[On-hold] Search engine redirect virus - still there despite 8 steps - router?

Status
Not open for further replies.

jonboysylvan

Posts: 36   +1
Hi team

Have search engine redirect virus. Did various sweeps using several scans before finding you. Trend Micro threw up MARIOFEV.X, Malwarebytes a couple of things I forget, ESET threw up Ramnit, Hitman pro nothing. Still probs with redirects, pop-ups, sites not opening. Then found you. Just done 8 steps. Still same probs. Logs posted below.

Also some possible evidence this is router-related? My wife was first to get this virus last week on work laptop (she works from home). So I assumed it was her putting portable hard drive into my PC that then led to my getting it. But her IT guys at work say they have fully reformatted her PC. She has just opened PC after receiving it back and connected to internet - started getting virus problem again straight away. But hasn't used her hard drive yet.

Anyway, logs here for my PC as prescribed in 8 steps. Please help me/us!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

25/11/2010 22:57:59
mbam-log-2010-11-25 (22-57-59).txt

Scan type: Quick scan
Objects scanned: 111545
Time elapsed: 15 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-25 23:09:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 MAXTOR_6L020J1 rev.A93.0500
Running: ln2nd3n3.exe; Driver: C:\DOCUME~1\jon\LOCALS~1\Temp\fwrcypow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

DDS (Ver_10-11-26.01) - NTFSx86
Run by jon at 23:17:06.69 on 25/11/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.255.38 [GMT 0:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\jon\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jon\applic~1\mozilla\firefox\profiles\ddkusqlm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-11-24 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-24 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-24 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-24 60936]

=============== Created Last 30 ================

2010-11-25 23:09:40 -------- d-----w- c:\windows\system32\LogFiles
2010-11-25 22:41:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-25 22:41:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-25 22:41:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-24 21:55:39 -------- d-----w- c:\windows\system32\NtmsData
2010-11-24 21:51:59 -------- d-----w- c:\docume~1\jon\applic~1\Avira
2010-11-24 21:38:30 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-24 21:38:20 -------- d-----w- c:\program files\Avira
2010-11-24 21:38:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-11-24 20:48:18 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-24 20:48:16 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-11-24 20:45:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-11-24 03:23:51 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-11-24 03:23:30 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-24 03:23:29 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-11-24 03:23:02 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2010-11-24 03:22:28 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-11-24 03:22:17 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-24 03:21:59 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-11-24 03:19:45 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-24 03:18:54 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-11-24 03:18:53 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-11-24 03:18:30 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-11-24 03:18:30 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-11-24 03:18:29 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-11-24 03:18:29 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-11-24 03:18:29 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-11-24 03:18:27 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-11-24 03:18:25 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-11-24 03:18:24 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-11-24 03:17:26 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-11-24 03:17:22 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-11-24 03:17:21 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-11-24 03:17:20 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-11-24 03:17:20 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-11-24 03:15:56 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-11-24 03:15:39 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-11-24 03:12:45 293376 ------w- c:\windows\system32\browserchoice.exe
2010-11-24 03:07:39 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-11-24 03:07:06 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-11-24 03:06:38 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-11-24 03:06:36 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2010-11-24 03:06:03 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2010-11-24 03:06:02 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-11-24 03:00:46 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-11-23 23:54:32 -------- d-----w- c:\docume~1\jon\locals~1\applic~1\ESET
2010-11-23 23:11:17 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2010-11-23 22:59:59 712704 ------w- c:\windows\system32\windowscodecs.dll
2010-11-23 22:54:55 -------- d-----w- c:\windows\ServicePackFiles
2010-11-23 22:54:48 33792 -c----w- c:\windows\system32\dllcache\custsat.dll
2010-11-23 22:47:01 -------- d-----w- c:\windows\system32\ReinstallBackups
2010-11-23 22:39:36 -------- d-----w- c:\windows\EHome
2010-11-23 07:36:43 -------- d-----w- c:\windows\system32\PreInstall
2010-11-23 07:36:05 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-11-22 23:12:58 -------- d--h--w- c:\windows\$hf_mig$
2010-11-22 09:49:11 -------- d-----w- c:\docume~1\jon\applic~1\Malwarebytes
2010-11-22 09:47:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-21 18:41:05 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-11-21 18:41:05 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-11-21 18:40:55 -------- d-----w- c:\windows\system32\SoftwareDistribution
2010-11-21 13:50:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-11-21 13:34:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-11-20 22:59:12 274944 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp5k2.dll
2010-11-20 22:59:11 117760 ----a-w- c:\windows\system32\hpz3l5k2.dll
2010-11-20 22:58:48 267864 ----a-w- c:\windows\system32\hpzids01.dll
2010-11-20 22:58:38 -------- d-----w- c:\windows\aqmlk
2010-11-20 22:56:56 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-11-20 22:50:21 1287768 ----a-w- c:\windows\hpzshl01.exe
2010-11-20 22:50:19 1140312 ----a-w- c:\windows\hpzmsi01.exe
2010-11-20 22:32:05 -------- d-----w- c:\program files\common files\Hewlett-Packard
2010-11-20 22:31:34 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-11-20 22:31:34 65536 ----a-w- c:\windows\system32\HPZipm12.exe
2010-11-20 22:31:34 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-11-20 22:31:34 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-11-20 22:31:34 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-11-20 22:31:32 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-11-20 22:30:14 -------- d-----w- c:\program files\HP
2010-11-20 22:14:39 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-11-20 22:14:39 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-11-20 22:11:31 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-11-20 22:11:22 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-11-09 12:35:09 -------- d-----w- c:\program files\Freeciv-2.2.3-gtk2

==================== Find3M ====================

2010-09-18 12:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16:31 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16:30 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16:29 81920 ------w- c:\windows\system32\ieencode.dll
2010-09-08 16:49:49 369664 ------w- c:\windows\system32\html.iec
2010-09-04 12:37:35 10022 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2005-06-20 16:39:35 20798256 ----a-w- c:\program files\AdbeRdr70_enu_full.exe

============= FINISH: 23:18:30.48 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 08/06/2005 21:12:22
System Uptime: 25/11/2010 22:30:22 (1 hours ago)

Motherboard: | | 8363-686A
Processor: AMD Duron(tm) processor | Slot A | 802/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 15 GiB total, 3.874 GiB free.
D: is FIXED (NTFS) - 4 GiB total, 3.484 GiB free.
E: is CDROM ()
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP864: 23/11/2010 23:17:08 - Installed ESET NOD32 Antivirus
RP865: 24/11/2010 03:00:33 - Software Distribution Service 3.0
RP866: 24/11/2010 08:58:05 - Software Distribution Service 3.0
RP867: 24/11/2010 09:26:30 - Installed Windows XP WgaNotify.
RP868: 24/11/2010 20:40:03 - Removed ESET NOD32 Antivirus
RP869: 25/11/2010 03:01:40 - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.7
Adobe SVG Viewer 3.0
AiO_Scan
AutoUpdate
Avira AntiVir Personal - Free Antivirus
DivX
DivX Player
Enterprise
Freeciv 2.2.3 (GTK+ client)
HijackThis 2.0.2
Hitman Pro 3.5
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976002-v5)
HP PSC & Officejet 4.2 Corporate Edition
Macromedia Extension Manager
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft Office XP Professional
Microsoft Visual C Runtime
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.12)
MS Access 97 SP2
Nero 6 Ultra Edition
PowerDVD
QFolder
RealPlayer
Scan
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Spotify
Symantec Network Drivers Update
Total Commander (Remove or Repair)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows XP Service Pack 3
WinRAR archiver
WinZip

==== Event Viewer Messages From Past Week ========

25/11/2010 09:15:09, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AntiVirSchedulerService service.
25/11/2010 08:11:25, error: Service Control Manager [7022] - The Avira AntiVir Guard service hung on starting.
23/11/2010 23:11:46, error: Service Control Manager [7023] - The Portable Media Serial Number service terminated with the following error: The specified module could not be found.
23/11/2010 23:11:17, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
23/11/2010 19:37:09, error: Service Control Manager [7023] - The Windows Installer service terminated with the following error: Overlapped I/O operation is in progress.
23/11/2010 19:23:15, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
23/11/2010 19:23:15, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\aavm4h.dll. Reference error message: The operation completed successfully. .
23/11/2010 19:23:15, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
23/11/2010 19:23:09, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll. Reference error message: The operation completed successfully. .
23/11/2010 19:23:09, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\ashBase.dll. Reference error message: The operation completed successfully. .
23/11/2010 19:13:34, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\AvastSvc.exe. Reference error message: The operation completed successfully. .
23/11/2010 19:13:26, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\ashQuick.exe. Reference error message: The operation completed successfully. .
23/11/2010 19:12:42, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\AvastUI.exe. Reference error message: The operation completed successfully. .
23/11/2010 19:11:08, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\avastUI.exe. Reference error message: The operation completed successfully. .
23/11/2010 19:11:08, error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.
23/11/2010 19:11:03, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\defs\10101100\aswCmnBS.dll. Reference error message: The operation completed successfully. .
23/11/2010 19:10:52, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\defs\10101100\aswScan.dll. Reference error message: The operation completed successfully. .
23/11/2010 16:55:21, error: ACPI [5] - AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0xcf8), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
23/11/2010 16:55:21, error: ACPI [4] - AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0xcfc), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
21/11/2010 18:32:45, error: Service Control Manager [7034] - The Symantec Network Drivers Service service terminated unexpectedly. It has done this 1 time(s).
21/11/2010 18:32:45, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
21/11/2010 18:32:45, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/11/2010 18:06:41, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\jon\Local Settings\Temp\avira_antivir_personal_en\redist.dll. Reference error message: The operation completed successfully. .
21/11/2010 17:53:24, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\jon\Local Settings\Temp\avira_antivir_personal_en\setup.exe. Reference error message: The operation completed successfully. .

==== End Of File ===========================
 
Welcome aboard
yahooo.gif


ESET threw up Ramnit
This is bad news, because, unfortunately, Ramnit is not curable.

Let's see...

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
 
ESET found nothing

Thanks for looking into this

ESET online scan found nothing. Said no files infected. Didn't seem to generate a list of search results or a report, only button I could see was 'finish'.

p.s. last time when I found stuff I downloaded ESET NOD

Not curable. Ouch. What next?
 
Maybe, it was a false alarm. We'll keep checking.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Quick q re combofix

Broni

MBR report is below.

Quick q re combofix.exe - don't want to do it wrong - when I download it will not give me the option to save directly to my desktop. There is a save button and if I click it it will start downloading into C:\My Documents\Downloads. Is it OK for me to download it to there and then cut and paste it onto the desktop?

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000005d

Kernel Drivers (total 132):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF9D71000 \WINDOWS\system32\KDCOM.DLL
0xF9C81000 \WINDOWS\system32\BOOTVID.dll
0xF9822000 ACPI.sys
0xF9D73000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF9811000 pci.sys
0xF9871000 isapnp.sys
0xF9D75000 viaide.sys
0xF9AF1000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF9881000 MountMgr.sys
0xF97F2000 ftdisk.sys
0xF9D77000 dmload.sys
0xF97CC000 dmio.sys
0xF9AF9000 PartMgr.sys
0xF9891000 VolSnap.sys
0xF97B4000 atapi.sys
0xF98A1000 disk.sys
0xF98B1000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF9794000 fltmgr.sys
0xF9782000 sr.sys
0xF976B000 KSecDD.sys
0xF96DE000 Ntfs.sys
0xF96B1000 NDIS.sys
0xF98C1000 viaagp.sys
0xF9697000 Mup.sys
0xF9A01000 \SystemRoot\System32\DRIVERS\processr.sys
0xF947F000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xF946B000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF9A11000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF9A21000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF9A31000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF9448000 \SystemRoot\System32\DRIVERS\ks.sys
0xF9B51000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF9424000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF940F000 \SystemRoot\system32\drivers\ac97via.sys
0xF93CD000 \SystemRoot\system32\drivers\portcls.sys
0xF9A41000 \SystemRoot\system32\drivers\drmk.sys
0xF9397000 \SystemRoot\System32\DRIVERS\HSFBS2S2.sys
0xF9298000 \SystemRoot\System32\DRIVERS\HSFDPSP2.sys
0xF91F0000 \SystemRoot\System32\DRIVERS\HSFCXTS2.sys
0xF9B59000 \SystemRoot\System32\Drivers\Modem.SYS
0xF9A51000 \SystemRoot\System32\DRIVERS\AN983.sys
0xF9B61000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF9A61000 \SystemRoot\System32\DRIVERS\serial.sys
0xF9D1D000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF91DC000 \SystemRoot\System32\DRIVERS\parport.sys
0xF9A71000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF9B69000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF9F86000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF9A81000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF9D21000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF91C5000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF9A91000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF9AA1000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF9B71000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF91B4000 \SystemRoot\System32\DRIVERS\psched.sys
0xF9AB1000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF9B81000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF9B89000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF90E4000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF9AE1000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF9B91000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF9D93000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF905E000 \SystemRoot\System32\DRIVERS\update.sys
0xF9D51000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF98F1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF9921000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF9DA5000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF9657000 \SystemRoot\System32\DRIVERS\gameenum.sys
0xF9653000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF9BA1000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF9DB5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF9EC3000 \SystemRoot\System32\Drivers\Null.SYS
0xF9DB7000 \SystemRoot\System32\Drivers\Beep.SYS
0xF9BC1000 \SystemRoot\System32\drivers\vga.sys
0xF9DB9000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF9DBB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF9BC9000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF9BD1000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF9D11000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF7F03000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF7EAA000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF7E6A000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xF7E42000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF9D35000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF7E20000 \SystemRoot\System32\drivers\afd.sys
0xF9961000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF9BD9000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF7DF5000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF7D85000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF9971000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7D5F000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF9981000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF7D3C000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF9DBF000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF9D3D000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xF99A1000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xF9BE1000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xF9D49000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xF99B1000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF7CFC000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF9DC1000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7F56000 \SystemRoot\System32\drivers\Dxapi.sys
0xF9BE9000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF9F14000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xF6CEF000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF6CD7000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF6192000 \SystemRoot\system32\drivers\wdmaud.sys
0xF9114000 \SystemRoot\system32\drivers\sysaudio.sys
0xF5F7F000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF9D9B000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF6337000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xF5EE8000 \SystemRoot\System32\DRIVERS\HSF_FALL.sys
0xF5ECB000 \SystemRoot\System32\DRIVERS\HSF_FSKS.sys
0xF5E6B000 \SystemRoot\System32\DRIVERS\HSF_K56K.sys
0xF6263000 \SystemRoot\System32\DRIVERS\mdmxsdk.sys
0xF62E7000 \SystemRoot\System32\DRIVERS\secdrv.sys
0xF5DC3000 \SystemRoot\System32\DRIVERS\srv.sys
0xF5CCA000 \SystemRoot\System32\DRIVERS\HSF_FAXX.sys
0xF6217000 \SystemRoot\System32\DRIVERS\HSF_TONE.sys
0xF5C52000 \SystemRoot\System32\DRIVERS\HSF_V124.sys
0xF5E43000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xF9DDD000 \SystemRoot\System32\Drivers\SYMDNS.SYS
0xF62C7000 \SystemRoot\System32\Drivers\SYMNDIS.SYS
0xF5B61000 \SystemRoot\System32\Drivers\SYMFW.SYS
0xF9B31000 \SystemRoot\System32\Drivers\SYMIDS.SYS
0xF59B8000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 28):
0 System Idle Process
4 System
420 C:\WINDOWS\system32\smss.exe
484 csrss.exe
508 C:\WINDOWS\system32\winlogon.exe
552 C:\WINDOWS\system32\services.exe
564 C:\WINDOWS\system32\lsass.exe
732 C:\WINDOWS\system32\svchost.exe
788 svchost.exe
856 C:\WINDOWS\system32\svchost.exe
916 svchost.exe
968 svchost.exe
1264 C:\WINDOWS\system32\WgaTray.exe
1296 C:\WINDOWS\explorer.exe
1312 C:\WINDOWS\system32\ctfmon.exe
1340 C:\WINDOWS\system32\spoolsv.exe
1660 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1964 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
1976 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2028 svchost.exe
692 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
848 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
1020 C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
1064 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2068 alg.exe
2204 C:\WINDOWS\system32\wuauclt.exe
2352 C:\Program Files\Mozilla Firefox\firefox.exe
3144 C:\Documents and Settings\jon\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000003`a9636e00 (NTFS)

PhysicalDrive0 Model Number: MAXTOR6L020J1, Rev: A93.0500

Size Device Name MBR Status
--------------------------------------------
19 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

J
 
combofix log

ComboFix 10-11-25.06 - jon 26/11/2010 18:20:52.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.255.137 [GMT 0:00]
Running from: c:\documents and settings\jon\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\fxe.sp
c:\windows\ynh.dx

.
((((((((((((((((((((((((( Files Created from 2010-10-26 to 2010-11-26 )))))))))))))))))))))))))))))))
.

2010-11-26 06:14 . 2010-11-26 06:14 -------- d-----w- c:\program files\ESET
2010-11-25 23:09 . 2010-11-25 23:09 -------- d-----w- c:\windows\system32\LogFiles
2010-11-25 22:41 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-25 22:41 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-25 22:41 . 2010-11-25 22:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-25 22:13 . 2010-11-25 22:13 -------- d-----w- c:\documents and settings\LocalService\Application Data\Avira
2010-11-25 21:01 . 2010-11-25 21:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2010-11-24 21:55 . 2010-11-25 22:04 -------- d-----w- c:\windows\system32\NtmsData
2010-11-24 21:51 . 2010-11-24 21:51 -------- d-----w- c:\documents and settings\jon\Application Data\Avira
2010-11-24 21:38 . 2010-08-02 16:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-24 21:38 . 2010-08-02 16:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-24 21:38 . 2010-06-17 15:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-11-24 21:38 . 2010-06-17 15:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-11-24 21:38 . 2010-11-24 21:38 -------- d-----w- c:\program files\Avira
2010-11-24 21:38 . 2010-11-24 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-11-24 20:48 . 2010-11-24 20:48 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-24 20:48 . 2010-11-24 20:48 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-11-24 20:45 . 2010-11-24 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-11-24 03:23 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-11-24 03:23 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-24 03:23 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-11-24 03:23 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2010-11-24 03:22 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-11-24 03:22 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-24 03:21 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-11-24 03:19 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-24 03:18 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-11-24 03:18 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-11-24 03:18 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-11-24 03:18 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-11-24 03:18 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-11-24 03:18 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-11-24 03:18 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-11-24 03:18 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-11-24 03:18 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-11-24 03:18 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-11-24 03:17 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-11-24 03:17 . 2010-04-27 13:59 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-11-24 03:17 . 2010-04-28 02:25 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-11-24 03:17 . 2010-04-27 13:05 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-11-24 03:17 . 2010-04-27 13:05 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-11-24 03:15 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-11-24 03:15 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-11-24 03:12 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-11-24 03:07 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-11-24 03:07 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-11-24 03:06 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-11-24 03:06 . 2009-08-13 15:16 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2010-11-24 03:06 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2010-11-24 03:06 . 2010-08-26 12:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-11-24 03:00 . 2010-11-24 03:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-11-24 00:28 . 2010-11-24 00:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-11-23 23:54 . 2010-11-23 23:54 -------- d-----w- c:\documents and settings\jon\Local Settings\Application Data\ESET
2010-11-23 23:11 . 2010-11-23 23:14 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2010-11-23 22:59 . 2008-04-14 05:42 712704 ------w- c:\windows\system32\windowscodecs.dll
2010-11-23 22:54 . 2010-11-23 23:00 -------- d-----w- c:\windows\ServicePackFiles
2010-11-23 22:54 . 2008-04-14 05:41 33792 -c----w- c:\windows\system32\dllcache\custsat.dll
2010-11-23 22:39 . 2010-11-23 22:39 -------- d-----w- c:\windows\EHome
2010-11-23 07:36 . 2007-07-27 23:11 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-11-22 23:12 . 2010-11-24 16:56 -------- d--h--w- c:\windows\$hf_mig$
2010-11-22 09:49 . 2010-11-22 09:49 -------- d-----w- c:\documents and settings\jon\Application Data\Malwarebytes
2010-11-22 09:47 . 2010-11-22 09:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-21 18:41 . 2009-08-06 19:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-11-21 13:50 . 2010-11-23 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-11-21 13:34 . 2010-11-21 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-11-20 22:59 . 2010-11-20 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-11-20 22:59 . 2007-06-27 12:04 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5k2.dll
2010-11-20 22:59 . 2007-06-27 12:06 117760 ----a-w- c:\windows\system32\hpz3l5k2.dll
2010-11-20 22:58 . 2007-05-21 17:47 267864 ----a-w- c:\windows\system32\hpzids01.dll
2010-11-20 22:58 . 2010-11-20 22:58 -------- d-----w- c:\windows\aqmlk
2010-11-20 22:56 . 2008-04-14 00:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-11-20 22:50 . 2007-05-21 17:41 1287768 ----a-w- c:\windows\hpzshl01.exe
2010-11-20 22:50 . 2007-05-21 17:45 1140312 ----a-w- c:\windows\hpzmsi01.exe
2010-11-20 22:32 . 2010-11-20 22:32 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-11-20 22:31 . 2004-03-18 16:56 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-11-20 22:31 . 2004-03-18 16:55 65536 ----a-w- c:\windows\system32\HPZipm12.exe
2010-11-20 22:31 . 2004-03-18 16:39 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-11-20 22:31 . 2004-03-18 16:39 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-11-20 22:31 . 2004-03-18 16:38 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-11-20 22:31 . 2004-03-18 16:53 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-11-20 22:30 . 2010-11-20 22:31 -------- d-----w- c:\program files\HP
2010-11-20 22:14 . 2009-08-26 22:41 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-11-20 22:14 . 2009-08-26 22:41 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-11-20 22:11 . 2008-04-14 00:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-11-20 22:11 . 2008-04-14 00:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-11-09 12:35 . 2010-11-18 20:49 -------- d-----w- c:\program files\Freeciv-2.2.3-gtk2
2010-10-31 15:51 . 2010-10-31 15:51 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-10-29 08:52 . 2010-10-29 08:52 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 12:23 . 2001-08-23 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2001-08-23 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-23 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16 . 2002-08-29 03:41 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16 . 2001-08-23 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-01 11:51 . 2001-08-23 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2002-08-29 02:14 1852800 ----a-w- c:\windows\system32\win32k.sys
2005-06-20 16:39 . 2005-06-20 16:32 20798256 ----a-w- c:\program files\AdbeRdr70_enu_full.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-07-05 180269]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2005-10-24 15:53 307200 ----a-w- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [24/11/2010 21:38 135336]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\jon\Application Data\Mozilla\Firefox\Profiles\ddkusqlm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Symantec NetDriver Monitor - c:\progra~1\SYMNET~1\SNDMon.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-26 18:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-11-26 18:33:50
ComboFix-quarantined-files.txt 2010-11-26 18:33

Pre-Run: 3,940,069,376 bytes free
Post-Run: 3,913,617,408 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 64FFED41218AFB4F3E8367C0CE317C8F
 
Combofix log looks clean now :)

How is redirection?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
first part of OTL log (rest plus Extras log in following post)

still redirecting, I'm afraid

OTL logfile created on: 28/11/2010 23:09:10 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\jon\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

255.00 Mb Total Physical Memory | 112.00 Mb Available Physical Memory | 44.00% Memory free
620.00 Mb Paging File | 346.00 Mb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.65 Gb Total Space | 3.65 Gb Free Space | 24.90% Space Free | Partition Type: NTFS
Drive D: | 4.48 Gb Total Space | 3.48 Gb Free Space | 77.75% Space Free | Partition Type: NTFS

Computer Name: JONATHAN | User Name: jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/28 22:58:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jon\Desktop\OTL.exe
PRC - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/03/10 22:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/05 16:53:39 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/04/05 10:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe


========== Modules (SafeList) ==========

MOD - [2010/11/28 22:58:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jon\Desktop\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2005/04/05 10:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20081108.002\symidsco.sys -- (SYMIDSCO)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\jon\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/08/02 16:10:08 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/08/02 16:10:08 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 22:04:32 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/04/05 10:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/05 10:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/04/05 10:16:58 | 000,036,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2005/04/05 10:16:56 | 000,047,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2005/04/05 10:16:54 | 000,173,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2005/04/05 10:16:52 | 000,011,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2002/08/28 23:00:56 | 000,084,480 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97via.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM)
DRV - [2002/08/28 22:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2001/08/17 13:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 13:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 13:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 13:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 13:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 13:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 13:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 13:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 13:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [1997/12/23 01:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.0.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 18:50:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 08:50:29 | 000,000,000 | ---D | M]

[2008/08/17 20:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jon\Application Data\Mozilla\Extensions
[2010/11/26 17:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jon\Application Data\Mozilla\Firefox\Profiles\ddkusqlm.default\extensions
[2010/03/15 19:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jon\Application Data\Mozilla\Firefox\Profiles\ddkusqlm.default\extensions\zotero@chnm.gmu.edu
[2010/10/24 09:16:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/11/26 18:29:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\jon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/08 20:07:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/28 22:58:33 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jon\Desktop\OTL.exe
[2010/11/26 18:33:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/11/26 18:19:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/26 18:16:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/26 18:16:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/26 18:16:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/26 18:16:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/26 18:15:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/26 18:15:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/26 06:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/25 23:09:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/11/25 22:41:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/25 22:41:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/25 22:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/25 22:13:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Avira
[2010/11/25 21:01:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2010/11/25 21:01:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/11/25 21:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/24 21:55:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/11/24 21:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jon\Application Data\Avira
[2010/11/24 21:38:36 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/11/24 21:38:30 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/11/24 21:38:30 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/11/24 21:38:30 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/11/24 21:38:30 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/11/24 21:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/11/24 21:38:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/11/24 20:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/11/24 20:45:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/11/24 03:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/11/24 00:28:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2010/11/23 23:54:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jon\Local Settings\Application Data\ESET
[2010/11/23 23:10:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/11/23 22:59:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/11/23 22:59:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2010/11/23 22:59:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/11/23 22:59:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/11/23 22:59:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2010/11/23 22:59:47 | 000,000,000 | ---D | C] -- C:\Program Files\msn
[2010/11/23 22:59:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/11/23 22:54:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/11/23 22:50:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/11/23 22:47:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/11/23 22:39:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/11/23 22:39:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/11/23 07:36:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/11/22 23:12:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/11/22 09:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jon\Application Data\Malwarebytes
[2010/11/22 09:47:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/21 18:40:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/11/21 13:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/21 13:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/20 22:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2010/11/20 22:58:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\aqmlk
[2010/11/20 22:56:19 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/11/20 22:32:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/11/20 22:30:14 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/11/09 12:35:09 | 000,000,000 | ---D | C] -- C:\Program Files\Freeciv-2.2.3-gtk2
[2010/10/31 15:51:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2005/06/20 16:32:15 | 020,798,256 | ---- | C] (Netopsystems AG ) -- C:\Program Files\AdbeRdr70_enu_full.exe

========== Files - Modified Within 30 Days ==========

[2010/11/28 22:58:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jon\Desktop\OTL.exe
[2010/11/28 22:54:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/28 22:51:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/28 22:51:50 | 267,968,512 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/26 18:29:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/26 18:19:18 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/26 18:14:11 | 003,909,115 | R--- | M] () -- C:\Documents and Settings\jon\Desktop\ComboFix.exe
[2010/11/25 23:20:22 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\jon\My Documents\virus log so far.doc
[2010/11/25 22:41:15 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/25 03:36:42 | 000,312,378 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/25 03:36:42 | 000,040,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/25 03:13:49 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/24 21:39:16 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/11/24 20:48:18 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/11/24 20:48:16 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/11/24 09:17:28 | 000,122,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/23 23:15:21 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/11/23 23:12:34 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/23 23:03:38 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/11/23 22:50:12 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/23 22:50:12 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/11/23 19:23:24 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/22 09:49:56 | 000,119,808 | ---- | M] () -- C:\Documents and Settings\jon\My Documents\screen print.doc
[2010/11/21 18:12:07 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\jon\Local Settings\Application Data\housecall.guid.cache
[2010/11/20 22:33:24 | 000,102,006 | ---- | M] () -- C:\WINDOWS\hpoins04.dat.temp
[2010/11/20 22:33:24 | 000,102,006 | ---- | M] () -- C:\WINDOWS\hpoins04.dat
[2010/11/18 20:49:00 | 000,006,870 | ---- | M] () -- C:\Documents and Settings\jon\Application Data\.freeciv-client-rc-2.2
[2010/11/17 09:29:00 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\jon\Desktop\BlackRock proposal draft 5.doc
[2010/11/12 11:02:00 | 000,048,640 | ---- | M] () -- C:\Documents and Settings\jon\My Documents\BlackRock proposal draft 3.doc
[2010/11/09 22:01:05 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\jon\My Documents\milestones.xls
[2010/11/08 06:52:29 | 001,756,454 | ---- | M] () -- C:\Documents and Settings\jon\My Documents\AVIVA%20Policy%20Wording.pdf
[2010/11/08 06:52:10 | 000,376,849 | ---- | M] () -- C:\Documents and Settings\jon\My Documents\cert%20for%2099%20sylvan%20ave%2014.07.10.pdf
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/05 21:40:51 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\jon\My Documents\Maintain a continued relationship with the customer.doc
[2010/11/01 20:18:24 | 000,199,434 | ---- | M] () -- C:\Documents and Settings\jon\My Documents\Malaga BoardingPass.pdf
[2010/10/30 17:59:36 | 000,045,186 | ---- | M] () -- C:\WINDOWS\cdplayer.ini

========== Files Created - No Company Name ==========

[2010/11/26 18:19:18 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/26 18:19:15 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/26 18:16:08 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/26 18:16:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/26 18:16:08 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/26 18:16:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/26 18:16:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/26 18:14:11 | 003,909,115 | R--- | C] () -- C:\Documents and Settings\jon\Desktop\ComboFix.exe
[2010/11/25 23:02:56 | 000,076,288 | ---- | C] () -- C:\Documents and Settings\jon\My Documents\virus log so far.doc
[2010/11/25 22:41:15 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/24 21:39:15 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/11/24 20:48:18 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/11/24 20:48:16 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/11/23 23:11:49 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/11/23 23:00:52 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/11/23 23:00:52 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/11/23 23:00:51 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/11/23 23:00:51 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/11/23 23:00:51 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/11/23 23:00:51 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/11/23 23:00:51 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/11/23 23:00:51 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/11/23 23:00:51 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/11/23 23:00:50 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/11/23 23:00:50 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/11/23 23:00:50 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/11/23 23:00:50 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/11/23 23:00:50 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/11/23 23:00:50 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/11/23 23:00:49 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/11/23 23:00:49 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2010/11/23 23:00:49 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/11/23 23:00:49 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/11/23 23:00:49 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/11/23 23:00:48 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/11/23 23:00:48 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/11/23 23:00:48 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/11/23 23:00:48 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2010/11/23 23:00:48 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/11/23 23:00:48 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/11/23 23:00:48 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/11/23 23:00:48 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/11/23 23:00:48 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/11/23 23:00:48 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/11/23 23:00:48 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/11/23 23:00:48 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/11/23 23:00:48 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/11/23 23:00:48 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/11/23 23:00:48 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/11/23 23:00:48 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/11/23 23:00:48 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/11/23 23:00:48 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/11/23 23:00:48 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/11/23 23:00:48 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/11/23 23:00:48 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/11/23 23:00:48 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/11/23 23:00:48 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/11/23 23:00:48 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/11/23 23:00:48 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/11/23 23:00:48 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/11/23 23:00:47 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/11/23 23:00:47 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/11/23 23:00:47 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2010/11/23 23:00:47 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2010/11/23 23:00:47 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2010/11/23 23:00:47 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2010/11/23 23:00:47 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2010/11/23 23:00:47 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2010/11/23 23:00:47 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2010/11/23 23:00:47 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2010/11/23 23:00:47 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2010/11/23 23:00:47 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2010/11/23 23:00:47 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2010/11/23 23:00:47 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2010/11/23 23:00:47 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2010/11/23 23:00:47 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2010/11/23 23:00:47 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2010/11/23 23:00:47 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/11/23 23:00:46 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/11/23 23:00:46 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/11/23 23:00:46 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/11/23 23:00:46 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/11/23 23:00:46 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/11/23 23:00:45 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/11/23 23:00:45 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2010/11/23 23:00:45 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/11/23 23:00:45 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/11/23 23:00:45 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/11/23 23:00:45 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/11/23 23:00:45 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/11/23 23:00:45 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/11/23 23:00:45 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/11/23 23:00:45 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/11/23 23:00:45 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/11/23 23:00:25 | 000,239,616 | ---- | C] () -- C:\WINDOWS\System32\wstrenderer.ax
[2010/11/23 23:00:25 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\wstpager.ax
[2010/11/23 23:00:25 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\vbicodec.ax
[2010/11/23 22:50:38 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/11/23 22:50:38 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/11/23 22:50:36 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/11/22 09:49:56 | 000,119,808 | ---- | C] () -- C:\Documents and Settings\jon\My Documents\screen print.doc
[2010/11/21 18:12:07 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\jon\Local Settings\Application Data\housecall.guid.cache
[2010/11/20 22:58:27 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/11/20 22:50:06 | 000,009,847 | ---- | C] () -- C:\WINDOWS\hpwscr12.dat
[2010/11/20 22:38:48 | 000,102,006 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2010/11/20 22:38:48 | 000,017,218 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2010/11/20 22:28:51 | 000,002,506 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/11/20 22:28:49 | 000,102,006 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2010/11/20 22:28:49 | 000,017,218 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2010/11/17 08:02:29 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\jon\Desktop\BlackRock proposal draft 5.doc
[2010/11/12 09:18:09 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\jon\My Documents\BlackRock proposal draft 3.doc
[2010/11/09 14:01:18 | 000,006,870 | ---- | C] () -- C:\Documents and Settings\jon\Application Data\.freeciv-client-rc-2.2
[2010/11/09 11:08:54 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\jon\My Documents\milestones.xls
[2010/11/08 06:52:28 | 001,756,454 | ---- | C] () -- C:\Documents and Settings\jon\My Documents\AVIVA%20Policy%20Wording.pdf
[2010/11/08 06:52:10 | 000,376,849 | ---- | C] () -- C:\Documents and Settings\jon\My Documents\cert%20for%2099%20sylvan%20ave%2014.07.10.pdf
[2010/11/05 21:40:50 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\jon\My Documents\Maintain a continued relationship with the customer.doc
[2010/11/01 20:18:24 | 000,199,434 | ---- | C] () -- C:\Documents and Settings\jon\My Documents\Malaga BoardingPass.pdf
[2010/09/15 13:34:52 | 000,000,632 | ---- | C] () -- C:\WINDOWS\Vtw.INI
[2010/09/09 19:12:20 | 000,004,990 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2009/01/25 12:46:32 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/11/02 07:25:31 | 000,007,458 | ---- | C] () -- C:\Documents and Settings\jon\Application Data\.civclientrc
[2008/05/08 17:56:18 | 000,000,560 | ---- | C] () -- C:\Program Files\Global.sw
[2006/11/16 12:08:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\TRAYHOOK.DLL
[2006/05/14 14:35:04 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\x517_256.dll
[2006/02/16 09:35:23 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\jon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/11 10:00:16 | 000,045,186 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/06/08 21:35:54 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/06/08 21:32:10 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/06/08 21:25:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/08 21:24:03 | 000,010,022 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/06/08 21:01:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/06/08 20:41:53 | 000,000,635 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2004/07/12 21:07:21 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2000/01/27 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1999/01/22 18:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/11/23 19:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/11/10 20:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2008/11/02 09:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/09/11 08:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/11/24 20:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/11/21 13:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/07/09 21:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/01/30 18:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/18 20:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jon\Application Data\.freeciv
[2008/11/02 07:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jon\Application Data\.ggz
[2010/06/27 11:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jon\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/09/09 19:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jon\Application Data\Carambis
[2008/12/22 06:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jon\Application Data\PCToolsFirewallPlus
[2008/12/22 06:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jon\Application Data\PCToolsSpamMonitorPlus
[2008/01/14 19:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jon\Application Data\Sports Interactive
[2010/11/25 17:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jon\Application Data\Spotify
[2008/12/09 15:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jon\Application Data\TSO
[2008/11/02 09:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jon\Application Data\VCOM

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/11/29 14:27:12 | 000,005,527 | ---- | M] () -- C:\aoedoppl.txt
[2008/11/29 14:27:24 | 000,002,960 | ---- | M] () -- C:\aoeWVlog.txt
[2005/06/08 20:07:56 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/11/23 23:03:38 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/11/26 18:19:18 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/15 13:37:23 | 000,004,802 | R--- | M] () -- C:\CLDMA.LOG
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/11/26 18:33:51 | 000,013,146 | ---- | M] () -- C:\ComboFix.txt
[2005/06/08 20:07:56 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/11/28 22:51:50 | 267,968,512 | -HS- | M] () -- C:\hiberfil.sys
[2005/06/08 20:07:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/06/08 20:07:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/11/23 22:50:12 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/11/23 22:50:12 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/28 22:51:49 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
[2008/10/21 13:50:13 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/10/21 14:50:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/10/21 15:21:44 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/10/23 17:11:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/10/25 13:35:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2008/10/29 18:07:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2008/11/01 12:41:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2008/08/03 09:10:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2008/08/05 21:02:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/08/06 07:45:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/08/06 21:28:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/08/07 04:42:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/08/07 06:42:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/08/07 16:26:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/10/19 13:12:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/10/19 13:22:04 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2008/10/19 18:48:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2008/10/20 07:54:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2008/10/21 09:05:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2008/10/21 09:28:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2008/10/21 13:50:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/10/21 14:50:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/10/21 15:21:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/10/23 17:11:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/10/25 13:35:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008/10/29 18:07:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008/11/01 12:41:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008/08/03 09:10:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008/08/05 21:02:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/08/06 07:45:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/08/06 21:28:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/08/07 04:42:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/08/07 06:42:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/08/07 16:26:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/10/19 13:12:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/10/19 13:22:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008/10/19 18:48:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008/10/20 07:54:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008/10/21 09:05:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008/10/21 09:28:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/06/08 20:07:13 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/06/27 12:04:44 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5k2.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2005/06/20 16:39:35 | 020,798,256 | ---- | M] (Netopsystems AG ) -- C:\Program Files\AdbeRdr70_enu_full.exe
[2008/05/08 17:56:40 | 000,000,560 | ---- | M] () -- C:\Program Files\Global.sw

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/06/08 20:59:13 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/06/08 20:59:13 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/06/08 20:59:13 | 000,401,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/11/23 23:02:17 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/11/23 23:13:11 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\jon\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/06/08 20:15:21 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/11/26 18:14:11 | 003,909,115 | R--- | M] () -- C:\Documents and Settings\jon\Desktop\ComboFix.exe
[2009/10/25 23:07:57 | 000,570,208 | ---- | M] (Google Inc.) -- C:\Documents and Settings\jon\Desktop\googleupdatesetup.exe
[2008/12/22 07:30:13 | 001,851,544 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\jon\Desktop\install_flash_player.exe
[2010/11/28 22:58:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jon\Desktop\OTL.exe
[2008/12/29 21:54:56 | 010,024,504 | ---- | M] (Google Inc.) -- C:\Documents and Settings\jon\Desktop\picasa3-setup.exe
[2010/01/03 12:06:25 | 032,494,896 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\jon\Desktop\QuickTimeInstaller.exe
[2008/12/22 07:24:10 | 006,762,760 | ---- | M] (Mozilla) -- C:\Documents and Settings\jon\Desktop\Thunderbird Setup 2.0.0.18.exe
[2009/01/30 14:23:53 | 000,898,416 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\jon\Desktop\WGAPluginInstall(2).exe
[2009/01/30 14:27:10 | 000,318,904 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\jon\Desktop\wmpfirefoxplugin.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >
[2008/05/08 17:56:40 | 000,000,560 | -H-- | M] () -- C:\WINDOWS\Config\desktop.idf

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >


to be continued...
 
rest of OTL log plus Extras log

[2010/11/23 23:13:11 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\jon\Favorites\Desktop.ini
[2007/03/12 08:41:45 | 000,001,781 | ---- | M] () -- C:\Documents and Settings\jon\Favorites\Play other Games.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/11/28 22:52:59 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\jon\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/14 05:42:40 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 05:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2002/08/20 20:29:46 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/08/20 11:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/08/20 11:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 14:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/20 14:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2002/08/20 20:29:48 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002/08/20 20:30:06 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/08/20 20:30:06 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/08/20 11:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/02 23:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1997/12/23 00:23:36 | 000,004,672 | ---- | M] (Adaptec) -- C:\WINDOWS\system\wowpost.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE3BDCE7
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

EXTRAS LOG reads

OTL Extras logfile created on: 28/11/2010 23:09:10 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\jon\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

255.00 Mb Total Physical Memory | 112.00 Mb Available Physical Memory | 44.00% Memory free
620.00 Mb Paging File | 346.00 Mb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.65 Gb Total Space | 3.65 Gb Free Space | 24.90% Space Free | Partition Type: NTFS
Drive D: | 4.48 Gb Total Space | 3.48 Gb Free Space | 77.75% Space Free | Partition Type: NTFS

Computer Name: JONATHAN | User Name: jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE -url "%1" File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{52D97366-9779-43AB-98A2-91600DCD9102}" = Enterprise
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{AC1314E7-D28C-40A1-B322-80D2868D35CE}" = HP PSC & Officejet 4.2 Corporate Edition
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.7
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ESET Online Scanner" = ESET Online Scanner v3
"Freeciv-2.2.3-gtk2" = Freeciv 2.2.3 (GTK+ client)
"HijackThis" = HijackThis 2.0.2
"HitmanPro35" = Hitman Pro 3.5
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MS Access 97 SP2" = MS Access 97 SP2
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"RealPlayer 6.0" = RealPlayer
"Spotify" = Spotify
"Totalcmd" = Total Commander (Remove or Repair)
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/11/2010 05:54:05 | Computer Name = JONATHAN | Source = Application Hang | ID = 1002
Description = Hanging application POWERPNT.EXE, version 10.0.2623.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 18/11/2010 05:54:30 | Computer Name = JONATHAN | Source = Application Hang | ID = 1002
Description = Hanging application POWERPNT.EXE, version 10.0.2623.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 18/11/2010 05:54:37 | Computer Name = JONATHAN | Source = Application Hang | ID = 1002
Description = Hanging application POWERPNT.EXE, version 10.0.2623.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 18/11/2010 05:54:48 | Computer Name = JONATHAN | Source = Application Hang | ID = 1002
Description = Hanging application POWERPNT.EXE, version 10.0.2623.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 18/11/2010 05:55:44 | Computer Name = JONATHAN | Source = Application Hang | ID = 1002
Description = Hanging application POWERPNT.EXE, version 10.0.2623.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 18/11/2010 05:56:32 | Computer Name = JONATHAN | Source = Application Hang | ID = 1002
Description = Hanging application POWERPNT.EXE, version 10.0.2623.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 23/11/2010 15:55:15 | Computer Name = JONATHAN | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2800.1106, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 23/11/2010 16:08:38 | Computer Name = JONATHAN | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2800.1106, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 24/11/2010 18:52:09 | Computer Name = JONATHAN | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 24/11/2010 19:41:57 | Computer Name = JONATHAN | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070015 (converted
to 0x800423f3).

[ System Events ]
Error - 25/11/2010 04:11:25 | Computer Name = JONATHAN | Source = Service Control Manager | ID = 7022
Description = The Avira AntiVir Guard service hung on starting.

Error - 25/11/2010 05:15:09 | Computer Name = JONATHAN | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the AntiVirSchedulerService service.

Error - 25/11/2010 18:24:39 | Computer Name = JONATHAN | Source = Service Control Manager | ID = 7034
Description = The Symantec Network Drivers Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 25/11/2010 18:30:53 | Computer Name = JONATHAN | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0xcf8), which lies in the 0xcf8 - 0xcff protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 25/11/2010 18:31:10 | Computer Name = JONATHAN | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 26/11/2010 13:39:57 | Computer Name = JONATHAN | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0xcf8), which lies in the 0xcf8 - 0xcff protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 26/11/2010 13:39:57 | Computer Name = JONATHAN | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0xcfc), which lies in the 0xcf8 - 0xcff protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 28/11/2010 18:52:21 | Computer Name = JONATHAN | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0xcf8), which lies in the 0xcf8 - 0xcff protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 28/11/2010 18:52:21 | Computer Name = JONATHAN | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0xcfc), which lies in the 0xcf8 - 0xcff protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 28/11/2010 18:54:28 | Computer Name = JONATHAN | Source = Service Control Manager | ID = 7022
Description = The Avira AntiVir Guard service hung on starting.


< End of report >
 
Which browser is affected?

255.00 Mb Total Physical Memory
You have very little of RAM. XP would run much better with at least 512MB of RAM (1GB would be ideal).

===================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

=======================================================================

You have some Norton's leftovers. Please, run this tool to remove them: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    [2008/11/10 20:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
    @Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE3BDCE7
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    C:\*.sqm
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
 
Results of OTL fix

are below

am sure you are right re 512 MB of RAM (in context, bought PC in 2001 with 64MB, has had XP on for last 4 years on 256MB without probs - until this virus hit me). Did Java stuff and Norton stuff as you directed. Because 2001 not sure have removed early Norton stuff as this removal tool only went back to 2003

re: browser - definitely still redirecting on Firefox which is what I usually use. Tried 10 times on IE and hasn't yet redirected. Will carry on checking after have done OTL Quick Scan and posted. (If it means anything, had for the first time after OTL reboot a strange message about a script not running - related to Zotero, which runs on firefox and is an academic reference programme)

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\Documents and Settings\All Users\Application Data\Avg7 folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CE3BDCE7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\jon\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\jon\Desktop\cmd.txt deleted successfully.
C:\sqmdata00.sqm moved successfully.
C:\sqmdata01.sqm moved successfully.
C:\sqmdata02.sqm moved successfully.
C:\sqmdata03.sqm moved successfully.
C:\sqmdata04.sqm moved successfully.
C:\sqmdata05.sqm moved successfully.
C:\sqmdata06.sqm moved successfully.
C:\sqmdata07.sqm moved successfully.
C:\sqmdata08.sqm moved successfully.
C:\sqmdata09.sqm moved successfully.
C:\sqmdata10.sqm moved successfully.
C:\sqmdata11.sqm moved successfully.
C:\sqmdata12.sqm moved successfully.
C:\sqmdata13.sqm moved successfully.
C:\sqmdata14.sqm moved successfully.
C:\sqmdata15.sqm moved successfully.
C:\sqmdata16.sqm moved successfully.
C:\sqmdata17.sqm moved successfully.
C:\sqmdata18.sqm moved successfully.
C:\sqmdata19.sqm moved successfully.
C:\sqmnoopt00.sqm moved successfully.
C:\sqmnoopt01.sqm moved successfully.
C:\sqmnoopt02.sqm moved successfully.
C:\sqmnoopt03.sqm moved successfully.
C:\sqmnoopt04.sqm moved successfully.
C:\sqmnoopt05.sqm moved successfully.
C:\sqmnoopt06.sqm moved successfully.
C:\sqmnoopt07.sqm moved successfully.
C:\sqmnoopt08.sqm moved successfully.
C:\sqmnoopt09.sqm moved successfully.
C:\sqmnoopt10.sqm moved successfully.
C:\sqmnoopt11.sqm moved successfully.
C:\sqmnoopt12.sqm moved successfully.
C:\sqmnoopt13.sqm moved successfully.
C:\sqmnoopt14.sqm moved successfully.
C:\sqmnoopt15.sqm moved successfully.
C:\sqmnoopt16.sqm moved successfully.
C:\sqmnoopt17.sqm moved successfully.
C:\sqmnoopt18.sqm moved successfully.
C:\sqmnoopt19.sqm moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jon
->Temp folder emptied: 24384272 bytes
->Temporary Internet Files folder emptied: 5119858 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 59618931 bytes
->Flash cache emptied: 6344 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 395 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 79872 bytes

Total Files Cleaned = 85.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: jon
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11292010_003352

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
OK. After OTL run this for me...

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
 
OTL quick scan

assumed you didn't want me to paste anything into custom scan box, so just clicked quick scan - hope thats right?

OTL logfile created on: 29/11/2010 00:48:55 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\jon\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

255.00 Mb Total Physical Memory | 158.00 Mb Available Physical Memory | 62.00% Memory free
620.00 Mb Paging File | 388.00 Mb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.65 Gb Total Space | 3.50 Gb Free Space | 23.89% Space Free | Partition Type: NTFS
Drive D: | 4.48 Gb Total Space | 3.48 Gb Free Space | 77.75% Space Free | Partition Type: NTFS

Computer Name: JONATHAN | User Name: jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/28 22:58:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jon\Desktop\OTL.exe
PRC - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/03/10 22:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/05 16:53:39 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe


========== Modules (SafeList) ==========

MOD - [2010/11/28 22:58:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jon\Desktop\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20081108.002\symidsco.sys -- (SYMIDSCO)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\jon\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/08/02 16:10:08 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/08/02 16:10:08 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 22:04:32 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/04/05 10:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/05 10:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/04/05 10:16:58 | 000,036,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2005/04/05 10:16:56 | 000,047,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2005/04/05 10:16:54 | 000,173,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2005/04/05 10:16:52 | 000,011,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2002/08/28 23:00:56 | 000,084,480 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97via.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM)
DRV - [2002/08/28 22:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2001/08/17 13:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 13:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 13:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 13:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 13:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 13:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 13:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 13:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 13:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [1997/12/23 01:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 18:50:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/28 23:54:11 | 000,000,000 | ---D | M]

[2008/08/17 20:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jon\Application Data\Mozilla\Extensions
[2010/11/29 00:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jon\Application Data\Mozilla\Firefox\Profiles\ddkusqlm.default\extensions
[2010/03/15 19:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jon\Application Data\Mozilla\Firefox\Profiles\ddkusqlm.default\extensions\zotero@chnm.gmu.edu
[2010/11/29 00:16:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/28 23:54:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/28 23:53:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/11/26 18:29:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\jon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/08 20:07:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/29 00:33:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/29 00:06:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/29 00:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jon\My Documents\JavaRa
[2010/11/28 23:55:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/11/28 23:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/28 23:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/11/28 23:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jon\Application Data\Sun
[2010/11/28 22:58:33 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jon\Desktop\OTL.exe
[2010/11/26 18:33:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/11/26 18:19:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/26 18:16:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/26 18:16:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/26 18:16:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/26 18:16:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/26 18:15:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/26 18:15:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/26 06:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/25 23:09:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/11/25 22:41:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/25 22:41:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/25 22:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/25 22:13:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Avira
[2010/11/25 21:01:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2010/11/25 21:01:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/11/25 21:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/24 21:55:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/11/24 21:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jon\Application Data\Avira
[2010/11/24 21:38:36 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/11/24 21:38:30 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/11/24 21:38:30 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/11/24 21:38:30 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/11/24 21:38:30 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/11/24 21:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/11/24 21:38:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/11/24 20:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/11/24 20:45:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/11/24 03:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/11/24 00:28:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2010/11/23 23:54:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jon\Local Settings\Application Data\ESET
[2010/11/23 23:10:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/11/23 22:59:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/11/23 22:59:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2010/11/23 22:59:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/11/23 22:59:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/11/23 22:59:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2010/11/23 22:59:47 | 000,000,000 | ---D | C] -- C:\Program Files\msn
[2010/11/23 22:59:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/11/23 22:54:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/11/23 22:50:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/11/23 22:47:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/11/23 22:39:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/11/23 22:39:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/11/23 07:36:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/11/22 23:12:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/11/22 09:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jon\Application Data\Malwarebytes
[2010/11/22 09:47:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/21 18:40:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/11/21 13:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/21 13:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/20 22:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2010/11/20 22:58:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\aqmlk
[2010/11/20 22:56:19 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/11/20 22:32:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/11/20 22:30:14 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/11/09 12:35:09 | 000,000,000 | ---D | C] -- C:\Program Files\Freeciv-2.2.3-gtk2
[2010/10/31 15:51:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2005/06/20 16:32:15 | 020,798,256 | ---- | C] (Netopsystems AG ) -- C:\Program Files\AdbeRdr70_enu_full.exe

========== Files - Modified Within 30 Days ==========

[2010/11/29 00:37:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/29 00:35:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/29 00:35:43 | 267,968,512 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/28 22:58:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jon\Desktop\OTL.exe
[2010/11/26 18:29:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/26 18:19:18 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/26 18:14:11 | 003,909,115 | R--- | M] () -- C:\Documents and Settings\jon\Desktop\ComboFix.exe
[2010/11/25 23:20:22 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\jon\My Documents\virus log so far.doc
[2010/11/25 22:41:15 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/25 03:36:42 | 000,312,378 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/25 03:36:42 | 000,040,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/25 03:13:49 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/24 21:39:16 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/11/24 20:48:18 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/11/24 20:48:16 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/11/24 09:17:28 | 000,122,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/23 23:15:21 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/11/23 23:12:34 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/23 23:03:38 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/11/23 22:50:12 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/23 22:50:12 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/11/23 19:23:24 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/22 09:49:56 | 000,119,808 | ---- | M] () -- C:\Documents and Settings\jon\My Documents\screen print.doc
[2010/11/21 18:12:07 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\jon\Local Settings\Application Data\housecall.guid.cache
[2010/11/20 22:33:24 | 000,102,006 | ---- | M] () -- C:\WINDOWS\hpoins04.dat.temp
[2010/11/20 22:33:24 | 000,102,006 | ---- | M] () -- C:\WINDOWS\hpoins04.dat
[2010/11/18 20:49:00 | 000,006,870 | ---- | M] () -- C:\Documents and Settings\jon\Application Data\.freeciv-client-rc-2.2
[2010/11/12 11:02:00 | 000,048,640 | ---- | M] () -- C:\Documents and Settings\jon\My Documents\BlackRock proposal draft 3.doc
[2010/11/09 22:01:05 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\jon\My Documents\milestones.xls
[2010/11/08 06:52:29 | 001,756,454 | ---- | M] () -- C:\Documents and Settings\jon\My Documents\AVIVA%20Policy%20Wording.pdf
[2010/11/08 06:52:10 | 000,376,849 | ---- | M] () -- C:\Documents and Settings\jon\My Documents\cert%20for%2099%20sylvan%20ave%2014.07.10.pdf
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/05 21:40:51 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\jon\My Documents\Maintain a continued relationship with the customer.doc
[2010/11/01 20:18:24 | 000,199,434 | ---- | M] () -- C:\Documents and Settings\jon\My Documents\Malaga BoardingPass.pdf
[2010/10/30 17:59:36 | 000,045,186 | ---- | M] () -- C:\WINDOWS\cdplayer.ini

========== Files Created - No Company Name ==========

[2010/11/26 18:19:18 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/26 18:19:15 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/26 18:16:08 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/26 18:16:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/26 18:16:08 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/26 18:16:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/26 18:16:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/26 18:14:11 | 003,909,115 | R--- | C] () -- C:\Documents and Settings\jon\Desktop\ComboFix.exe
[2010/11/25 23:02:56 | 000,076,288 | ---- | C] () -- C:\Documents and Settings\jon\My Documents\virus log so far.doc
[2010/11/25 22:41:15 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/24 21:39:15 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/11/24 20:48:18 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/11/24 20:48:16 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/11/23 23:11:49 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/11/23 23:00:52 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/11/23 23:00:52 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/11/23 23:00:51 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/11/23 23:00:51 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/11/23 23:00:51 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/11/23 23:00:51 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/11/23 23:00:51 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/11/23 23:00:51 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/11/23 23:00:51 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/11/23 23:00:50 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/11/23 23:00:50 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/11/23 23:00:50 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/11/23 23:00:50 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/11/23 23:00:50 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/11/23 23:00:50 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/11/23 23:00:49 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/11/23 23:00:49 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2010/11/23 23:00:49 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/11/23 23:00:49 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/11/23 23:00:49 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/11/23 23:00:48 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/11/23 23:00:48 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/11/23 23:00:48 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/11/23 23:00:48 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2010/11/23 23:00:48 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/11/23 23:00:48 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/11/23 23:00:48 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/11/23 23:00:48 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/11/23 23:00:48 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/11/23 23:00:48 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/11/23 23:00:48 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/11/23 23:00:48 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/11/23 23:00:48 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/11/23 23:00:48 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/11/23 23:00:48 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/11/23 23:00:48 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/11/23 23:00:48 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/11/23 23:00:48 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/11/23 23:00:48 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/11/23 23:00:48 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/11/23 23:00:48 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/11/23 23:00:48 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/11/23 23:00:48 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/11/23 23:00:48 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/11/23 23:00:48 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/11/23 23:00:48 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/11/23 23:00:47 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/11/23 23:00:47 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/11/23 23:00:47 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2010/11/23 23:00:47 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2010/11/23 23:00:47 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2010/11/23 23:00:47 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2010/11/23 23:00:47 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2010/11/23 23:00:47 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2010/11/23 23:00:47 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2010/11/23 23:00:47 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2010/11/23 23:00:47 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2010/11/23 23:00:47 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2010/11/23 23:00:47 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2010/11/23 23:00:47 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2010/11/23 23:00:47 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2010/11/23 23:00:47 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2010/11/23 23:00:47 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2010/11/23 23:00:47 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/11/23 23:00:46 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/11/23 23:00:46 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/11/23 23:00:46 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/11/23 23:00:46 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/11/23 23:00:46 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/11/23 23:00:45 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/11/23 23:00:45 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2010/11/23 23:00:45 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/11/23 23:00:45 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/11/23 23:00:45 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/11/23 23:00:45 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/11/23 23:00:45 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/11/23 23:00:45 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/11/23 23:00:45 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/11/23 23:00:45 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/11/23 23:00:45 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/11/23 23:00:25 | 000,239,616 | ---- | C] () -- C:\WINDOWS\System32\wstrenderer.ax
[2010/11/23 23:00:25 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\wstpager.ax
[2010/11/23 23:00:25 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\vbicodec.ax
[2010/11/23 22:50:38 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/11/23 22:50:38 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/11/23 22:50:36 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/11/22 09:49:56 | 000,119,808 | ---- | C] () -- C:\Documents and Settings\jon\My Documents\screen print.doc
[2010/11/21 18:12:07 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\jon\Local Settings\Application Data\housecall.guid.cache
[2010/11/20 22:58:27 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/11/20 22:50:06 | 000,009,847 | ---- | C] () -- C:\WINDOWS\hpwscr12.dat
[2010/11/20 22:38:48 | 000,102,006 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2010/11/20 22:38:48 | 000,017,218 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2010/11/20 22:28:51 | 000,002,506 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/11/20 22:28:49 | 000,102,006 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2010/11/20 22:28:49 | 000,017,218 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2010/11/12 09:18:09 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\jon\My Documents\BlackRock proposal draft 3.doc
[2010/11/09 14:01:18 | 000,006,870 | ---- | C] () -- C:\Documents and Settings\jon\Application Data\.freeciv-client-rc-2.2
[2010/11/09 11:08:54 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\jon\My Documents\milestones.xls
[2010/11/08 06:52:28 | 001,756,454 | ---- | C] () -- C:\Documents and Settings\jon\My Documents\AVIVA%20Policy%20Wording.pdf
[2010/11/08 06:52:10 | 000,376,849 | ---- | C] () -- C:\Documents and Settings\jon\My Documents\cert%20for%2099%20sylvan%20ave%2014.07.10.pdf
[2010/11/05 21:40:50 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\jon\My Documents\Maintain a continued relationship with the customer.doc
[2010/11/01 20:18:24 | 000,199,434 | ---- | C] () -- C:\Documents and Settings\jon\My Documents\Malaga BoardingPass.pdf
[2010/09/15 13:34:52 | 000,000,632 | ---- | C] () -- C:\WINDOWS\Vtw.INI
[2010/09/09 19:12:20 | 000,004,990 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2009/01/25 12:46:32 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/11/02 07:25:31 | 000,007,458 | ---- | C] () -- C:\Documents and Settings\jon\Application Data\.civclientrc
[2008/05/08 17:56:18 | 000,000,560 | ---- | C] () -- C:\Program Files\Global.sw
[2006/11/16 12:08:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\TRAYHOOK.DLL
[2006/05/14 14:35:04 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\x517_256.dll
[2006/02/16 09:35:23 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\jon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/11 10:00:16 | 000,045,186 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/06/08 21:35:54 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/06/08 21:32:10 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/06/08 21:25:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/08 21:24:03 | 000,010,022 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/06/08 21:01:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/06/08 20:41:53 | 000,000,635 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2004/07/12 21:07:21 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2000/01/27 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1999/01/22 18:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/11/23 19:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/11/02 09:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/09/11 08:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/11/24 20:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/11/21 13:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/07/09 21:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/01/30 18:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/18 20:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jon\Application Data\.freeciv
[2008/11/02 07:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jon\Application Data\.ggz
[2010/06/27 11:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jon\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/09/09 19:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jon\Application Data\Carambis
[2008/12/22 06:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jon\Application Data\PCToolsFirewallPlus
[2008/12/22 06:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jon\Application Data\PCToolsSpamMonitorPlus
[2008/01/14 19:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jon\Application Data\Sports Interactive
[2010/11/25 17:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jon\Application Data\Spotify
[2008/12/09 15:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jon\Application Data\TSO
[2008/11/02 09:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jon\Application Data\VCOM

========== Purity Check ==========



< End of report >
 
We need to remove Norton leftovers manually...

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20081108.002\symidsco.sys -- (SYMIDSCO)
    DRV - [2005/04/05 10:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2005/04/05 10:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2005/04/05 10:16:58 | 000,036,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
    DRV - [2005/04/05 10:16:56 | 000,047,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
    DRV - [2005/04/05 10:16:54 | 000,173,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
    DRV - [2005/04/05 10:16:52 | 000,011,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
    
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
 
Goored

IE hasn't redirected on another 10-15 clicks tho some weird formatting (possibly cos I have IE6?? but still surprising), some messages about page load aborted (very similar to what was happening a few days ago with the virus on my work laptop which only had IE), and one seemingly ordinary webpage seeming to load and reload a lot (never seen that before) ....???

Goored below

Will get onto Norton stuff

GooredFix by jpshortstuff (03.07.10.1)
Log created at 01:15 on 29/11/2010 (jon)
Firefox version 3.6.12 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [09:16 24/10/2010]
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [23:54 28/11/2010]

C:\Documents and Settings\jon\Application Data\Mozilla\Firefox\Profiles\ddkusqlm.default\extensions\
zotero@chnm.gmu.edu [19:06 15/03/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

-=E.O.F=-
 
All processes killed
========== OTL ==========
Service SYMIDSCO stopped successfully!
Service SYMIDSCO deleted successfully!
File C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20081108.002\symidsco.sys not found.
Service SYMTDI stopped successfully!
Service SYMTDI deleted successfully!
C:\WINDOWS\system32\drivers\symtdi.sys moved successfully.
Service SYMREDRV stopped successfully!
Service SYMREDRV deleted successfully!
C:\WINDOWS\system32\drivers\symredrv.sys moved successfully.
Service SYMIDS stopped successfully!
Service SYMIDS deleted successfully!
C:\WINDOWS\system32\drivers\symids.sys moved successfully.
Service SYMNDIS stopped successfully!
Service SYMNDIS deleted successfully!
C:\WINDOWS\system32\drivers\symndis.sys moved successfully.
Service SYMFW stopped successfully!
Service SYMFW deleted successfully!
C:\WINDOWS\system32\drivers\symfw.sys moved successfully.
Service SYMDNS stopped successfully!
Service SYMDNS deleted successfully!
C:\WINDOWS\system32\drivers\symdns.sys moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jon
->Temp folder emptied: 754 bytes
->Temporary Internet Files folder emptied: 12980416 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 22502849 bytes
->Flash cache emptied: 878 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 395 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 34.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: jon
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11292010_012335

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
You have to upgrade IE to at least version 7 right away.
Version 6 is obsolete and thus dangerous.
Do so and let me know, how the issue is in IE7.

Let's see, if resetting router will help.

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE
 
Do you think the router is involved

Not sure how far we've got through the process; but I was wondering whether you think it is possible the router software could be involved? My wife has asked her work to send a new laptop - and of course if she connects and it is carrying something....
 
Urgent problem - router crashed

Hi
Followed your steps but my router totally crashed after restoring settings and only way I can write this is because I have a dongle. My Internet service provider could not help me reset router.

Is there anything you suggested which might have caused and which i could undo with your help? Otherwise - maybe a faulty router - but this seems strange because have previously restored settings without problem - will have to wait for several days for new router to be sent out to us...
 
please hold this thread active

i'm really grateful for what you've done so far

i now have to be away from home for a week, so I hope that you'll hold the thread open until I get back next monday

best wishes

J
 
Resetting a router shouldn't cause any physical damages, so maybe it was on its way out.

will have to wait for several days for new router to be sent out to us...
Keep me posted.

I'll change topic prefix to "On-hold", so it won't get closed.
 
Status
Not open for further replies.
Back