:32:25, information: Windows File Protection [64004] - The protected system file msdaurl.dll could not be restored to its original, valid version. The file version of the bad file is 9.2.1117.0 The specific error code is 0xfffffdda.
    09/03/2011 17:32:25, information: Windows File Protection [64004] - The protected system file msdatt.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
    09/03/2011 17:32:19, information: Windows File Protection [64004] - The protected system file msdasc.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
    09/03/2011 17:32:19, information: Windows File Protection [64004] - The protected system file msdaps.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
    09/03/2011 17:32:19, information: Windows File Protection [64004] - The protected system file msdaosp.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
    09/03/2011 17:32:19, information: Windows File Protection [64004] - The protected system file msdaorar.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
    09/03/2011 17:32:19, information: Windows File Protection [64004] - The protected system file msdaora.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
    09/03/2011 17:32:19, information: Windows File Protection [64004] - The protected system file msdaer.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
    09/03/2011 17:32:19, information: Windows File Protection [64004] - The protected system file msdaenum.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
    09/03/2011 17:32:19, information: Windows File Protection [64004] - The protected system file msdadc.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
    09/03/2011 17:32:10, information: Windows File Protection [64004] - The protected system file msdfmap.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
    09/03/2011 17:32:10, information: Windows File Protection [64004] - The protected system file msdaremr.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
    09/03/2011 17:32:10, information: Windows File Protection [64004] - The protected system file msdarem.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
    09/03/2011 17:32:10, information: Windows File Protection [64004] - The protected system file msdaprst.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
    09/03/2011 17:32:10, information: Windows File Protection [64004] - The protected system file msdaprsr.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
    09/03/2011 17:32:10, information: Windows File Protection [64004] - The protected system file msadrh15.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
    09/03/2011 17:32:10, information: Windows File Protection [64004] - The protected system file msador15.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
    09/03/2011 17:32:10, information: Windows File Protection [64004] - The protected system file msader15.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
    09/03/2011 17:32:10, information: Windows File Protection [64004] - The protected system file msaddsr.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
    09/03/2011 17:32:10, information: Windows File Protection [64004] - The protected system file msadds.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
    09/03/2011 17:32:10, information: Windows File Protection [64004] - The protected system file msadcs.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
    09/03/2011 17:32:10, information: Windows File Protection [64004] - The protected system file msadcor.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
    09/03/2011 17:32:10, information: Windows File Protection [64004] - The protected system file msadcfr.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
    09/03/2011 17:32:10, information: Windows File Protection [64004] - The protected system file msadcf.dll could not be restored to its original, valid version. The file version of the bad file is 2.81.1117.0 The specific error code is 0xfffffdda.
    09/03/2011 17:32:01, information: Windows File Protection [64004] - The protected system file spttseng.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.4111.0 The specific error code is 0xfffffdda.
    09/03/2011 17:32:01, information: Windows File Protection [64004] - The protected system file spcommon.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.4111.0 The specific error code is 0xfffffdda.
    09/03/2011 17:30:56, information: Windows File Protection [64004] - The protected system file wisc10.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.814.0 The specific error code is 0xfffffdda.
    09/03/2011 17:30:56, information: Windows File Protection [64004] - The protected system file mssoapr.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.814.0 The specific error code is 0xfffffdda.
    09/03/2011 17:30:56, information: Windows File Protection [64004] - The protected system file mssoap1.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.814.0 The specific error code is 0xfffffdda.
    09/03/2011 17:30:41, information: Windows File Protection [64004] - The protected system file fp4autl.dll could not be restored to its original, valid version. The file version of the bad file is 4.0.2.7523 The specific error code is 0xfffffdda.
    09/03/2011 17:29:53, information: Windows File Protection [64004] - The protected system file spcplui.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.4111.0 The specific error code is 0xfffffdda.
    09/03/2011 17:29:53, information: Windows File Protection [64004] - The protected system file sapisvr.exe could not be restored to its original, valid version. The file version of the bad file is 5.1.4111.0 The specific error code is 0xfffffdda.
    09/03/2011 17:29:53, information: Windows File Protection [64004] - The protected system file sapi.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.4111.0 The specific error code is 0xfffffdda.
    09/03/2011 17:29:19, information: Windows File Protection [64004] - The protected system file msinfo32.exe could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.0 The specific error code is 0xfffffdda.
    09/03/2011 17:28:27, information: Windows File Protection [64004] - The protected system file dao360.dll could not be restored to its original, valid version. The file version of the bad file is 3.60.9512.0 The specific error code is 0xfffffdda.
    09/03/2011 16:28:28, error: ipnathlp [30005] - The DHCP allocator has detected a DHCP server with IP address 192.168.0.1 on the same network as the interface with IP address 192.168.0.4. The allocator has disabled itself on the interface in order to avoid confusing DHCP clients.
    09/03/2011 15:28:17, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The system cannot find the file specified.
    09/03/2011 15:28:17, error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The system cannot find the file specified.
    09/03/2011 14:42:00, error: DCOM [10000] - Unable to start a DCOM Server: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}. The error: "%5" Happened while starting this command: C:\WINDOWS\system32\igfxsrvc.exe -Embedding
    08/03/2011 11:50:44, error: Service Control Manager [7024] - The Hitman Pro 3.5 Crusader (Boot) service terminated with service-specific error 0 (0x0).
    08/03/2011 11:21:47, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    08/03/2011 00:10:03, error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 3 time(s).
    08/03/2011 00:06:10, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    07/03/2011 23:58:42, information: Windows File Protection [64004] - The protected system file wordpad.exe could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.3355 The specific error code is 0xfffffdda.
    07/03/2011 23:58:17, information: Windows File Protection [64004] - The protected system file moviemk.exe could not be restored to its original, valid version. The file version of the bad file is 2.1.4027.0 The specific error code is 0xfffffdda.
    07/03/2011 23:57:50, information: Windows File Protection [64004] - The protected system file iedw.exe could not be restored to its original, valid version. The file version of the bad file is 7.0.5730.11 The specific error code is 0xfffffdda.
    07/03/2011 23:57:50, information: Windows File Protection [64004] - The protected system file hmmapi.dll could not be restored to its original, valid version. The file version of the bad file is 8.0.6001.18702 The specific error code is 0xfffffdda.
    07/03/2011 23:15:10, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Installer service to connect.
    07/03/2011 23:15:10, error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    07/03/2011 23:15:10, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    07/03/2011 23:14:11, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    07/03/2011 23:14:11, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    07/03/2011 23:12:41, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
    07/03/2011 23:12:41, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SPService service to connect.
    07/03/2011 23:12:41, error: Service Control Manager [7000] - The SPService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    07/03/2011 21:48:49, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
    07/03/2011 21:48:49, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    07/03/2011 21:48:49, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    07/03/2011 20:05:52, information: Windows File Protection [64004] - The protected system file wabmig.exe could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
    07/03/2011 20:05:52, information: Windows File Protection [64004] - The protected system file wabfind.dll could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
    07/03/2011 20:05:52, information: Windows File Protection [64004] - The protected system file wab.exe could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
    07/03/2011 20:05:52, information: Windows File Protection [64004] - The protected system file setup50.exe could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
    07/03/2011 20:05:52, information: Windows File Protection [64004] - The protected system file oemiglib.dll could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
    07/03/2011 20:05:52, information: Windows File Protection [64004] - The protected system file oemig50.exe could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
    07/03/2011 20:05:52, information: Windows File Protection [64004] - The protected system file oeimport.dll could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
    07/03/2011 20:05:52, information: Windows File Protection [64004] - The protected system file msoeres.dll could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
    07/03/2011 20:05:52, information: Windows File Protection [64004] - The protected system file msimn.exe could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
    07/03/2011 20:05:43, information: Windows File Protection [64004] - The protected system file wb32.exe could not be restored to its original, valid version. The file version of the bad file is 4.4.0.3400 The specific error code is 0xfffffdda.
    07/03/2011 20:05:43, information: Windows File Protection [64004] - The protected system file rrcm.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
    07/03/2011 20:05:43, information: Windows File Protection [64004] - The protected system file nmwb.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
    07/03/2011 20:05:43, information: Windows File Protection [64004] - The protected system file nmoldwb.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
    07/03/2011 20:05:43, information: Windows File Protection [64004] - The protected system file nmft.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
    07/03/2011 20:05:43, information: Windows File Protection [64004] - The protected system file nmcom.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
    07/03/2011 20:05:43, information: Windows File Protection [64004] - The protected system file nmchat.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
    07/03/2011 20:05:43, information: Windows File Protection [64004] - The protected system file nmasnt.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
    07/03/2011 20:05:43, information: Windows File Protection [64004] - The protected system file nmas.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
    07/03/2011 20:05:43, information: Windows File Protection [64004] - The protected system file nac.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
    07/03/2011 20:05:43, information: Windows File Protection [64004] - The protected system file mst123.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
    07/03/2011 20:05:41, information: Windows File Protection [64004] - The protected system file mst120.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
    07/03/2011 20:05:41, information: Windows File Protection [64004] - The protected system file h323cc.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
    07/03/2011 20:05:41, information: Windows File Protection [64004] - The protected system file dcap32.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
    07/03/2011 20:05:41, information: Windows File Protection [64004] - The protected system file confmrsl.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
    07/03/2011 20:05:41, information: Windows File Protection [64004] - The protected system file conf.exe could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
    07/03/2011 20:05:41, information: Windows File Protection [64004] - The protected system file cb32.exe could not be restored to its original, valid version. The file version of the bad file is 4.4.0.3400 The specific error code is 0xfffffdda.
    07/03/2011 20:05:41, information: Windows File Protection [64004] - The protected system file callcont.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
    07/03/2011 20:04:34, information: Windows File Protection [64004] - The protected system file zonelibm.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
    07/03/2011 20:04:34, information: Windows File Protection [64004] - The protected system file zoneclim.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
    07/03/2011 20:04:34, information: Windows File Protection [64004] - The protected system file znetm.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
    07/03/2011 20:04:34, information: Windows File Protection [64004] - The protected system file zeeverm.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.629.1 The specific error code is 0xfffffdda.
    07/03/2011 20:04:34, information: Windows File Protection [64004] - The protected system file zcorem.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
    07/03/2011 20:04:34, information: Windows File Protection [64004] - The protected system file zclientm.exe could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
    07/03/2011 20:04:34, information: Windows File Protection [64004] - The protected system file uniansi.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
    07/03/2011 20:04:34, information: Windows File Protection [64004] - The protected system file shvlzm.exe could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
    07/03/2011 20:04:34, information: Windows File Protection [64004] - The protected system file shvlres.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
    07/03/2011 20:04:34, information: Windows File Protection [64004] - The protected system file shvl.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
    07/03/2011 20:04:34, information: Windows File Protection [64004] - The protected system file rvsezm.exe could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
    07/03/2011 20:04:34, information: Windows File Protection [64004] - The protected system file rvseres.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
    07/03/2011 20:04:26, information: Windows File Protection [64004] - The protected system file rvse.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
    07/03/2011 20:04:26, information: Windows File Protection [64004] - The protected system file hrtzzm.exe could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
    07/03/2011 20:04:26, information: Windows File Protection [64004] - The protected system file hrtzres.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
    07/03/2011 20:04:25, information: Windows File Protection [64004] - The protected system file hrtz.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
    07/03/2011 20:04:25, information: Windows File Protection [64004] - The protected system file cmnresm.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
    07/03/2011 20:04:25, information: Windows File Protection [64004] - The protected system file cmnclim.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.629.1 The specific error code is 0xfffffdda.
    07/03/2011 20:04:25, information: Windows File Protection [64004] - The protected system file chkrzm.exe could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
    07/03/2011 20:04:24, information: Windows File Protection [64004] - The protected system file chkrres.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
    07/03/2011 20:04:24, information: Windows File Protection [64004] - The protected system file chkr.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
    07/03/2011 20:04:24, information: Windows File Protection [64004] - The protected system file bckgzm.exe could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
    07/03/2011 20:04:23, information: Windows File Protection [64004] - The protected system file bckgres.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
    07/03/2011 20:04:21, information: Windows File Protection [64004] - The protected system file bckg.dll could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0xfffffdda.
    07/03/2011 20:03:10, information: Windows File Protection [64004] - The protected system file wmm2res2.dll could not be restored to its original, valid version. The file version of the bad file is 2.1.4026.0 The specific error code is 0xfffffdda.
    07/03/2011 20:03:10, information: Windows File Protection [64004] - The protected system file wmm2res.dll could not be restored to its original, valid version. The file version of the bad file is 2.1.4026.0 The specific error code is 0xfffffdda.
    07/03/2011 20:03:10, information: Windows File Protection [64004] - The protected system file wmm2fxb.dll could not be restored to its original, valid version. The file version of the bad file is 2.1.4026.0 The specific error code is 0xfffffdda.
    07/03/2011 20:03:10, information: Windows File Protection [64004] - The protected system file wmm2fxa.dll could not be restored to its original, valid version. The file version of the bad file is 2.1.4026.0 The specific error code is 0xfffffdda.
    07/03/2011 20:03:10, information: Windows File Protection [64004] - The protected system file wmm2filt.dll could not be restored to its original, valid version. The file version of the bad file is 2.1.4026.0 The specific error code is 0xfffffdda.
    07/03/2011 20:03:10, information: Windows File Protection [64004] - The protected system file wmm2ext.dll could not be restored to its original, valid version. The file version of the bad file is 2.1.4026.0 The specific error code is 0xfffffdda.
    07/03/2011 20:03:10, information: Windows File Protection [64004] - The protected system file wmm2eres.dll could not be restored to its original, valid version. The file version of the bad file is 2.1.4026.0 The specific error code is 0xfffffdda.
    07/03/2011 20:03:10, information: Windows File Protection [64004] - The protected system file wmm2ae.dll could not be restored to its original, valid version. The file version of the bad file is 2.1.4026.0 The specific error code is 0xfffffdda.
    07/03/2011 19:36:32, information: Windows File Protection [64004] - The protected system file iexplore.exe could not be restored to its original, valid version. The file version of the bad file is 8.0.6001.18702 The specific error code is 0xfffffdda.
    07/03/2011 19:36:31, information: Windows File Protection [64004] - The protected system file trialoc.dll could not be restored to its original, valid version. The file version of the bad file is 6.0.2600.0 The specific error code is 0xfffffdda.
    07/03/2011 19:36:31, information: Windows File Protection [64004] - The protected system file isignup.exe could not be restored to its original, valid version. The file version of the bad file is 6.0.2600.0 The specific error code is 0xfffffdda.
    07/03/2011 19:36:31, information: Windows File Protection [64004] - The protected system file inetwiz.exe could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
    07/03/2011 19:36:31, information: Windows File Protection [64004] - The protected system file icwutil.dll could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
    07/03/2011 19:36:31, information: Windows File Protection [64004] - The protected system file icwtutor.exe could not be restored to its original, valid version. The file version of the bad file is 6.0.2600.0 The specific error code is 0xfffffdda.
    07/03/2011 19:36:31, information: Windows File Protection [64004] - The protected system file icwrmind.exe could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
    07/03/2011 19:36:31, information: Windows File Protection [64004] - The protected system file icwres.dll could not be restored to its original, valid version. The file version of the bad file is 6.0.2600.0 The specific error code is 0xfffffdda.
    07/03/2011 19:36:31, information: Windows File Protection [64004] - The protected system file icwhelp.dll could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
    07/03/2011 19:36:31, information: Windows File Protection [64004] - The protected system file icwdl.dll could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
    07/03/2011 19:36:31, information: Windows File Protection [64004] - The protected system file icwconn2.exe could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
    07/03/2011 19:36:31, information: Windows File Protection [64004] - The protected system file icwconn1.exe could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
    07/03/2011 19:36:31, information: Windows File Protection [64004] - The protected system file icwconn.dll could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0xfffffdda.
    07/03/2011 16:55:59, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
    07/03/2011 16:33:02, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    07/03/2011 16:33:01, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service service to connect.
    07/03/2011 15:46:09, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
    07/03/2011 15:46:09, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    07/03/2011 15:03:36, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    07/03/2011 14:32:56, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    07/03/2011 14:29:45, error: ipnathlp [30009] - The DHCP allocator encountered a network error while attempting to reply on IP address 172.48.70.102 to a request from a client. The data is the error code.
    07/03/2011 13:29:35, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\SHELL32.dll. Reference error message: The operation completed successfully. .
    07/03/2011 13:29:34, error: SideBySide [58] - Syntax error in manifest or policy file "C:\WINDOWS\system32\SHELL32.dll" on line 0.
    06/03/2011 23:26:58, information: Windows File Protection [64004] - The protected system file wmpns.dll could not be restored to its original, valid version. The file version of the bad file is 9.0.0.3250 The specific error code is 0xfffffdda.
    06/03/2011 23:26:58, information: Windows File Protection [64004] - The protected system file pinball.exe could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
    06/03/2011 23:26:58, information: Windows File Protection [64004] - The protected system file htrn_jis.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.0 The specific error code is 0xfffffdda.
    06/03/2011 23:26:58, information: Windows File Protection [64004] - The protected system file dialer.exe could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0xfffffdda.
    06/03/2011 23:26:53, information: Windows File Protection [64004] - The protected system file npwmsdrm.dll could not be restored to its original, valid version. The file version of the bad file is 9.0.0.3250 The specific error code is 0xfffffdda.
    06/03/2011 23:26:53, information: Windows File Protection [64004] - The protected system file npdrmv2.dll could not be restored to its original, valid version. The file version of the bad file is 9.0.0.3250 The specific error code is 0xfffffdda.
    06/03/2011 23:26:53, information: Windows File Protection [64004] - The protected system file mplayer2.exe could not be restored to its original, valid version. The file version of the bad file is 6.4.9.1125 The specific error code is 0xfffffdda.
    06/03/2011 23:26:53, information: Windows File Protection [64004] - The protected system file migrate.exe could not be restored to its original, valid version. The file version of the bad file is 9.0.0.3250 The specific error code is 0xfffffdda.
    06/03/2011 23:26:53, information: Windows File Protection [64004] - The protected system file custsat.dll could not be restored to its original, valid version. The file version of the bad file is 9.0.2600.2180 The specific error code is 0xfffffdda.
    06/03/2011 22:59:02, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. warren90

    warren90 TS Rookie Topic Starter

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 2 (build 2600)
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 150):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806CE000 \WINDOWS\system32\hal.dll
    0xF8972000 \WINDOWS\system32\KDCOM.DLL
    0xF8882000 \WINDOWS\system32\BOOTVID.dll
    0xF8343000 ACPI.sys
    0xF8974000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF8332000 pci.sys
    0xF8472000 isapnp.sys
    0xF8312000 fltMgr.sys
    0xF8886000 compbatt.sys
    0xF888A000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF8A3A000 pciide.sys
    0xF86F2000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF8976000 intelide.sys
    0xF82F4000 pcmcia.sys
    0xF8482000 MountMgr.sys
    0xF82D5000 ftdisk.sys
    0xF86FA000 PartMgr.sys
    0xF8492000 VolSnap.sys
    0xF82BD000 atapi.sys
    0xF84A2000 disk.sys
    0xF84B2000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF82AB000 sr.sys
    0xF826E000 PCTCore.sys
    0xF8258000 drvmcdb.sys
    0xF84C2000 PxHelp20.sys
    0xF8241000 KSecDD.sys
    0xF84D2000 Defrag32b.sys
    0xF81B4000 Ntfs.sys
    0xF8187000 NDIS.sys
    0xF84E2000 ohci1394.sys
    0xF84F2000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF816C000 Mup.sys
    0xF8512000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xF8622000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF8133000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xF7460000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
    0xF744C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF8712000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF7429000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF871A000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF8662000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
    0xF7418000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0xF7108000 \SystemRoot\system32\DRIVERS\w29n51.sys
    0xF70C5000 \SystemRoot\system32\drivers\STAC97.sys
    0xF70A1000 \SystemRoot\system32\drivers\portcls.sys
    0xF8672000 \SystemRoot\system32\drivers\drmk.sys
    0xF707E000 \SystemRoot\system32\drivers\ks.sys
    0xF704D000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
    0xF6F4E000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
    0xF6EA6000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    0xF8722000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF8682000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF6E8C000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
    0xF872A000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF8732000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF8692000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF873A000 \SystemRoot\system32\drivers\Afc.sys
    0xF8742000 \SystemRoot\system32\drivers\pfc.sys
    0xF89C0000 \SystemRoot\system32\drivers\sscdbhk5.sys
    0xF86D2000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF86A2000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF86B2000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0xF86C2000 \SystemRoot\System32\Drivers\tosrfcom.sys
    0xF6E4F000 \SystemRoot\system32\DRIVERS\iwca.sys
    0xF8A95000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF86E2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF8123000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF6E38000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF7A5A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF7A4A000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF874A000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF6E27000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF7A3A000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF8752000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF875A000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF7A2A000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF89C2000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF6DCE000 \SystemRoot\system32\DRIVERS\update.sys
    0xF811B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF8762000 \SystemRoot\system32\DRIVERS\omci.sys
    0xF7A1A000 \SystemRoot\system32\DRIVERS\tosporte.sys
    0xF7A0A000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF79EA000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF89DA000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF89F4000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xF89F6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF8A8E000 \SystemRoot\System32\Drivers\Null.SYS
    0xF89F8000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF878A000 \SystemRoot\system32\drivers\ssrtln.sys
    0xF8792000 \SystemRoot\System32\drivers\vga.sys
    0xF89FA000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF89FC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF879A000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF87A2000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF892E000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xAA765000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xAA70D000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xF79DA000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0xAA6EC000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xAA6C4000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xF87AA000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0xAA6A2000 \SystemRoot\System32\drivers\afd.sys
    0xF79CA000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xAA5D7000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xAA568000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF8532000 \SystemRoot\System32\Drivers\Fips.SYS
    0xAA4F8000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xAA49A000 \SystemRoot\System32\Drivers\aswSnx.SYS
    0xF896E000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
    0xF87C2000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0xF8572000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xAA45A000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF8986000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xF8592000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF85A2000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xAA540000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF8832000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF8A44000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF020000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF041000 \SystemRoot\System32\ialmdev5.DLL
    0xBF075000 \SystemRoot\System32\ialmdd5.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xAA54C000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0xAA632000 \SystemRoot\system32\drivers\drvnddm.sys
    0xF8B15000 \SystemRoot\system32\dla\tfsndres.sys
    0xAA304000 \SystemRoot\system32\dla\tfsnifs.sys
    0xF889E000 \SystemRoot\system32\dla\tfsnopio.sys
    0xF89F2000 \SystemRoot\system32\dla\tfsnpool.sys
    0xF887A000 \SystemRoot\system32\dla\tfsnboio.sys
    0xAA622000 \SystemRoot\system32\dla\tfsncofs.sys
    0xF8B1F000 \SystemRoot\system32\dla\tfsndrct.sys
    0xAA2EB000 \SystemRoot\system32\dla\tfsnudf.sys
    0xAA2D2000 \SystemRoot\system32\dla\tfsnudfa.sys
    0xAA31A000 \SystemRoot\system32\DRIVERS\AegisP.sys
    0xAA48E000 \SystemRoot\system32\DRIVERS\s24trans.sys
    0xAA2AA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xAA0B3000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0xA992F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xA991A000 \SystemRoot\system32\drivers\wdmaud.sys
    0xA9E33000 \SystemRoot\system32\drivers\sysaudio.sys
    0xF89B8000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
    0xA95C5000 \SystemRoot\system32\DRIVERS\srv.sys
    0xA970C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xA96B4000 \SystemRoot\system32\DRIVERS\secdrv.sys
    0xA91C1000 \SystemRoot\System32\Drivers\HTTP.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 56):
    0 System Idle Process
    4 System
    580 C:\WINDOWS\system32\smss.exe
    996 csrss.exe
    1020 C:\WINDOWS\system32\winlogon.exe
    1064 C:\WINDOWS\system32\services.exe
    1076 C:\WINDOWS\system32\lsass.exe
    1232 C:\WINDOWS\system32\svchost.exe
    1328 svchost.exe
    1392 C:\WINDOWS\system32\svchost.exe
    1444 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    1500 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    1524 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
    1604 svchost.exe
    1692 svchost.exe
    212 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    828 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    1596 C:\WINDOWS\explorer.exe
    1776 C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    736 C:\WINDOWS\system32\hkcmd.exe
    748 C:\WINDOWS\system32\igfxpers.exe
    756 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    764 C:\Program Files\Dell\QuickSet\quickset.exe
    776 C:\WINDOWS\system32\dla\tfswctrl.exe
    792 C:\Program Files\Oxigen\bin\Oxigen.exe
    800 C:\Program Files\Oxigen\bin\OxiTray.exe
    788 C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe
    852 C:\Program Files\AVAST Software\Avast\AvastUI.exe
    864 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    884 C:\WINDOWS\system32\igfxsrvc.exe
    928 C:\WINDOWS\system32\ctfmon.exe
    420 C:\Program Files\Digital Line Detect\DLG.exe
    640 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    712 C:\Program Files\Dell Support Center\gs_agent\dsc.exe
    2136 svchost.exe
    2544 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    2896 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    2920 C:\Program Files\Bonjour\mDNSResponder.exe
    2936 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
    2968 C:\WINDOWS\system32\cisvc.exe
    3292 C:\Program Files\Java\jre6\bin\jqs.exe
    3388 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    2632 C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
    2720 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    2956 C:\Program Files\Virgin Media\HUB\ServicepointService.exe
    3040 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    3596 wmiprvse.exe
    3456 C:\WINDOWS\system32\wuauclt.exe
    3076 wmiprvse.exe
    1628 alg.exe
    1848 C:\WINDOWS\system32\svchost.exe
    2424 C:\Program Files\Virgin Media\HUB\VirginMediaHUBComHandler.exe
    2252 C:\WINDOWS\system32\taskmgr.exe
    940 C:\WINDOWS\system32\mshta.exe
    1872 C:\WINDOWS\system32\wscntfy.exe
    2204 C:\Documents and Settings\Michael Lunn\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`065f9a00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD800VE-75HDT1, Rev: 11.07D11

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 79BCE648F143823706869D592F56B05B3E4D6E83


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
  8. warren90

    warren90 TS Rookie Topic Starter

    ComboFix 11-03-13.01 - Michael Lunn 14/03/2011 11:33:47.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.503.210 [GMT 0:00]
    Running from: c:\documents and settings\Michael Lunn\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\AutocompletePro
    c:\program files\AutocompletePro\64\AutocompletePro64.dll
    c:\program files\AutocompletePro\AutocompletePro.dll
    c:\program files\AutocompletePro\chrome\autocompleteprochrome.crx
    c:\program files\AutocompletePro\ChromeSetSearchInBrowser.exe
    c:\program files\AutocompletePro\FireFoxExtension.exe
    c:\program files\AutocompletePro\InstTracker.exe
    c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
    c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
    c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
    c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
    c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
    c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
    c:\program files\AutocompletePro\support@predictad.com\install.rdf
    c:\program files\AutocompletePro\unins000.dat
    c:\program files\AutocompletePro\unins000.exe
    c:\program files\TVAnts\UNWISE.EXE
    c:\windows\Tasks\At1.job
    c:\windows\Tasks\At10.job
    c:\windows\Tasks\At11.job
    c:\windows\Tasks\At12.job
    c:\windows\Tasks\At13.job
    c:\windows\Tasks\At14.job
    c:\windows\Tasks\At15.job
    c:\windows\Tasks\At16.job
    c:\windows\Tasks\At17.job
    c:\windows\Tasks\At18.job
    c:\windows\Tasks\At19.job
    c:\windows\Tasks\At2.job
    c:\windows\Tasks\At20.job
    c:\windows\Tasks\At21.job
    c:\windows\Tasks\At22.job
    c:\windows\Tasks\At23.job
    c:\windows\Tasks\At24.job
    c:\windows\Tasks\At3.job
    c:\windows\Tasks\At4.job
    c:\windows\Tasks\At5.job
    c:\windows\Tasks\At6.job
    c:\windows\Tasks\At7.job
    c:\windows\Tasks\At8.job
    c:\windows\Tasks\At9.job
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_USNJSVC
    -------\Service_usnjsvc
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-14 to 2011-03-14 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-12 23:24 . 2011-03-12 23:24 -------- d-----w- c:\program files\GustoSoft
    2011-03-12 23:13 . 2011-03-12 23:13 -------- d-----w- c:\program files\FLV Player
    2011-03-12 23:13 . 2011-03-12 23:13 -------- d-----w- c:\windows\FLV Player
    2011-03-09 19:32 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-03-09 19:32 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-03-09 19:32 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-03-09 19:32 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-03-09 19:32 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-03-09 19:32 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-03-09 19:32 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-03-09 19:32 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-03-09 19:30 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
    2011-03-09 19:30 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
    2011-03-09 19:30 . 2011-03-09 19:30 -------- d-----w- c:\program files\AVAST Software
    2011-03-09 19:30 . 2011-03-09 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2011-03-09 18:08 . 2011-03-09 18:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2011-03-09 16:56 . 2011-03-09 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
    2011-03-09 15:34 . 2011-03-09 15:34 -------- d-----w- c:\program files\Trend Micro
    2011-03-08 13:23 . 2011-03-08 13:23 -------- d-----w- c:\program files\Zone Labs
    2011-03-08 12:59 . 2011-03-08 13:23 -------- d-----w- c:\windows\Internet Logs
    2011-03-08 11:51 . 2011-03-09 22:57 -------- d-----w- c:\program files\jtlgjjrk
    2011-03-07 23:34 . 2011-03-08 11:50 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-03-07 23:34 . 2011-03-07 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
    2011-03-07 16:21 . 2010-12-10 16:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2011-03-07 16:21 . 2010-12-10 13:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2011-03-07 16:20 . 2011-03-07 18:00 -------- d-----w- c:\program files\Common Files\PC Tools
    2011-03-07 16:20 . 2011-03-07 18:00 -------- d-----w- c:\program files\PC Tools Security
    2011-03-07 16:18 . 2011-03-07 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2011-03-07 15:03 . 2011-03-07 15:05 616 ---ha-w- C:\aaw7boot.cmd
    2011-03-07 13:56 . 2011-02-23 09:35 5943120 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
    2011-03-06 20:25 . 2011-03-06 20:25 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-03-05 21:46 . 2011-03-05 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\RegInOut
    2011-03-05 21:46 . 2011-03-05 21:46 -------- d-----w- c:\windows\RegInOut System Utilities
    2011-03-05 21:46 . 2011-03-05 21:46 -------- d-----w- c:\program files\RegInOut
    2011-03-05 19:24 . 2011-03-05 19:55 -------- d-----w- c:\documents and settings\Administrator
    2011-03-01 17:03 . 2011-03-11 22:02 -------- d-----w- c:\documents and settings\Michael Lunn\Local Settings\Application Data\Spotify
    2011-03-01 17:03 . 2011-03-02 16:47 -------- d-----w- c:\documents and settings\Michael Lunn\Application Data\Spotify
    2011-03-01 17:02 . 2011-03-01 17:02 -------- d-----w- c:\program files\Spotify
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-02 17:11 . 2009-10-04 15:46 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-12-20 18:09 . 2009-06-18 12:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 18:08 . 2009-06-18 12:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ------- Sigcheck -------
    .
    [-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe
    [-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
    [7] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
    .
    c:\windows\System32\spoolsv.exe ... is missing !!
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\documents and settings\Michael Lunn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-17 136176]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2011-03-07 385024]
    "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2011-03-07 684032]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
    "OxigenClientAdmin"="c:\program files\Oxigen\bin\Oxigen.exe" [2007-06-23 887264]
    "OxigenTrayIcon"="c:\program files\Oxigen\bin\OxiTray.exe" [2007-06-23 557536]
    "VirginMediaHUB.exe"="c:\program files\Virgin Media\HUB\VirginMediaHUB.exe" [2009-12-14 4277488]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-11-24 24576]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
    2004-09-07 16:08 110592 ------w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
    backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2007-03-09 11:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
    2008-08-13 18:32 206064 ------w- c:\program files\Dell Support Center\bin\sprtcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
    2007-11-15 09:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-06-05 12:39 292136 ------w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-06-13 19:02 198160 ------w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\TVAnts\\Tvants.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Virgin Media\\HUB\\ServicepointService.exe"=
    "c:\\Program Files\\Spotify\\spotify.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "17140:TCP"= 17140:TCP:spport
    "22557:TCP"= 22557:TCP:spport
    "20686:TCP"= 20686:TCP:spport
    "25278:TCP"= 25278:TCP:spport
    "16053:TCP"= 16053:TCP:spport
    .
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [07/03/2011 16:21 239168]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [09/03/2011 19:32 371544]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [09/03/2011 19:32 301528]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09/03/2011 19:32 19544]
    R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\HUB\ServicepointService.exe [14/10/2010 14:13 668912]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [09/03/2011 18:03 136176]
    S2 PDSched;PDScheduler;c:\program files\Raxco\PerfectDisk\PDSched.exe [12/05/2005 12:43 241731]
    S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [07/03/2011 23:34 16968]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .
    2011-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-09 18:03]
    .
    2011-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-09 18:03]
    .
    2011-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1825243142-2624455098-1337660762-1007Core.job
    - c:\documents and settings\Michael Lunn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-17 13:03]
    .
    2011-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1825243142-2624455098-1337660762-1007UA.job
    - c:\documents and settings\Michael Lunn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-17 13:03]
    .
    2011-03-05 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
    .
    2011-03-05 c:\windows\Tasks\RegInOut Scheduled Scan - Michael Lunn.job
    - c:\program files\RegInOut\RegInOut.exe [2011-02-07 21:24]
    .
    2011-03-14 c:\windows\Tasks\User_Feed_Synchronization-{F7660274-59D4-4984-95B2-D388BFC36B20}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.autocompletepro.com/?si=10205&bi=400
    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    uDefault_Search_URL = hxxp://search.autocompletepro.com/?si=10205&bi=400
    IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Michael Lunn\Application Data\Mozilla\Firefox\Profiles\8ihyvxt4.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.startup.homepage - hxxp://search.autocompletepro.com?si=10205
    FF - prefs.js: keyword.URL - hxxp://search.autocompletepro.com?si=10205&q=
    FF - prefs.js: browser.search.selectedEngine - ACPro
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Googlebar Lite: {79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f} - %profile%\extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}
    FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    SafeBoot-AVG Anti-Spyware Driver
    SafeBoot-AVG Anti-Spyware Guard
    SafeBoot-WinDefend
    MSConfigStartUp-Apoint - c:\program files\Apoint\Apoint.exe
    AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe
    AddRemove-CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1 - c:\program files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE
    AddRemove-InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} - c:\program files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
    AddRemove-InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756} - c:\program files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
    AddRemove-InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} - c:\program files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
    AddRemove-Money2005b - c:\program files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe
    AddRemove-MSNINST - c:\program files\MSN\MsnInstaller\msninst.exe
    AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe
    AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe
    AddRemove-StreetPlugin - c:\program files\Learn2.com\StRunner\stuninst.exe
    AddRemove-TVAnts 1.0 - c:\progra~1\TVAnts\UNWISE.EXE
    AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe
    AddRemove-Windows Media Format Runtime - c:\program files\Windows Media Player\wmsetsdk.exe
    AddRemove-Windows Media Player - c:\program files\Windows Media Player\Setup_wm.exe
    AddRemove-WinRAR archiver - c:\program files\WinRAR\uninstall.exe
    AddRemove-Works2005Setup - c:\program files\Microsoft Works Suite 2005\Setup\Launcher.exe
    AddRemove-{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD} - c:\program files\Apoint\Uninstap.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-14 11:51
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1020)
    c:\program files\Intel\Wireless\Bin\LgNotify.dll
    .
    - - - - - - - > 'explorer.exe'(248)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Intel\Wireless\Bin\WLKeeper.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
    c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    c:\program files\Dell Support Center\gs_agent\dsc.exe
    c:\windows\system32\msiexec.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2011-03-14 11:57:28 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-03-14 11:57
    .
    Pre-Run: 34,198,654,976 bytes free
    Post-Run: 34,166,603,776 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 42DD8F4A400D017C0ACB54F8165C03F2
     
  9. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Uninstall RegInOut System Utilities.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    =======================================================================

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    FCopy::
    c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe | c:\windows\System32\spoolsv.exe
    
    Folder::
    c:\program files\jtlgjjrk
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  10. warren90

    warren90 TS Rookie Topic Starter

    ComboFix 11-03-13.01 - Michael Lunn 15/03/2011 20:15:10.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.503.219 [GMT 0:00]
    Running from: c:\documents and settings\Michael Lunn\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Michael Lunn\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\jtlgjjrk
    .
    .
    --------------- FCopy ---------------
    .
    c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe --> c:\windows\System32\spoolsv.exe
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-15 to 2011-03-15 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-15 20:15 . 2005-06-11 00:17 57856 ----a-w- c:\windows\system32\spoolsv.exe
    2011-03-15 20:15 . 2005-06-11 00:17 57856 ----a-w- c:\windows\system32\dllcache\spoolsv.exe
    2011-03-12 23:24 . 2011-03-12 23:24 -------- d-----w- c:\program files\GustoSoft
    2011-03-12 23:13 . 2011-03-12 23:13 -------- d-----w- c:\program files\FLV Player
    2011-03-12 23:13 . 2011-03-12 23:13 -------- d-----w- c:\windows\FLV Player
    2011-03-09 19:32 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-03-09 19:32 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-03-09 19:32 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-03-09 19:32 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-03-09 19:32 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-03-09 19:32 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-03-09 19:32 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-03-09 19:32 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-03-09 19:30 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
    2011-03-09 19:30 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
    2011-03-09 19:30 . 2011-03-09 19:30 -------- d-----w- c:\program files\AVAST Software
    2011-03-09 19:30 . 2011-03-09 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2011-03-09 18:08 . 2011-03-09 18:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2011-03-09 16:56 . 2011-03-09 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
    2011-03-09 15:34 . 2011-03-09 15:34 -------- d-----w- c:\program files\Trend Micro
    2011-03-08 13:23 . 2011-03-08 13:23 -------- d-----w- c:\program files\Zone Labs
    2011-03-08 12:59 . 2011-03-08 13:23 -------- d-----w- c:\windows\Internet Logs
    2011-03-07 23:34 . 2011-03-08 11:50 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-03-07 23:34 . 2011-03-07 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
    2011-03-07 16:21 . 2010-12-10 16:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2011-03-07 16:21 . 2010-12-10 13:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2011-03-07 16:20 . 2011-03-07 18:00 -------- d-----w- c:\program files\Common Files\PC Tools
    2011-03-07 16:20 . 2011-03-07 18:00 -------- d-----w- c:\program files\PC Tools Security
    2011-03-07 16:18 . 2011-03-07 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2011-03-07 15:03 . 2011-03-07 15:05 616 ---ha-w- C:\aaw7boot.cmd
    2011-03-07 13:56 . 2011-02-23 09:35 5943120 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
    2011-03-06 20:25 . 2011-03-06 20:25 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-03-05 21:46 . 2011-03-05 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\RegInOut
    2011-03-05 21:46 . 2011-03-05 21:46 -------- d-----w- c:\windows\RegInOut System Utilities
    2011-03-05 19:24 . 2011-03-05 19:55 -------- d-----w- c:\documents and settings\Administrator
    2011-03-01 17:03 . 2011-03-11 22:02 -------- d-----w- c:\documents and settings\Michael Lunn\Local Settings\Application Data\Spotify
    2011-03-01 17:03 . 2011-03-02 16:47 -------- d-----w- c:\documents and settings\Michael Lunn\Application Data\Spotify
    2011-03-01 17:02 . 2011-03-01 17:02 -------- d-----w- c:\program files\Spotify
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-02 17:11 . 2009-10-04 15:46 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-12-20 18:09 . 2009-06-18 12:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 18:08 . 2009-06-18 12:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\documents and settings\Michael Lunn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-17 136176]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2011-03-07 385024]
    "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2011-03-07 684032]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
    "OxigenClientAdmin"="c:\program files\Oxigen\bin\Oxigen.exe" [2007-06-23 887264]
    "OxigenTrayIcon"="c:\program files\Oxigen\bin\OxiTray.exe" [2007-06-23 557536]
    "VirginMediaHUB.exe"="c:\program files\Virgin Media\HUB\VirginMediaHUB.exe" [2009-12-14 4277488]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-11-24 24576]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
    2004-09-07 16:08 110592 ------w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
    backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2007-03-09 11:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
    2008-08-13 18:32 206064 ------w- c:\program files\Dell Support Center\bin\sprtcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
    2007-11-15 09:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-06-05 12:39 292136 ------w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-06-13 19:02 198160 ------w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\TVAnts\\Tvants.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Virgin Media\\HUB\\ServicepointService.exe"=
    "c:\\Program Files\\Spotify\\spotify.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "17140:TCP"= 17140:TCP:spport
    "22557:TCP"= 22557:TCP:spport
    "20686:TCP"= 20686:TCP:spport
    "25278:TCP"= 25278:TCP:spport
    "16053:TCP"= 16053:TCP:spport
    .
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [07/03/2011 16:21 239168]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [09/03/2011 19:32 371544]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [09/03/2011 19:32 301528]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09/03/2011 19:32 19544]
    R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\HUB\ServicepointService.exe [14/10/2010 14:13 668912]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [09/03/2011 18:03 136176]
    S2 PDSched;PDScheduler;c:\program files\Raxco\PerfectDisk\PDSched.exe [12/05/2005 12:43 241731]
    S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [07/03/2011 23:34 16968]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .
    2011-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-09 18:03]
    .
    2011-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-09 18:03]
    .
    2011-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1825243142-2624455098-1337660762-1007Core.job
    - c:\documents and settings\Michael Lunn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-17 13:03]
    .
    2011-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1825243142-2624455098-1337660762-1007UA.job
    - c:\documents and settings\Michael Lunn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-17 13:03]
    .
    2011-03-05 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
    .
    2011-03-15 c:\windows\Tasks\User_Feed_Synchronization-{F7660274-59D4-4984-95B2-D388BFC36B20}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.autocompletepro.com/?si=10205&bi=400
    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    uDefault_Search_URL = hxxp://search.autocompletepro.com/?si=10205&bi=400
    IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Michael Lunn\Application Data\Mozilla\Firefox\Profiles\8ihyvxt4.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - ACPro
    FF - prefs.js: browser.startup.homepage - hxxp://search.autocompletepro.com?si=10205
    FF - prefs.js: keyword.URL - hxxp://search.autocompletepro.com?si=10205&q=
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Googlebar Lite: {79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f} - %profile%\extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}
    FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-15 20:28
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1024)
    c:\program files\Intel\Wireless\Bin\LgNotify.dll
    .
    - - - - - - - > 'explorer.exe'(3744)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-03-15 20:33:34
    ComboFix-quarantined-files.txt 2011-03-15 20:33
    ComboFix2.txt 2011-03-14 11:57
    .
    Pre-Run: 33,604,444,160 bytes free
    Post-Run: 33,589,784,576 bytes free
    .
    - - End Of File - - 0997783177E5DAD30DFE2633E9ADA9A0
     
  11. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. warren90

    warren90 TS Rookie Topic Starter

    Google is no longer redirecting and computer seems to be behaving normally.

    First part of OTL.txt:

    OTL logfile created on: 15/03/2011 22:20:06 - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Michael Lunn\Desktop
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    503.00 Mb Total Physical Memory | 255.00 Mb Available Physical Memory | 51.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1024 2048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 70.77 Gb Total Space | 31.17 Gb Free Space | 44.04% Space Free | Partition Type: NTFS

    Computer Name: DAYNE2 | User Name: Michael Lunn | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/03/15 22:15:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael Lunn\Desktop\OTL.exe
    PRC - [2011/03/07 15:04:11 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    PRC - [2011/03/07 15:04:02 | 000,684,032 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe
    PRC - [2011/03/07 15:03:50 | 000,450,560 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
    PRC - [2011/03/07 15:03:44 | 000,253,952 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    PRC - [2011/03/07 15:03:33 | 000,479,232 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    PRC - [2011/02/23 15:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2011/02/23 15:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2009/12/14 10:26:02 | 000,668,912 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\HUB\ServicepointService.exe
    PRC - [2009/12/14 10:25:56 | 004,277,488 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe
    PRC - [2009/12/14 10:25:56 | 000,468,208 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\HUB\VirginMediaHUBComHandler.exe
    PRC - [2008/08/13 18:32:46 | 001,017,648 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
    PRC - [2008/08/13 18:32:40 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2007/06/23 02:04:52 | 000,557,536 | ---- | M] () -- C:\Program Files\Oxigen\bin\OxiTray.exe
    PRC - [2007/06/23 02:01:36 | 000,887,264 | ---- | M] () -- C:\Program Files\Oxigen\bin\Oxigen.exe
    PRC - [2007/06/13 10:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2004/09/07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
    PRC - [2004/09/07 16:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    PRC - [2004/09/07 16:03:40 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/03/15 22:15:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael Lunn\Desktop\OTL.exe
    MOD - [2011/03/07 15:03:06 | 000,069,632 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
    MOD - [2006/08/25 15:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2011/02/23 15:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2009/12/14 10:26:02 | 000,668,912 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\HUB\ServicepointService.exe -- (ServicepointService)
    SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
    SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
    SRV - [2005/05/12 12:43:28 | 000,241,731 | ---- | M] (Raxco Software, Inc.) [Auto | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDSched.exe -- (PDSched)
    SRV - [2005/05/12 12:42:40 | 000,483,397 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
    SRV - [2004/09/07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/03/08 11:50:38 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
    DRV - [2011/02/23 14:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/02/23 14:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/02/23 14:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/02/23 14:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2011/02/23 14:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/02/23 14:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2011/02/23 14:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
    DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2005/08/03 10:44:16 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
    DRV - [2005/05/12 09:47:14 | 000,061,544 | ---- | M] (Raxco Software, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\defrag32b.sys -- (Defrag32b)
    DRV - [2005/03/10 22:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
    DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
    DRV - [2005/01/08 01:15:40 | 000,051,582 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte)
    DRV - [2005/01/06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
    DRV - [2004/12/24 18:36:38 | 000,097,792 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
    DRV - [2004/12/21 11:38:12 | 000,034,816 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
    DRV - [2004/12/15 17:30:14 | 000,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
    DRV - [2004/11/16 16:03:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2004/11/15 22:51:54 | 000,050,048 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
    DRV - [2004/10/21 20:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
    DRV - [2004/10/04 10:33:02 | 000,062,799 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
    DRV - [2004/08/31 08:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2004/08/12 08:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
    DRV - [2004/07/08 17:07:34 | 000,036,531 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
    DRV - [2004/06/17 20:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
    DRV - [2004/06/17 20:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2004/06/17 20:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2004/05/26 20:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2004/02/13 16:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
    DRV - [2003/09/20 07:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
    DRV - [2002/10/16 13:55:48 | 000,002,851 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Toshidpt.sys -- (toshidpt)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
    IE - HKU\.DEFAULT\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
    IE - HKU\S-1-5-18\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.autocompletepro.com/?si=10205&bi=400
    IE - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
    IE - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.autocompletepro.com/?si=10205&bi=400
    IE - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.autocompletepro.com/?si=10205&bi=400
    IE - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.autocompletepro.com/?si=10205&bi=400
    IE - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.autocompletepro.com/?si=10205&bi=400
    IE - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "ACPro"
    FF - prefs.js..browser.search.defaultenginename: "ACPro"
    FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
    FF - prefs.js..browser.search.order.1: "ACPro"
    FF - prefs.js..browser.search.selectedEngine: "ACPro"
    FF - prefs.js..browser.search.useDBForOrder: false
    FF - prefs.js..browser.startup.homepage: "http://search.autocompletepro.com?si=10205"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
    FF - prefs.js..extensions.enabledItems: {79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}:4.7.5
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88
    FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
    FF - prefs.js..keyword.URL: "http://search.autocompletepro.com?si=10205&q="


    FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/06/13 19:03:06 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/03/09 19:30:57 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/09 18:33:22 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/09 18:44:57 | 000,000,000 | ---D | M]

    [2008/09/01 12:32:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael Lunn\Application Data\Mozilla\Extensions
    [2011/03/14 17:39:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael Lunn\Application Data\Mozilla\Firefox\Profiles\8ihyvxt4.default\extensions
    [2011/03/07 23:54:03 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Michael Lunn\Application Data\Mozilla\Firefox\Profiles\8ihyvxt4.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
    [2010/04/30 16:26:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michael Lunn\Application Data\Mozilla\Firefox\Profiles\8ihyvxt4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/01/24 09:55:16 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Michael Lunn\Application Data\Mozilla\Firefox\Profiles\8ihyvxt4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2011/02/01 15:24:43 | 000,000,000 | ---D | M] (Googlebar Lite) -- C:\Documents and Settings\Michael Lunn\Application Data\Mozilla\Firefox\Profiles\8ihyvxt4.default\extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}
    [2011/02/01 15:24:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Michael Lunn\Application Data\Mozilla\Firefox\Profiles\8ihyvxt4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2011/03/12 23:31:40 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Documents and Settings\Michael Lunn\Application Data\Mozilla\Firefox\Profiles\8ihyvxt4.default\extensions\support@predictad.com
    [2009/10/22 19:38:09 | 000,002,434 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Application Data\Mozilla\Firefox\Profiles\8ihyvxt4.default\searchplugins\google-scholar.xml
    [2011/03/09 18:57:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2006/11/06 17:49:30 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2011/03/09 19:30:57 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2009/06/13 18:58:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2011/03/12 23:31:40 | 000,003,189 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\acpro.xml
    [2011/03/09 18:33:15 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2011/03/09 18:33:15 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2011/03/09 18:33:15 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2011/03/09 18:33:15 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2011/03/14 11:49:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - File not found
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
    O2 - BHO: (MSN Search Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - File not found
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
    O3 - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
    O3 - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\..\Toolbar\WebBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
    O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
    O4 - HKLM..\Run: [OxigenClientAdmin] C:\Program Files\Oxigen\bin\Oxigen.exe ()
    O4 - HKLM..\Run: [OxigenTrayIcon] C:\Program Files\Oxigen\bin\OxiTray.exe ()
    O4 - HKLM..\Run: [VirginMediaHUB.exe] C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe (Virgin Media)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &MSN Search - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : FireShot menu - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - Reg Error: Value error. File not found
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (Reg Error: Key error.)
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - File not found
    O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - Reg Error: Key error. File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Michael Lunn\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael Lunn\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\igm.exe" -a "%1" %*
    O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\igm.exe" -a "%1" %*
    O37 - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\...com [@ = ComFile] -- Reg Error: Key error. File not found
    O37 - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (54619756233228288)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/15 22:15:34 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael Lunn\Desktop\OTL.exe
    [2011/03/14 11:31:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/03/14 11:27:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/03/14 11:27:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/03/14 11:27:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/03/14 11:27:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/03/14 11:27:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/03/14 11:27:04 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/03/13 17:40:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michael Lunn\Recent
    [2011/03/12 23:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ace DivX Player
    [2011/03/12 23:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\GustoSoft
    [2011/03/12 23:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Lunn\Start Menu\Programs\FLV Player
    [2011/03/12 23:13:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\FLV Player
    [2011/03/12 23:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\FLV Player
    [2011/03/09 19:32:22 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2011/03/09 19:32:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
    [2011/03/09 19:32:21 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011/03/09 19:32:18 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/03/09 19:32:17 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/03/09 19:32:16 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2011/03/09 19:32:14 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011/03/09 19:32:14 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011/03/09 19:32:12 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2011/03/09 19:30:55 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011/03/09 19:30:54 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011/03/09 19:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/03/09 19:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/03/09 18:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2011/03/09 16:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
    [2011/03/09 16:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager
    [2011/03/09 15:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2011/03/09 15:34:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
    [2011/03/08 13:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
    [2011/03/08 12:59:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
    [2011/03/07 23:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2011/03/07 20:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
    [2011/03/07 16:21:42 | 000,239,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
    [2011/03/07 16:21:42 | 000,160,448 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
    [2011/03/07 16:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2011/03/07 16:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
    [2011/03/07 16:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
    [2011/03/06 20:25:10 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2011/03/05 22:09:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wise Registry Cleaner Free
    [2011/03/05 21:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegInOut
    [2011/03/05 21:46:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegInOut System Utilities
    [2011/03/01 17:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Lunn\Local Settings\Application Data\Spotify
    [2011/03/01 17:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Lunn\Application Data\Spotify
    [2011/03/01 17:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spotify
    [27 C:\Documents and Settings\Michael Lunn\My Documents\*.tmp files -> C:\Documents and Settings\Michael Lunn\My Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/03/15 22:22:00 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F7660274-59D4-4984-95B2-D388BFC36B20}.job
    [2011/03/15 22:21:03 | 000,001,004 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1825243142-2624455098-1337660762-1007UA.job
    [2011/03/15 22:15:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael Lunn\Desktop\OTL.exe
    [2011/03/15 22:08:06 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/03/15 20:42:08 | 000,000,548 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
    [2011/03/15 20:39:06 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/03/15 20:38:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/03/15 20:38:34 | 527,892,480 | -HS- | M] () -- C:\hiberfil.sys
    [2011/03/15 16:21:15 | 000,000,952 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1825243142-2624455098-1337660762-1007Core.job
    [2011/03/14 11:49:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/03/14 11:31:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/03/14 11:25:41 | 004,286,521 | R--- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\ComboFix.exe
    [2011/03/14 11:20:06 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\MBRCheck.exe
    [2011/03/13 23:52:38 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\dds.scr
    [2011/03/13 23:45:43 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\t87s0e8h.exe
    [2011/03/12 23:25:04 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\Ace DivX Player.lnk
    [2011/03/12 23:13:02 | 000,001,573 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\FLV Player.lnk
    [2011/03/12 20:25:11 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\Google Chrome.lnk
    [2011/03/12 20:25:11 | 000,002,315 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2011/03/11 16:53:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/03/09 19:32:25 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2011/03/09 19:32:16 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2011/03/09 19:12:18 | 000,001,270 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\My Documents\cc_20110309_191215.reg
    [2011/03/09 18:45:03 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2011/03/09 18:11:51 | 000,002,506 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\My Documents\cc_20110309_181138.reg
    [2011/03/09 14:12:12 | 000,007,910 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\My Documents\cc_20110309_141130.reg
    [2011/03/09 14:10:01 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2011/03/08 11:50:38 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2011/03/08 11:48:34 | 000,000,920 | ---- | M] () -- C:\WINDOWS\System32\.crusader
    [2011/03/07 20:35:20 | 000,430,877 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110307-215251.backup
    [2011/03/07 20:32:07 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\Spybot - Search & Destroy.lnk
    [2011/03/07 16:22:20 | 001,114,596 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2011/03/07 16:04:19 | 000,513,032 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\sdasetup_aff.exe
    [2011/03/07 15:05:07 | 000,000,616 | -H-- | M] () -- C:\aaw7boot.cmd
    [2011/03/07 12:58:26 | 000,000,425 | ---- | M] () -- C:\WINDOWS\tot.ord
    [2011/03/06 20:25:10 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2011/03/05 23:01:39 | 000,430,877 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110307-203520.backup
    [2011/03/05 20:53:42 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/03/05 20:39:42 | 000,000,354 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\fix.reg
    [2011/03/05 20:29:28 | 000,012,692 | -HS- | M] () -- C:\Documents and Settings\Michael Lunn\Local Settings\Application Data\1850343178
    [2011/03/05 20:29:28 | 000,012,692 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1850343178
    [2011/03/05 18:00:14 | 000,016,594 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1745090371
    [2011/03/05 18:00:13 | 000,016,594 | -HS- | M] () -- C:\Documents and Settings\Michael Lunn\Local Settings\Application Data\1745090371
    [2011/03/05 17:43:04 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011/03/03 23:52:36 | 000,005,726 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Application Data\wklnhst.dat
    [2011/03/01 17:02:47 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\Spotify.lnk
    [2011/02/23 15:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011/02/23 15:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011/02/23 14:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2011/02/23 14:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011/02/23 14:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/02/23 14:55:47 | 000,102,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011/02/23 14:55:44 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011/02/23 14:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/02/23 14:54:57 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2011/02/23 14:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [27 C:\Documents and Settings\Michael Lunn\My Documents\*.tmp files -> C:\Documents and Settings\Michael Lunn\My Documents\*.tmp -> ]
     
  13. warren90

    warren90 TS Rookie Topic Starter

    2nd part:


    ========== Files Created - No Company Name ==========

    [2011/03/14 11:31:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/03/14 11:31:25 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/03/14 11:27:34 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/03/14 11:27:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/03/14 11:27:34 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/03/14 11:27:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/03/14 11:27:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/03/14 11:25:44 | 004,286,521 | R--- | C] () -- C:\Documents and Settings\Michael Lunn\Desktop\ComboFix.exe
    [2011/03/14 11:20:22 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\Desktop\MBRCheck.exe
    [2011/03/13 23:52:48 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\Desktop\dds.scr
    [2011/03/13 23:45:42 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\Desktop\t87s0e8h.exe
    [2011/03/12 23:25:04 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\Desktop\Ace DivX Player.lnk
    [2011/03/12 23:13:02 | 000,001,573 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\Desktop\FLV Player.lnk
    [2011/03/09 19:32:25 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2011/03/09 19:12:16 | 000,001,270 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\My Documents\cc_20110309_191215.reg
    [2011/03/09 18:45:01 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2011/03/09 18:44:59 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
    [2011/03/09 18:11:45 | 000,002,506 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\My Documents\cc_20110309_181138.reg
    [2011/03/09 18:03:31 | 000,000,898 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/03/09 18:03:30 | 000,000,894 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/03/09 14:11:35 | 000,007,910 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\My Documents\cc_20110309_141130.reg
    [2011/03/09 14:10:01 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2011/03/07 23:54:03 | 000,000,920 | ---- | C] () -- C:\WINDOWS\System32\.crusader
    [2011/03/07 23:34:40 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2011/03/07 20:32:07 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\Desktop\Spybot - Search & Destroy.lnk
    [2011/03/07 16:21:53 | 001,114,596 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2011/03/07 16:18:48 | 000,513,032 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\Desktop\sdasetup_aff.exe
    [2011/03/07 15:03:50 | 000,000,616 | -H-- | C] () -- C:\aaw7boot.cmd
    [2011/03/05 21:07:26 | 527,892,480 | -HS- | C] () -- C:\hiberfil.sys
    [2011/03/05 20:39:42 | 000,000,354 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\Desktop\fix.reg
    [2011/03/05 17:57:57 | 000,016,594 | -HS- | C] () -- C:\Documents and Settings\Michael Lunn\Local Settings\Application Data\1745090371
    [2011/03/05 17:56:45 | 000,016,594 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1745090371
    [2011/03/05 17:56:45 | 000,012,692 | -HS- | C] () -- C:\Documents and Settings\Michael Lunn\Local Settings\Application Data\1850343178
    [2011/03/05 17:54:41 | 000,018,152 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\1850343178
    [2011/03/05 17:54:41 | 000,012,692 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1850343178
    [2011/03/01 17:02:47 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\Desktop\Spotify.lnk
    [2011/03/01 17:02:45 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\Start Menu\Programs\Spotify.lnk
    [2011/02/21 19:04:20 | 000,000,425 | ---- | C] () -- C:\WINDOWS\tot.ord
    [2010/11/16 14:10:05 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\Application Data\install
    [2010/05/16 21:28:21 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\Local Settings\Application Data\fusioncache.dat
    [2010/02/14 19:16:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\Local Settings\Application Data\prvlcl.dat
    [2009/09/17 18:04:27 | 000,061,348 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2009/08/18 18:31:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2009/06/16 17:02:35 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2008/11/06 16:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2008/08/28 15:25:12 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2008/08/28 15:25:12 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2007/09/14 17:25:18 | 000,005,726 | ---- | C] () -- C:\Documents and Settings\Michael Lunn\Application Data\wklnhst.dat
    [2007/08/01 10:42:42 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
    [2007/08/01 10:42:42 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
    [2007/08/01 10:42:42 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
    [2007/08/01 10:42:42 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
    [2007/08/01 10:42:42 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2007/08/01 10:42:41 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
    [2007/08/01 10:42:41 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
    [2007/08/01 10:42:41 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
    [2007/08/01 10:42:41 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
    [2007/08/01 10:42:41 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
    [2007/08/01 10:42:41 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
    [2007/08/01 10:42:41 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
    [2007/08/01 10:42:41 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
    [2007/08/01 10:42:41 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
    [2007/08/01 10:42:41 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
    [2007/08/01 10:42:41 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
    [2007/08/01 10:42:41 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
    [2007/08/01 10:42:41 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
    [2007/08/01 10:42:41 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
    [2007/03/20 18:27:02 | 000,000,097 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
    [2007/02/09 18:20:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
    [2006/08/30 14:39:34 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
    [2006/08/30 14:19:24 | 000,126,704 | ---- | C] () -- C:\WINDOWS\Unwise.exe
    [2006/03/17 18:46:13 | 000,000,585 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2005/11/24 22:03:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2005/11/24 21:56:56 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
    [2005/11/24 21:56:55 | 000,005,144 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2005/11/24 21:55:53 | 000,000,411 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2005/11/24 21:51:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/11/24 21:47:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2005/11/24 21:45:32 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
    [2005/11/24 21:21:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
    [2005/11/24 21:21:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
    [2005/11/24 21:20:40 | 000,000,401 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/08/02 17:05:54 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlcdplc.ini
    [2005/05/12 08:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/12/02 15:20:12 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
    [2004/09/22 10:09:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
    [2004/08/12 08:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
    [2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/08/10 12:57:15 | 000,293,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/10 12:51:20 | 000,445,704 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/10 12:51:20 | 000,072,910 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/10 12:50:56 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
    [2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
    [2003/07/29 15:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/07/09 22:43:35 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll

    ========== LOP Check ==========

    [2011/03/09 19:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2010/12/06 18:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2010/12/06 17:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2009/04/29 17:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
    [2008/07/13 22:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
    [2011/03/07 23:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2009/11/20 11:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
    [2011/03/09 14:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2006/03/03 17:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
    [2010/10/14 14:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
    [2011/03/05 21:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegInOut
    [2011/03/09 21:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
    [2008/02/28 18:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2008/08/04 22:13:42 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\System Restore
    [2011/03/07 17:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2007/02/09 17:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2010/10/14 14:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Media
    [2009/07/13 15:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2006/04/10 13:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Catherine Lunn\Application Data\MSN Search Toolbar
    [2007/12/15 11:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Lunn\Application Data\Daog
    [2010/12/06 16:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Lunn\Application Data\FireShot
    [2006/08/30 12:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Lunn\Application Data\MSN Search Toolbar
    [2011/03/02 16:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Lunn\Application Data\Spotify
    [2011/02/08 22:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Lunn\Application Data\Vexel
    [2010/10/14 14:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Lunn\Application Data\Virgin Media
    [2011/03/05 21:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Lunn\Application Data\Wexi
    [2011/03/05 17:43:04 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    [2011/03/15 22:22:00 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F7660274-59D4-4984-95B2-D388BFC36B20}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/03/07 15:05:07 | 000,000,616 | -H-- | M] () -- C:\aaw7boot.cmd
    [2010/06/14 18:08:09 | 000,016,124 | ---- | M] () -- C:\aaw7boot.log
    [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/06/14 15:59:11 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/03/14 11:31:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/03/15 20:33:35 | 000,015,844 | ---- | M] () -- C:\ComboFix.txt
    [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2005/11/24 21:26:26 | 000,005,017 | RH-- | M] () -- C:\dell.sdr
    [2011/03/15 20:38:34 | 527,892,480 | -HS- | M] () -- C:\hiberfil.sys
    [2008/11/26 19:44:43 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2005/11/24 21:48:37 | 000,000,884 | -H-- | M] () -- C:\IPH.PH
    [2010/06/15 19:24:31 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2005/11/24 21:42:04 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/03/15 20:38:32 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys
    [2009/03/24 17:06:57 | 000,001,584 | ---- | M] () -- C:\Rescued document.txt
    [2010/06/07 17:41:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2010/06/09 18:14:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
    [2010/06/10 00:43:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
    [2010/06/10 17:52:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
    [2010/02/21 16:23:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
    [2010/03/12 14:29:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
    [2010/03/14 21:21:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
    [2010/04/03 19:42:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
    [2010/04/03 23:09:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
    [2010/04/18 17:56:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
    [2010/05/03 20:30:40 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
    [2010/05/05 18:31:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
    [2010/05/06 13:39:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
    [2010/05/09 20:55:10 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
    [2010/05/10 19:15:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
    [2010/05/12 11:50:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
    [2010/05/12 19:43:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
    [2010/05/13 17:26:07 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
    [2010/05/15 15:37:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
    [2010/05/25 16:04:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
    [2010/06/07 17:41:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2010/06/09 18:14:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2010/06/10 00:43:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2010/06/10 17:52:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2010/02/21 16:23:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2010/03/12 14:29:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2010/03/14 21:21:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2010/04/03 19:42:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2010/04/03 23:09:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2010/04/18 17:56:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2010/05/03 20:30:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2010/05/05 18:31:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2010/05/06 13:39:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [2010/05/09 20:55:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2010/05/10 19:15:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2010/05/12 11:50:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
    [2010/05/12 19:43:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
    [2010/05/13 17:26:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
    [2010/05/15 15:37:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
    [2010/05/25 16:04:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

    < %systemroot%\Fonts\*.com >
    [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/08/10 13:03:42 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 10:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/02/23 15:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2010/06/14 19:30:24 | 000,001,618 | -H-- | M] () -- C:\Documents and Settings\Michael Lunn\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/08/10 12:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2004/08/10 12:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2004/08/10 12:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2004/08/10 13:04:12 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2006/08/30 12:39:22 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Michael Lunn\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2004/08/10 13:08:38 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/05/05 18:38:33 | 003,382,520 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Michael Lunn\Desktop\ccsetup231.exe
    [2011/03/14 11:25:41 | 004,286,521 | R--- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\ComboFix.exe
    [2011/03/14 11:20:06 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\MBRCheck.exe
    [2011/03/15 22:15:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael Lunn\Desktop\OTL.exe
    [2011/03/07 16:04:19 | 000,513,032 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\sdasetup_aff.exe
    [2011/03/13 23:45:43 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Michael Lunn\Desktop\t87s0e8h.exe
    [2009/10/29 13:25:15 | 000,866,163 | ---- | M] (Reinhard Nopper ) -- C:\Documents and Settings\Michael Lunn\Desktop\zplotpremiumsetup.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2004/08/04 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2006/08/30 12:39:20 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Michael Lunn\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >
    [2011/03/09 18:32:12 | 000,000,016 | ---- | M] () -- C:\Program Files\Mozilla Firefox\dmlconf.dat

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/02/19 18:32:54 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Michael Lunn\Cookies\desktop.ini
    [2011/03/15 20:44:31 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Michael Lunn\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >
    [2004/10/29 21:56:50 | 000,466,944 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe
    [11 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2004/08/04 05:00:00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2004/08/04 01:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2004/08/04 01:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 01:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 01:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

    < End of report >
     
  14. warren90

    warren90 TS Rookie Topic Starter

    OTL Extras logfile created on: 15/03/2011 22:20:07 - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Michael Lunn\Desktop
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    503.00 Mb Total Physical Memory | 255.00 Mb Available Physical Memory | 51.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1024 2048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 70.77 Gb Total Space | 31.17 Gb Free Space | 44.04% Space Free | Partition Type: NTFS

    Computer Name: DAYNE2 | User Name: Michael Lunn | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\igm.exe" -a "%1" %*

    [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\igm.exe" -a "%1" %*

    [HKEY_USERS\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- Reg Error: Key error. File not found
    .cmd [@ = cmdfile] -- Reg Error: Key error. File not found
    .com [@ = ComFile] -- Reg Error: Key error. File not found
    .vbs [@ = VBSFile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Browse with Paint Shop Pro Studio] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\\Paint Shop Pro Studio.exe" "/Browse" "%L" (Jasc Software, Inc.)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "17140:TCP" = 17140:TCP:*:Enabled:spport
    "22557:TCP" = 22557:TCP:*:Enabled:spport
    "20686:TCP" = 20686:TCP:*:Enabled:spport
    "25278:TCP" = 25278:TCP:*:Enabled:spport
    "16053:TCP" = 16053:TCP:*:Enabled:spport

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
    "C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
    "C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\Virgin Media\HUB\ServicepointService.exe" = C:\Program Files\Virgin Media\HUB\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)
    "C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{055A0044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Encyclopedia Standard 2005
    "{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
    "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{12760E10-1413-4B35-91F4-7F5EB692B6E9}" = Autograph 3.20 (30-day)
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
    "{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
    "{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
    "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 22
    "{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
    "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
    "{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
    "{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
    "{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50AF9AC4-6E62-405A-A269-C02B70A21E64}" = 944plc32
    "{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
    "{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
    "{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
    "{67E4EE98-59F4-4220-89A6-A20AF5BEC689}" = Microsoft AutoRoute 2005
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
    "{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7D1DCBBA-F6F5-42B4-B90B-F04ACE4DFD6C}" = MSN Search Toolbar
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
    "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
    "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
    "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
    "{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}" = ArcSoft Software Suite
    "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
    "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
    "{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
    "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
    "{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B7AC5A96-C8BC-431C-B661-27A09781DFA8}" = Wanadoo Europe Installer
    "{BE8913B7-B2C4-48BE-8A26-84390FF4F231}" = DMX Update
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C190CB55-817E-4713-84F4-0BBB8961CED9}" = PerfectDisk
    "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
    "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
    "{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = TOSHIBA Bluetooth Stack for Apache by CSR
    "{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
    "{D6D532B2-22E1-43AA-B4B7-34D772314859}" = Oxigen Client v5.00.0000
    "{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
    "Ace DivX Player_is1" = Ace DivX Player v2.1
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
    "avast" = avast! Free Antivirus
    "CCleaner" = CCleaner
    "Defraggler" = Defraggler (remove only)
    "Dell Photo AIO Printer 944" = Dell Photo AIO Printer 944
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "FLV Player2.0.25" = FLV Player
    "FLVPlayer" = FLV Player 1.3.3
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie8" = Windows Internet Explorer 8
    "IPIX ActiveX Viewer" = iPIX ActiveX Viewer
    "LimeWire" = LimeWire 5.1.2
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "ProInst" = Intel(R) PROSet/Wireless Software
    "RadialpointClientGateway_is1" = Virgin Media HUB 3.5.12
    "Shockwave" = Shockwave
    "SopCast" = SopCast 1.0.1
    "Spotify" = Spotify
    "Startup Delayer" = Startup Delayer v2.5 (build 138)
    "VLC media player" = VLC media player 1.0.1
    "WIC" = Windows Imaging Component
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Xvid_is1" = Xvid 1.1.3 final uninstall
    "Z-Plot Premium_is1" = Z-Plot Premium 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 21/02/2011 15:02:57 | Computer Name = DAYNE2 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The connection with the server was terminated abnormally

    Error - 23/02/2011 09:18:00 | Computer Name = DAYNE2 | Source = Application Error | ID = 1000
    Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
    shlwapi.dll, version 6.0.2900.3653, fault address 0x0002c4d8.

    Error - 23/02/2011 09:20:14 | Computer Name = DAYNE2 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The connection with the server was terminated abnormally

    Error - 23/02/2011 09:20:14 | Computer Name = DAYNE2 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 23/02/2011 11:21:31 | Computer Name = DAYNE2 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The connection with the server was terminated abnormally

    Error - 23/02/2011 11:57:08 | Computer Name = DAYNE2 | Source = Application Error | ID = 1000
    Description = Faulting application , version 0.0.0.0, faulting module unknown, version
    0.0.0.0, fault address 0x00000000.

    Error - 23/02/2011 13:22:09 | Computer Name = DAYNE2 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The connection with the server was terminated abnormally

    Error - 23/02/2011 13:22:09 | Computer Name = DAYNE2 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 23/02/2011 15:27:14 | Computer Name = DAYNE2 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The connection with the server was terminated abnormally

    Error - 23/02/2011 17:30:12 | Computer Name = DAYNE2 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The connection with the server was terminated abnormally

    [ System Events ]
    Error - 15/03/2011 09:38:46 | Computer Name = DAYNE2 | Source = Service Control Manager | ID = 7001
    Description = The PDScheduler service depends on the PDEngine service which failed
    to start because of the following error: %%1070

    Error - 15/03/2011 09:38:46 | Computer Name = DAYNE2 | Source = Service Control Manager | ID = 7034
    Description = The PDEngine service terminated unexpectedly. It has done this 1
    time(s).

    Error - 15/03/2011 09:52:48 | Computer Name = DAYNE2 | Source = ipnathlp | ID = 30005
    Description = The DHCP allocator has detected a DHCP server with IP address 192.168.0.1
    on
    the same network as the interface with IP address 192.168.0.4. The allocator has
    disabled itself on the interface in order to avoid confusing DHCP clients.

    Error - 15/03/2011 09:52:48 | Computer Name = DAYNE2 | Source = ipnathlp | ID = 30009
    Description = The DHCP allocator encountered a network error while attempting to
    reply on IP address 240.49.70.102 to a request from a client. The data is the error
    code.

    Error - 15/03/2011 15:41:46 | Computer Name = DAYNE2 | Source = Service Control Manager | ID = 7034
    Description = The SupportSoft Sprocket Service (dellsupportcenter) service terminated
    unexpectedly. It has done this 1 time(s).

    Error - 15/03/2011 16:41:55 | Computer Name = DAYNE2 | Source = Service Control Manager | ID = 7022
    Description = The PDEngine service hung on starting.

    Error - 15/03/2011 16:41:55 | Computer Name = DAYNE2 | Source = Service Control Manager | ID = 7001
    Description = The PDScheduler service depends on the PDEngine service which failed
    to start because of the following error: %%1070

    Error - 15/03/2011 16:41:55 | Computer Name = DAYNE2 | Source = Service Control Manager | ID = 7034
    Description = The PDEngine service terminated unexpectedly. It has done this 1
    time(s).

    Error - 15/03/2011 17:28:17 | Computer Name = DAYNE2 | Source = ipnathlp | ID = 30005
    Description = The DHCP allocator has detected a DHCP server with IP address 192.168.0.1
    on
    the same network as the interface with IP address 192.168.0.4. The allocator has
    disabled itself on the interface in order to avoid confusing DHCP clients.

    Error - 15/03/2011 17:28:17 | Computer Name = DAYNE2 | Source = ipnathlp | ID = 30009
    Description = The DHCP allocator encountered a network error while attempting to
    reply on IP address 240.49.70.102 to a request from a client. The data is the error
    code.


    < End of report >
     
  15. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Good news :)

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\.DEFAULT\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
      IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
      IE - HKU\S-1-5-18\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
      IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
      FF - prefs.js..browser.search.defaultengine: "ACPro"
      FF - prefs.js..browser.search.defaultenginename: "ACPro"
      FF - prefs.js..browser.search.order.1: "ACPro"
      FF - prefs.js..browser.search.selectedEngine: "ACPro"
      FF - prefs.js..browser.startup.homepage: "http://search.autocompletepro.com?si=10205"
      FF - prefs.js..keyword.URL: "http://search.autocompletepro.com?si=10205&q="
      IE - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.autocompletepro.com/?si=10205&bi=400
      IE - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.autocompletepro.com/?si=10205&bi=400
      IE - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.autocompletepro.com/?si=10205&bi=400
      IE - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.autocompletepro.com/?si=10205&bi=400
      IE - HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.autocompletepro.com/?si=10205&bi=400
      [2011/03/12 23:31:40 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Documents and Settings\Michael Lunn\Application Data\Mozilla\Firefox\Profiles\8ihyvxt4.default\extensions\support@predictad .com
      [2011/03/12 23:31:40 | 000,003,189 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\acpro.xml
      O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - File not found
      O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - File not found
      O9 - Extra 'Tools' menuitem : FireShot menu - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - Reg Error: Value error. File not found
      O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
      O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
      O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/sof...iveXPlugin.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - Reg Error: Key error. File not found
      [27 C:\Documents and Settings\Michael Lunn\My Documents\*.tmp files -> C:\Documents and Settings\Michael Lunn\My Documents\*.tmp -> ]
      [2011/03/05 20:29:28 | 000,012,692 | -HS- | M] () -- C:\Documents and Settings\Michael Lunn\Local Settings\Application Data\1850343178
      [2011/03/05 20:29:28 | 000,012,692 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1850343178
      [2011/03/05 18:00:14 | 000,016,594 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1745090371
      [2011/03/05 18:00:13 | 000,016,594 | -HS- | M] () -- C:\Documents and Settings\Michael Lunn\Local Settings\Application Data\1745090371
      [2011/03/05 17:54:41 | 000,018,152 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\1850343178
      [2010/12/06 18:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
      [2010/12/06 17:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
      [2008/07/13 22:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
      [2009/11/20 11:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
      [2011/03/05 21:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegInOut
      [2007/02/09 17:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
      @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
      @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.


    ========================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  16. warren90

    warren90 TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Prefs.js: "ACPro" removed from browser.search.defaultengine
    Prefs.js: "ACPro" removed from browser.search.defaultenginename
    Prefs.js: "ACPro" removed from browser.search.order.1
    Prefs.js: "ACPro" removed from browser.search.selectedEngine
    Prefs.js: "http://search.autocompletepro.com?si=10205" removed from browser.startup.homepage
    Prefs.js: "http://search.autocompletepro.com?si=10205&q=" removed from keyword.URL
    HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
    HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
    HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
    HKU\S-1-5-21-1825243142-2624455098-1337660762-1007\SOFTWARE\Microsoft\Internet Explorer\Search\\Search Page| /E : value set successfully!
    Folder C:\Documents and Settings\Michael Lunn\Application Data\Mozilla\Firefox\Profiles\8ihyvxt4.default\extensions\support@predictad .com\ not found.
    C:\Program Files\Mozilla Firefox\searchplugins\acpro.xml moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
    Starting removal of ActiveX control {A8F2B9BD-A6A0-486A-9744-18920D898429}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A8F2B9BD-A6A0-486A-9744-18920D898429}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/x-internet-signup\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A173B69A-1F9B-4823-9FDA-412F641E65D6}\ not found.
    C:\Documents and Settings\Michael Lunn\My Documents\~WRL0003.tmp deleted successfully.
    C:\Documents and Settings\Michael Lunn\My Documents\~WRL0005.tmp deleted successfully.
    C:\Documents and Settings\Michael Lunn\My Documents\~WRL0025.tmp deleted successfully.
    C:\Documents and Settings\Michael Lunn\My Documents\~WRL0098.tmp deleted successfully.
    C:\Documents and Settings\Michael Lunn\My Documents\~WRL0163.tmp deleted successfully.
    C:\Documents and Settings\Michael Lunn\My Documents\~WRL0171.tmp deleted successfully.
    C:\Documents and Settings\Michael Lunn\My Documents\~WRL0362.tmp deleted successfully.
    C:\Documents and Settings\Michael Lunn\My Documents\~WRL0621.tmp deleted successfully.
    C:\Documents and Settings\Michael Lunn\My Documents\~WRL0638.tmp deleted successfully.
    C:\Documents and Settings\Michael Lunn\My Documents\~WRL0647.tmp deleted successfully.
    C:\Documents and Settings\Michael Lunn\My Documents\~WRL1195.tmp deleted successfully.
    C:\Documents and Settings\Michael Lunn\My Documents\~WRL1669.tmp deleted successfully.
    C:\Documents and Settings\Michael Lunn\My Documents\~WRL1797.tmp deleted successfully.
    C:\Documents and Settings\Michael Lunn\My Documents\~WRL1838.tmp deleted successfully.
    C:\Documents and Settings\Michael Lunn\My Documents\~WRL1846.tmp deleted successfully.
    C:\Documents and Settings\Michael Lunn\My Documents\~WRL2222.tmp deleted successfully.
    C:\Documents and Settings\Michael Lunn\My Documents\~WRL2356.tmp deleted successfully.
    C:\Documents and Settings\Michael Lunn\My Documents\~WRL2428.tmp deleted successfully.
    C:\Documents and Settings\Michael Lunn\My Documents\~WRL2520.tmp deleted successfully.
    C:\Documents and Settings\Michael Lunn\My Documents\~WRL2863.tmp deleted successfully.
    C:\Documents and Settings\Michael Lunn\My Documents\~WRL3149.tmp deleted successfully.
    C:\Documents and Settings\Michael Lunn\My Documents\~WRL3304.tmp deleted successfully.
    C:\Documents and Settings\Michael Lunn\My Documents\~WRL3336.tmp deleted successfully.
    C:\Documents and Settings\Michael Lunn\My Documents\~WRL3594.tmp deleted successfully.
    C:\Documents and Settings\Michael Lunn\My Documents\~WRL3900.tmp deleted successfully.
    C:\Documents and Settings\Michael Lunn\My Documents\~WRL3964.tmp deleted successfully.
    C:\Documents and Settings\Michael Lunn\My Documents\~WRL3965.tmp deleted successfully.
    C:\Documents and Settings\Michael Lunn\Local Settings\Application Data\1850343178 moved successfully.
    C:\Documents and Settings\All Users\Application Data\1850343178 moved successfully.
    C:\Documents and Settings\All Users\Application Data\1745090371 moved successfully.
    C:\Documents and Settings\Michael Lunn\Local Settings\Application Data\1745090371 moved successfully.
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\1850343178 moved successfully.
    C:\Documents and Settings\All Users\Application Data\AVG10\log folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\AVG10 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\update\prepare\temp folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\update\backup folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\Temp folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\scanlogs folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\emc folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\Dumps folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\CfgAll folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\Cfg folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\AvgApi folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\AvgAm folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\admincli folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Grisoft folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Kontiki folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\RegInOut folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Catherine Lunn
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Dayne Lunn

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 65748 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: Michael Lunn
    ->Temp folder emptied: 42238798 bytes
    ->Temporary Internet Files folder emptied: 296088 bytes
    ->Java cache emptied: 3879 bytes
    ->FireFox cache emptied: 16993836 bytes
    ->Google Chrome cache emptied: 520715137 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 5082 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Owner

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 255 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 553.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Catherine Lunn
    ->Flash cache emptied: 0 bytes

    User: Dayne Lunn

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: Michael Lunn
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: Owner

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 03152011_235156

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  17. warren90

    warren90 TS Rookie Topic Starter

    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 2
    Out of date service pack!!
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 24
    Out of date Java installed!
    Adobe Flash Player 10.2.152.32
    Adobe Reader X (10.0.1)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastUI.exe
    ``````````End of Log````````````
     
  18. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    ...and Eset....
     
  19. warren90

    warren90 TS Rookie Topic Starter

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DropperMaximus.zip Win32/Bagle.gen.zip worm
    C:\Documents and Settings\Michael Lunn\My Documents\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application
    C:\i386\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent.LCKGTSG application
    C:\WINDOWS\system32\123.js JS/TrojanDownloader.Agent.NWG trojan
     
  20. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DropperMaximus.zip 
      C:\Documents and Settings\Michael Lunn\My Documents\Downloads\registrybooster.exe 
      C:\i386\GTDownDE_87.ocx 
      C:\WINDOWS\system32\123.js 
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  21. warren90

    warren90 TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DropperMaximus.zip moved successfully.
    C:\Documents and Settings\Michael Lunn\My Documents\Downloads\registrybooster.exe moved successfully.
    C:\i386\GTDownDE_87.ocx moved successfully.
    C:\WINDOWS\system32\123.js moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Catherine Lunn
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Dayne Lunn

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Michael Lunn
    ->Temp folder emptied: 102760 bytes
    ->Temporary Internet Files folder emptied: 97914 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 9984070 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 343 bytes

    User: NetworkService
    ->Temp folder emptied: 936 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Owner

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 18301 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 10.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Catherine Lunn
    ->Flash cache emptied: 0 bytes

    User: Dayne Lunn

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: Michael Lunn
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: Owner

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 03162011_123126

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  22. warren90

    warren90 TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Catherine Lunn
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Dayne Lunn

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Michael Lunn
    ->Temp folder emptied: 3513 bytes
    ->Temporary Internet Files folder emptied: 71814 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 6959138 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Owner

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 255 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 7.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Catherine Lunn
    ->Flash cache emptied: 0 bytes

    User: Dayne Lunn

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: Michael Lunn
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: Owner

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.22.3 log created on 03162011_123839

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  23. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Whenever ready.....
     
  24. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    The issue seems to be resolved.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...