Solved Virus aftermath. nothing in startup

Status
Not open for further replies.
I now have things in the start menu. hooray.
I found I could drag and drop the shortcuts to the start menu by hovering over bits till it opened.

My search engine is also not redirecting now either. Skype has also started working too.
 
Good news :)

However I still need OTL.txt log.
What you did, you reposted my script.
 
OTL file the actual one this time (part 1)

oops....

OTL logfile created on: 14/08/2011 00:21:57 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\David Cross\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.65 Gb Available Physical Memory | 34.99% Memory free
3.98 Gb Paging File | 2.25 Gb Available in Paging File | 56.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.37 Gb Total Space | 6.24 Gb Free Space | 8.40% Space Free | Partition Type: NTFS
Drive E: | 73.21 Gb Total Space | 33.82 Gb Free Space | 46.19% Space Free | Partition Type: NTFS

Computer Name: DAVIDCROSS-LAP | User Name: David Cross | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/14 00:10:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\David Cross\Downloads\OTL.exe
PRC - [2011/06/24 03:05:25 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 15:39:26 | 000,228,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/01/24 23:03:37 | 000,072,704 | ---- | M] (Autodata Limited) -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
PRC - [2010/07/28 15:14:04 | 000,554,328 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/07/28 14:39:22 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/24 14:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2007/12/13 19:10:56 | 001,688,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe


========== Modules (SafeList) ==========

MOD - [2011/08/14 00:10:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\David Cross\Downloads\OTL.exe
MOD - [2010/08/31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (McComponentHostService)
SRV - File not found [Disabled | Stopped] -- -- (gusvc)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/01/24 23:03:37 | 000,072,704 | ---- | M] (Autodata Limited) [Auto | Running] -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe -- (Autodata Limited License Service)
SRV - [2010/07/28 14:39:22 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/10/20 21:04:19 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) [Disabled | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008/07/18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 19:35:46 | 000,073,728 | ---- | M] (Toshiba) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/24 11:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Disabled | Stopped] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008/04/17 01:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 16:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/02/06 15:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/11/21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Running] -- -- (PxHelp20)
DRV - [2011/08/13 22:11:36 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A173613D-DCAF-4A35-823E-A1113DD7C302}\MpKslc519a073.sys -- (MpKslc519a073)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/04/14 11:02:53 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/10/22 17:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/10/22 17:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/07/16 13:32:26 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/06/29 17:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/04/09 13:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/10/09 13:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2008/07/29 06:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/18 19:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 17:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007/12/17 12:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/11/09 15:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 16:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 15:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/09/28 16:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pnetmdm.sys -- (pnetmdm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10588"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {1BCA7BD8-8977-11DC-A9BD-548555D89593}:1.5
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {d2f11d8b-3eb5-4b42-9511-370dbec707fb}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=5e1ef970000000000000002163f516e3&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17393&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2897: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2955: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1675: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.4.17: C:\Users\David Cross\AppData\Local\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010/07/28 22:11:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/13 21:40:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/13 21:40:30 | 000,000,000 | ---D | M]

[2009/01/19 19:27:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David Cross\AppData\Roaming\Mozilla\Extensions
[2011/08/07 22:48:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David Cross\AppData\Roaming\Mozilla\Firefox\Profiles\bypxjwti.default\extensions
[2011/06/26 22:59:48 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\David Cross\AppData\Roaming\Mozilla\Firefox\Profiles\bypxjwti.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/07/05 01:23:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\David Cross\AppData\Roaming\Mozilla\Firefox\Profiles\bypxjwti.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/16 11:04:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\David Cross\AppData\Roaming\Mozilla\Firefox\Profiles\bypxjwti.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/08/02 08:57:49 | 000,000,000 | ---D | M] (myBabylon EnglishBB Community Toolbar) -- C:\Users\David Cross\AppData\Roaming\Mozilla\Firefox\Profiles\bypxjwti.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2011/06/26 22:59:04 | 000,000,000 | ---D | M] (Oryte Games 1.15 Community Toolbar) -- C:\Users\David Cross\AppData\Roaming\Mozilla\Firefox\Profiles\bypxjwti.default\extensions\{d2f11d8b-3eb5-4b42-9511-370dbec707fb}
[2011/05/13 20:22:35 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\David Cross\AppData\Roaming\Mozilla\Firefox\Profiles\bypxjwti.default\extensions\engine@conduit.com
[2011/08/10 01:39:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/07 23:13:25 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/08/10 01:39:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\DAVID CROSS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BYPXJWTI.DEFAULT\EXTENSIONS\{5C655500-E712-41E7-9349-CE462F844B19}.XPI
[2011/06/24 03:05:25 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 10:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/05/22 22:25:30 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 10:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 10:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/08/12 23:16:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\David Cross\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\David Cross\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/13 23:52:31 | 000,000,000 | ---D | C] -- C:\Users\David Cross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vodafone
[2011/08/13 23:49:18 | 000,000,000 | ---D | C] -- C:\Users\David Cross\Documents\Ulead DMF
[2011/08/13 23:47:46 | 000,000,000 | ---D | C] -- C:\Users\David Cross\Documents\Ulead DVD MovieFactory
[2011/08/13 23:47:10 | 000,000,000 | ---D | C] -- C:\Users\David Cross\AppData\Roaming\Ulead Systems
[2011/08/13 23:42:53 | 000,000,000 | ---D | C] -- C:\Users\David Cross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TOSHIBA
[2011/08/13 23:39:02 | 000,000,000 | ---D | C] -- C:\Users\David Cross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TOSHIBA DVD PLAYER
[2011/08/13 23:15:01 | 000,000,000 | ---D | C] -- C:\Users\David Cross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Real
[2011/08/13 23:06:32 | 000,000,000 | ---D | C] -- C:\Users\David Cross\Documents\NeroVision
[2011/08/13 22:21:35 | 000,000,000 | ---D | C] -- C:\Users\David Cross\Documents\Nero
[2011/08/13 22:18:49 | 000,000,000 | ---D | C] -- C:\Users\David Cross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nero 8
[2011/08/13 22:16:02 | 000,000,000 | ---D | C] -- C:\Users\David Cross\Documents\myphotobook
[2011/08/13 22:16:02 | 000,000,000 | ---D | C] -- C:\Users\David Cross\AppData\Roaming\myphotobook
[2011/08/13 21:54:25 | 000,000,000 | ---D | C] -- C:\Users\David Cross\Documents\OneNote Notebooks
[2011/08/13 21:50:37 | 000,000,000 | ---D | C] -- C:\Users\David Cross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/08/13 21:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/13 21:44:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/13 21:42:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/13 21:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/13 21:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/08/13 21:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/08/13 21:37:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/13 19:50:20 | 000,000,000 | R--D | C] -- C:\Users\David Cross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/08/13 19:50:19 | 000,000,000 | R--D | C] -- C:\Users\David Cross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/08/13 19:50:19 | 000,000,000 | R--D | C] -- C:\Users\David Cross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/08/13 19:50:19 | 000,000,000 | R--D | C] -- C:\Users\David Cross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/08/13 19:50:19 | 000,000,000 | ---D | C] -- C:\Users\David Cross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserPlus
[2011/08/12 23:23:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/12 23:23:50 | 000,000,000 | ---D | C] -- C:\Users\David Cross\AppData\Local\temp
[2011/08/12 23:16:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/12 22:42:50 | 004,170,159 | R--- | C] (Swearware) -- C:\Users\David Cross\Desktop\ComboFix.exe
[2011/08/12 03:42:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/12 03:42:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/12 03:42:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/12 03:42:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/12 03:40:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/10 20:50:36 | 000,000,000 | ---D | C] -- C:\Users\David Cross\AppData\Roaming\Download Manager
[2011/08/10 02:08:37 | 000,000,000 | ---D | C] -- C:\Users\David Cross\AppData\Local\ElevatedDiagnostics
[2011/08/10 01:43:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/08/10 01:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/08/10 00:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/09 23:46:46 | 000,000,000 | ---D | C] -- C:\Users\David Cross\AppData\Local\MigWiz
[2011/08/07 23:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/14 00:15:08 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/14 00:15:08 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/14 00:03:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/13 21:54:25 | 000,001,116 | ---- | M] () -- C:\Users\David Cross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/08/13 21:45:45 | 000,001,669 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/13 21:40:21 | 000,001,731 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/13 10:19:37 | 000,618,894 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/13 10:19:37 | 000,115,018 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/13 10:15:22 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/13 10:15:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/12 23:16:17 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/08/12 23:01:12 | 004,170,159 | R--- | M] (Swearware) -- C:\Users\David Cross\Desktop\ComboFix.exe
[2011/08/12 03:35:39 | 000,000,512 | ---- | M] () -- C:\Users\David Cross\Desktop\MBR.dat
[2011/08/12 03:30:10 | 000,398,848 | ---- | M] () -- C:\Users\David Cross\Desktop\Project1.mpp
[2011/08/12 01:30:33 | 000,038,202 | ---- | M] () -- C:\Users\David Cross\Desktop\RKUnhookReport
[2011/08/12 01:29:54 | 000,425,984 | ---- | M] () -- C:\Users\David Cross\Desktop\Building Fire Plans.vsd
[2011/08/12 00:20:43 | 000,047,104 | ---- | M] () -- C:\Users\David Cross\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/11 23:21:21 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft® Office SharePoint® Server 2007 Training.lnk
[2011/08/10 23:14:01 | 261,954,124 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/10 23:06:55 | 000,003,063 | ---- | M] () -- C:\Users\David Cross\Desktop\Start Download Manager.html
[2011/08/10 20:34:54 | 004,831,383 | ---- | M] () -- C:\Users\David Cross\Desktop\SharePoint_2010_Walkthrough_Guide.pdf
[2011/08/10 01:43:18 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/08/09 20:39:27 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/08/09 20:29:11 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/08/07 23:18:12 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========
 
OTL file the actual one this time (part 2)

[2011/08/13 23:42:24 | 000,001,730 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TOSHIBA Face Recognition Watcher.lnk
[2011/08/13 21:54:25 | 000,001,116 | ---- | C] () -- C:\Users\David Cross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/08/13 21:45:45 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/13 21:40:21 | 000,001,731 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/13 21:37:57 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/08/13 20:05:20 | 000,001,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk
[2011/08/13 20:05:20 | 000,001,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/08/13 20:05:20 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
[2011/08/13 20:05:20 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/08/13 20:05:20 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
[2011/08/13 20:05:19 | 000,001,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
[2011/08/13 20:05:19 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk
[2011/08/13 20:05:19 | 000,001,757 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
[2011/08/13 20:05:19 | 000,001,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk
[2011/08/13 20:05:19 | 000,001,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/08/13 19:50:19 | 000,000,954 | ---- | C] () -- C:\Users\David Cross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/08/13 19:50:19 | 000,000,949 | ---- | C] () -- C:\Users\David Cross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/08/13 19:50:19 | 000,000,920 | ---- | C] () -- C:\Users\David Cross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/08/12 03:42:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/12 03:42:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/12 03:42:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/12 03:42:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/12 03:42:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/12 03:35:39 | 000,000,512 | ---- | C] () -- C:\Users\David Cross\Desktop\MBR.dat
[2011/08/12 03:30:10 | 000,398,848 | ---- | C] () -- C:\Users\David Cross\Desktop\Project1.mpp
[2011/08/12 01:30:33 | 000,038,202 | ---- | C] () -- C:\Users\David Cross\Desktop\RKUnhookReport
[2011/08/12 01:29:23 | 000,425,984 | ---- | C] () -- C:\Users\David Cross\Desktop\Building Fire Plans.vsd
[2011/08/11 23:21:21 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft® Office SharePoint® Server 2007 Training.lnk
[2011/08/10 20:53:31 | 000,003,063 | ---- | C] () -- C:\Users\David Cross\Desktop\Start Download Manager.html
[2011/08/10 20:34:54 | 004,831,383 | ---- | C] () -- C:\Users\David Cross\Desktop\SharePoint_2010_Walkthrough_Guide.pdf
[2011/08/10 01:43:18 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/08/10 01:43:18 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/09 20:39:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/07 23:13:04 | 000,002,377 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/18 13:41:15 | 261,954,124 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/06/01 00:31:39 | 000,000,152 | ---- | C] () -- C:\ProgramData\~38657784r
[2011/06/01 00:31:38 | 000,000,136 | ---- | C] () -- C:\ProgramData\~38657784
[2011/06/01 00:31:28 | 000,000,344 | ---- | C] () -- C:\ProgramData\38657784
[2010/11/27 14:13:22 | 000,001,356 | ---- | C] () -- C:\Users\David Cross\AppData\Local\d3d9caps.dat
[2010/08/03 20:53:40 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/07/31 22:13:51 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2010/07/02 19:47:01 | 000,000,040 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/04/19 22:19:33 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/02/01 05:07:09 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2009/12/20 19:49:49 | 000,237,364 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/10/28 22:38:23 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2009/09/25 21:47:01 | 000,170,159 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/08/18 11:54:55 | 000,157,380 | ---- | C] () -- C:\Windows\hpoins27.dat
[2009/08/18 11:54:55 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl27.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/17 23:15:16 | 000,000,510 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/06/16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009/06/12 19:58:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/05/12 16:28:21 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/05/12 16:28:21 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/05/12 16:28:21 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/05/12 16:28:21 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2009/02/11 00:47:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/02/11 00:47:46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/01/29 00:33:24 | 000,047,104 | ---- | C] () -- C:\Users\David Cross\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/19 19:27:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/08/07 12:37:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/08/07 12:37:32 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/08/07 12:37:32 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/08/07 12:37:32 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/08/07 12:37:32 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/08/07 12:37:32 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/08/07 12:29:27 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/07 12:14:47 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/08/07 12:14:47 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/08/07 12:14:45 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/08/07 12:14:44 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/08/07 11:27:02 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/04/24 19:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 19:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 19:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 19:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 19:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 19:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2006/11/02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 14:47:37 | 000,474,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:33:01 | 000,618,894 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 12:33:01 | 000,115,018 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/28 14:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2006/09/26 14:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

========== LOP Check ==========

[2011/05/11 19:21:11 | 000,000,000 | ---D | M] -- C:\Users\David Cross\AppData\Roaming\AnvSoft
[2010/04/14 11:16:35 | 000,000,000 | ---D | M] -- C:\Users\David Cross\AppData\Roaming\Astroburn Pro
[2009/12/10 14:57:40 | 000,000,000 | ---D | M] -- C:\Users\David Cross\AppData\Roaming\Autodesk
[2009/08/17 21:01:19 | 000,000,000 | ---D | M] -- C:\Users\David Cross\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/07/28 22:12:34 | 000,000,000 | ---D | M] -- C:\Users\David Cross\AppData\Roaming\Bytemobile
[2009/11/12 12:58:51 | 000,000,000 | ---D | M] -- C:\Users\David Cross\AppData\Roaming\CoSoSys
[2010/04/14 11:15:08 | 000,000,000 | ---D | M] -- C:\Users\David Cross\AppData\Roaming\DAEMON Tools Lite
[2009/07/23 09:14:46 | 000,000,000 | ---D | M] -- C:\Users\David Cross\AppData\Roaming\funkitron
[2011/01/02 23:11:59 | 000,000,000 | ---D | M] -- C:\Users\David Cross\AppData\Roaming\GARMIN
[2009/11/19 17:54:35 | 000,000,000 | ---D | M] -- C:\Users\David Cross\AppData\Roaming\GetRightToGo
[2011/08/13 22:16:54 | 000,000,000 | ---D | M] -- C:\Users\David Cross\AppData\Roaming\myphotobook
[2010/01/27 01:55:25 | 000,000,000 | ---D | M] -- C:\Users\David Cross\AppData\Roaming\Quo2
[2010/02/01 05:14:18 | 000,000,000 | ---D | M] -- C:\Users\David Cross\AppData\Roaming\Research In Motion
[2009/01/20 11:18:42 | 000,000,000 | ---D | M] -- C:\Users\David Cross\AppData\Roaming\TOSHIBA
[2011/06/01 23:27:41 | 000,000,000 | ---D | M] -- C:\Users\David Cross\AppData\Roaming\TrainPlayer
[2011/08/13 23:49:56 | 000,000,000 | ---D | M] -- C:\Users\David Cross\AppData\Roaming\Ulead Systems
[2010/07/28 22:12:34 | 000,000,000 | ---D | M] -- C:\Users\David Cross\AppData\Roaming\Vodafone
[2011/08/12 23:27:47 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/11/24 23:58:42 | 000,001,160 | ---- | M] () -- C:\bar.emf
[2009/04/11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/08/07 10:09:40 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/08/12 23:23:49 | 000,020,444 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/02/15 00:38:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/02/15 00:38:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/08/13 10:14:59 | 2322,862,080 | -HS- | M] () -- C:\pagefile.sys
[2009/05/12 16:24:32 | 000,000,651 | ---- | M] () -- C:\RHDSetup.log
[2011/06/01 23:46:20 | 000,000,370 | ---- | M] () -- C:\rkill.log
[2011/08/09 20:33:26 | 000,001,413 | ---- | M] () -- C:\serf_conf.txt
[2008/11/19 08:10:08 | 000,000,176 | ---- | M] () -- C:\SWSTAMP.TXT
[2011/08/11 22:46:54 | 000,068,062 | ---- | M] () -- C:\TDSSKiller.2.5.15.0_11.08.2011_22.45.14_log.txt
[2011/08/11 22:58:14 | 000,002,162 | ---- | M] () -- C:\TDSSKiller.2.5.15.0_11.08.2011_22.57.37_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/02/11 23:16:25 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 11:46:03 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNBPP3.DLL
[2007/10/20 19:21:50 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2006/11/02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 04:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/08/12 23:01:12 | 004,170,159 | R--- | M] (Swearware) -- C:\Users\David Cross\Desktop\ComboFix.exe
[2010/04/14 11:00:53 | 009,591,104 | ---- | M] (DT Soft Ltd.) -- C:\Users\David Cross\Desktop\DTLite4356-0091.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/06/12 18:14:05 | 000,000,402 | -HS- | M] () -- C:\Users\David Cross\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/06/01 00:31:28 | 000,000,344 | ---- | M] () -- C:\ProgramData\38657784
[2009/06/16 13:25:02 | 000,121,512 | R--- | M] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009/11/22 19:09:33 | 000,002,944 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2011/08/09 20:39:27 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/06/01 00:31:39 | 000,000,136 | ---- | M] () -- C:\ProgramData\~38657784
[2011/06/01 00:31:39 | 000,000,152 | ---- | M] () -- C:\ProgramData\~38657784r

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Files - Unicode (All) ==========
[2009/02/19 23:34:47 | 000,000,000 | ---D | M](C:\Users\David Cross\Favorites\?!sorted Bookmarks) -- C:\Users\David Cross\Favorites\繐ǃsorted Bookmarks

< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
SRV - File not found [On_Demand | Stopped] -- -- (McComponentHostService)
SRV - File not found [Disabled | Stopped] -- -- (gusvc)
DRV - File not found [Kernel | Disabled | Running] -- -- (PxHelp20)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Service McComponentHostService stopped successfully!
Service McComponentHostService deleted successfully!
Service gusvc stopped successfully!
Service gusvc deleted successfully!
Error: Unable to stop service PxHelp20!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PxHelp20 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{76577871-04EC-495E-A12B-91F7C3600AFA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76577871-04EC-495E-A12B-91F7C3600AFA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Windows\6E4CF694BD0C45EB96029D6D46941250.TMP folder deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: David Cross
->Temp folder emptied: 26057798 bytes
->Temporary Internet Files folder emptied: 549587614 bytes
->Java cache emptied: 3736366 bytes
->FireFox cache emptied: 105270033 bytes
->Flash cache emptied: 264953 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 95346 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 23631336 bytes

Total Files Cleaned = 676.00 mb


[EMPTYFLASH]

User: All Users

User: David Cross
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08142011_024218

Files\Folders moved on Reboot...
C:\Users\David Cross\AppData\Local\Temp\VBE\MSForms.exd moved successfully.
File\Folder C:\Users\David Cross\AppData\Local\Temp\~DFBEA1.tmp not found!
C:\Users\David Cross\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{98E1F855-F169-4565-AC98-396EAF22844E}.tmp moved successfully.
C:\Users\David Cross\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{0EDDD4C2-4ED5-4D7F-B1DD-E6EA8156FF4E}.tmp moved successfully.
File\Folder C:\Users\David Cross\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C1B5B4AA-FB90-4FD1-A8B2-52B5AC529C13}.tmp not found!
C:\Users\David Cross\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{CFD94776-F0D6-475D-B3DD-92665AD83A0A}.tmp moved successfully.
C:\Users\David Cross\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D9DBA50A-4665-4204-8639-AFB336D2BABD}.tmp moved successfully.
C:\Users\David Cross\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{DB7866CF-3FBA-44FD-9A29-9DBA888130F8}.tmp moved successfully.
C:\Users\David Cross\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FA8CBB65-CFF4-44A2-9A28-96AD81F4B634}.tmp moved successfully.

Registry entries deleted on Reboot...
 
security check

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
McAfee Security Scan Plus
Microsoft Security Essentials
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 26
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.3.181.14
Adobe Reader X (10.1.0)
Mozilla Firefox (x86 en-GB..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````
 
You can safely uninstall McAfee Security Scan Plus, typical foistware..

Uninstall:
Java(TM) 6 Update 6
Java(TM) 6 Update 7
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: David Cross
->Temp folder emptied: 33806 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44692659 bytes
->Flash cache emptied: 456 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7274 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 43.00 mb


[EMPTYFLASH]

User: All Users

User: David Cross
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.26.1 log created on 08142011_070310

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787
 
doing all the up dates now then will restart.

Thanks a million by the way.

Ive set up a some weekly tasks in my outlook now to remind me to do all the bits in

"12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html"

with the file location linked in the notes to help me.
 
those eight important security updates haave successfully installed. hooray!!!!
everything else seemstobe good too although this

"[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787"

Keeps appearing when the laptop starts up.
 
Upload the file(s) here: http://www.filedropper.com/
Post download link (copy URL: link):
p4465520.gif
 
Sorry for the delay have been uber busy...

<a href=http://www.filedropper.com/popup><img src=http://www.filedropper.com/download_button.png width=127 height=145 border=0/></a><br /><div style=font-size:9px;font-family:Arial, Helvetica, sans-serif;width:127px;font-color:#44a854;> <a href=http://www.filedropper.com >file storage online</a></div>


http://www.filedropper.com/popup
 
Don't know if this is related to anything but word is now showing this http://www.filedropper.com/wordpopup

<a href=http://www.filedropper.com/wordpopup><img src=http://www.filedropper.com/download_button.png width=127 height=145 border=0/></a><br /><div style=font-size:9px;font-family:Arial, Helvetica, sans-serif;width:127px;font-color:#44a854;> <a href=http://www.filedropper.com >share files free</a></div>

when I open a document.
 
As for this pop-up:
"[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787"
see here:
http://support.microsoft.com/kb/330132

As for Word issue...
In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.
 
Status
Not open for further replies.

Similar threads

A
Microsoft Publisher will wave goodbye in 2026
Replies
5
Views
210
Tanto
T
A
Microsoft says users can now uninstall OneDrive in Windows for good
2
Replies
31
Views
536
erickmendes
erickmendes
A
Ancient pre-release version of OS/2 2.0 discovered, released in VM-friendly packages
Replies
5
Views
136
ZedRM
ZedRM

Latest posts

Back