Solved Random iexplore.exe hogging all the cpu memory

Status
Not open for further replies.
B

BergerBerger

Posts: 47   +0
Hi

Running just a couple of tabs tonight - Facebook and one other, and everything started crawling. System showed iexplore.exe was hogging 99% of CPU memory (which happens occasionally), but just wouldn't go away - kept going on. I shut one down from the panel, and there were several more iexplore.exe s whirring away - yet I had only one instance open.

Do I have any malware going on?

Attached a HJT log if anyone could take a look.

Thanks
 

Attachments

  • HJT 25.11.10.txt
    8.3 KB · Views: 0
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Thanks Broni. Pasted logs:

AVG log
Scan "Whole computer scan" completed.
Warnings;"1";"1";"0"
Information;"23"
Folders selected for scanning:;"Whole computer scan"
Scan started:;"26 November 2010, 16:41:10"
Scan finished:;"26 November 2010, 17:47:29 (1 hour(s) 6 minute(s) 19 second(s))"
Total object scanned:;"673048"
User who launched the scan:;"Marc Weissenberger"

Warnings
;"File";"Infection";"Result"
;"C:\Documents and Settings\Marc Weissenberger\My Documents\Downloads\Media Player 11\WMP11 (Cracked By Torrent_Meister)\wmpappcompat.exe";"Corrupted executable file";"Moved to Virus Vault"

Information
;"File";"Information";"Result"
;"C:\WINDOWS\Installer\f8b3a0.msi";"The file is signed with a broken digital signature, issued by: Microsoft Corporation.";""
;"C:\WINDOWS\Installer\b76833.msi";"The file is signed with a broken digital signature, issued by: Apple Inc..";""
;"C:\WINDOWS\Installer\b73071.msi";"The file is signed with a broken digital signature, issued by: Microsoft Corporation.";""
;"C:\WINDOWS\Installer\b4bc59.msi";"The file is signed with a broken digital signature, issued by: Microsoft Corporation.";""
;"C:\WINDOWS\Installer\b1ff76.msi";"The file is signed with a broken digital signature, issued by: Microsoft Corporation.";""
;"C:\WINDOWS\Installer\a97945.msi";"The file is signed with a broken digital signature, issued by: Adobe Systems Incorporated.";""
;"C:\WINDOWS\Installer\796c47.msi";"The file is signed with a broken digital signature, issued by: Apple Inc..";""
;"C:\WINDOWS\Installer\796ab4.msi";"The file is signed with a broken digital signature, issued by: Apple Inc..";""
;"C:\WINDOWS\Installer\796806.msi";"The file is signed with a broken digital signature, issued by: Apple Inc..";""
;"C:\WINDOWS\Installer\796726.msi";"The file is signed with a broken digital signature, issued by: Apple Inc..";""
;"C:\WINDOWS\Installer\6bc90c.msi";"The file is signed with a broken digital signature, issued by: AVG Technologies.";""
;"C:\WINDOWS\Installer\6834e7.msi";"The file is signed with a broken digital signature, issued by: NOKIA.";""
;"C:\WINDOWS\Installer\6834e2.msi";"The file is signed with a broken digital signature, issued by: NOKIA.";""
;"C:\WINDOWS\Installer\6834da.msi";"The file is signed with a broken digital signature, issued by: NOKIA.";""
;"C:\WINDOWS\Installer\21117.msi";"The file is signed with a broken digital signature, issued by: Microsoft Corporation.";""
;"C:\WINDOWS\Installer\123632.msi";"The file is signed with a broken digital signature, issued by: Microsoft Corporation.";""
;"C:\WINDOWS\Installer\1192e7.msi";"The file is signed with a broken digital signature, issued by: Adobe Systems.";""
;"C:\WINDOWS\Installer\1116e7.msi";"The file is signed with a broken digital signature, issued by: Sun Microsystems.";""
;"C:\WINDOWS\Installer\102abce.msi";"The file is signed with a broken digital signature, issued by: Microsoft Corporation.";""
;"C:\System Volume Information\_restore{812A305A-DDEF-4D26-A398-851C578F5BF6}\RP134\A0008556.exe";"The file is signed with a broken digital signature, issued by: BitTorrent Inc.";""
;"C:\System Volume Information\_restore{812A305A-DDEF-4D26-A398-851C578F5BF6}\RP133\A0008289.exe";"The file is signed with a broken digital signature, issued by: BitTorrent Inc.";""
;"C:\System Volume Information\_restore{812A305A-DDEF-4D26-A398-851C578F5BF6}\RP131\A0007942.exe";"The file is signed with a broken digital signature, issued by: BitTorrent Inc.";""
;"C:\Program Files\BitTorrent\BitTorrent.exe";"The file is signed with a broken digital signature, issued by: BitTorrent Inc.";""

Note - the broken digital signatures are apparently happening to AVG 11 users evrerywhere, as a result of a recent update, and are not a concern, according to AVG Free forum staff
 
TFC run.

MBAM log (clean):

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5194

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26/11/2010 18:34:10
mbam-log-2010-11-26 (18-34-10).txt

Scan type: Quick scan
Objects scanned: 144844
Time elapsed: 23 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Moving on
 
GMER

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-26 18:55:18
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Maxtor_6Y080L0 rev.YAR41BW0
Running: GMER.exe; Driver: C:\DOCUME~1\MARCWE~1\LOCALS~1\Temp\pxtdrpow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----
 
DDS Attach.txt log


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 01/12/2004 20:17:35
System Uptime: 26/11/2010 18:02:53 (1 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6570
Processor: AMD Athlon(tm) XP 1500+ | Socket A | 1331/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (FAT32) - 76 GiB total, 44.768 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_570C1462&REV_A1\3&13C0B0C5&0&20
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_570C1462&REV_A1\3&13C0B0C5&0&20
Service:

==== System Restore Points ===================

RP73: 29/08/2010 13:22:50 - System Checkpoint
RP74: 31/08/2010 10:06:47 - System Checkpoint
RP75: 01/09/2010 11:44:13 - System Checkpoint
RP76: 03/09/2010 09:11:25 - System Checkpoint
RP77: 03/09/2010 15:36:50 - Removed WOT for Internet Explorer
RP78: 03/09/2010 15:36:59 - Installed WOT for Internet Explorer
RP79: 05/09/2010 11:00:55 - System Checkpoint
RP80: 06/09/2010 13:05:48 - System Checkpoint
RP81: 08/09/2010 21:34:58 - System Checkpoint
RP82: 10/09/2010 15:50:36 - Avg Update
RP83: 11/09/2010 18:15:36 - System Checkpoint
RP84: 12/09/2010 19:20:57 - System Checkpoint
RP85: 14/09/2010 10:31:11 - System Checkpoint
RP86: 17/09/2010 14:05:08 - System Checkpoint
RP87: 18/09/2010 13:30:44 - Software Distribution Service 3.0
RP88: 20/09/2010 14:26:07 - Software Distribution Service 3.0
RP89: 21/09/2010 11:06:47 - Software Distribution Service 3.0
RP90: 22/09/2010 09:51:25 - Software Distribution Service 3.0
RP91: 23/09/2010 11:04:16 - Software Distribution Service 3.0
RP92: 24/09/2010 11:02:06 - Software Distribution Service 3.0
RP93: 24/09/2010 17:44:38 - Software Distribution Service 3.0
RP94: 25/09/2010 10:19:38 - Software Distribution Service 3.0
RP95: 26/09/2010 10:40:08 - System Checkpoint
RP96: 27/09/2010 15:20:46 - System Checkpoint
RP97: 28/09/2010 15:36:44 - System Checkpoint
RP98: 29/09/2010 16:23:55 - System Checkpoint
RP99: 30/09/2010 16:50:44 - System Checkpoint
RP100: 02/10/2010 23:18:13 - System Checkpoint
RP101: 05/10/2010 15:57:37 - System Checkpoint
RP102: 07/10/2010 10:29:50 - System Checkpoint
RP103: 08/10/2010 15:45:30 - System Checkpoint
RP104: 08/10/2010 15:50:55 - Software Distribution Service 3.0
RP105: 08/10/2010 16:05:07 - Software Distribution Service 3.0
RP106: 10/10/2010 02:16:09 - System Checkpoint
RP107: 11/10/2010 14:42:24 - System Checkpoint
RP108: 14/10/2010 11:42:51 - Avg Update
RP109: 14/10/2010 11:45:34 - Avg Update
RP110: 15/10/2010 18:41:16 - System Checkpoint
RP111: 17/10/2010 10:53:36 - System Checkpoint
RP112: 18/10/2010 18:32:10 - System Checkpoint
RP113: 01/11/2010 09:36:32 - System Checkpoint
RP114: 01/11/2010 21:03:08 - Avg Update
RP115: 02/11/2010 21:29:19 - System Checkpoint
RP116: 03/11/2010 22:27:53 - System Checkpoint
RP117: 03/11/2010 23:31:38 - Software Distribution Service 3.0
RP118: 07/11/2010 21:39:39 - System Checkpoint
RP119: 09/11/2010 10:55:15 - System Checkpoint
RP120: 12/11/2010 09:48:01 - System Checkpoint
RP121: 14/11/2010 11:24:28 - Software Distribution Service 3.0
RP122: 15/11/2010 20:51:47 - System Checkpoint
RP123: 16/11/2010 15:47:34 - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP124: 16/11/2010 15:48:02 - Installed AVG 2011
RP125: 16/11/2010 15:49:24 - Removed AVG Free 9.0
RP126: 17/11/2010 19:40:05 - System Checkpoint
RP127: 19/11/2010 10:39:24 - Installed AVG 2011
RP128: 19/11/2010 10:41:09 - Installed AVG 2011
RP129: 21/11/2010 12:26:59 - System Checkpoint
RP130: 22/11/2010 20:36:56 - System Checkpoint
RP131: 26/11/2010 11:55:02 - Restore Operation
RP132: 26/11/2010 12:03:01 - Restore Operation
RP133: 26/11/2010 12:23:31 - Restore Operation
RP134: 26/11/2010 12:31:19 - Restore Operation
RP135: 26/11/2010 14:46:20 - Installed Microsoft Office Professional Plus 2007

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
Ahead Nero Burning ROM
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI HydraVision
AusLogics Disk Defrag
AVG 2011
Axence NetTools Pro 4.0
BBC iPlayer Download Manager
Belkin F5D5000 Desktop PCI Card Driver
BitTorrent
BitTorrentBar Toolbar
Bonjour
BroadJump Client Foundation
Canon PhotoRecord
Canon PIXMA iP2000
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CCleaner
Compatibility Pack for the 2007 Office system
Conduit Engine
CutePDF Writer 2.8
DVD@ccess 2.0.3
Easy-WebPrint
Facebook Plug-In
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iPod for Windows 2005-03-23
iPod for Windows 2005-11-17
iTunes
J2SE Runtime Environment 5.0 Update 12
Java Auto Updater
Java(TM) 6 Update 20
LG PC Suite II
LG USB Modem driver
LimeWire 5.5.8
Logitech iTouch Software
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MioMore Desktop
MSVC80_x86
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA nForce Drivers
PC Connectivity Solution
PowerDVD
QuickTime
RAW FILE CONVERTER LE
RealPlayer
Rome - Total War(TM)
Saitek NT Controller Drivers
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Media Player 9 Series (KB969878)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SpeechRedist
Spotify
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
Virgin Media HUB 3.5.12
WebFldrs XP
Winamp (remove only)
Windows Defender Signatures
Windows Driver Package - Nokia Modem (10/27/2008 3.9)
Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows XP Service Pack 3
Windows XP Uninstall
WOT for Internet Explorer

==== End Of File ===========================

DDS.txt


DDS (Ver_10-11-26.01) - FAT32x86
Run by Marc Weissenberger at 19:00:11.68 on 26/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.511.174 [GMT 0:00]

AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
C:\WINDOWS\system32\Ati2evxx.exe
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Winamp\winampa.exe
SVCHOST.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Virgin Media\HUB\ServicepointService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Virgin Media\HUB\VirginMediaHUBComHandler.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG10\avgui.exe
C:\Documents and Settings\Marc Weissenberger\Local Settings\Temporary Internet Files\Content.IE5\DXLK71E4\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uCustomizeSearch =
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [VirginMediaHUB.exe] "c:\program files\virgin media\hub\VirginMediaHUB.exe" /AUTORUN
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\docume~1\marcwe~1\startm~1\programs\startup\taskba~1.lnk - c:\program files\taskbar activate\TaskbarActivate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\system\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111170187941
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: AtiExtEvent - Ati2evxx.dll

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 DVDAccss;DVDAccss;c:\windows\system32\drivers\DVDAccss.sys [2009-3-9 29156]
R2 ServicepointService;ServicepointService;c:\program files\virgin media\hub\ServicepointService.exe [2010-11-3 668912]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S3 SaiHFF0C;SaiHFF0C;c:\windows\system32\drivers\SaiHFF0C.sys [2004-3-15 56576]
S3 SaiUFF0C;SaiUFF0C;c:\windows\system32\drivers\saiuFF0C.sys [2004-6-11 19584]
S3 WLAN(WLAN);802.11b+g USB Wireless LAN Adapter Driver(WLAN);c:\windows\system32\drivers\ZD1211U.sys [2005-1-15 237056]

=============== Created Last 30 ================

2010-11-26 15:14:09 -------- d-----w- c:\program files\common files\ODBC
2010-11-26 14:55:35 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-11-26 14:53:28 -------- d-----w- c:\docume~1\marcwe~1\applic~1\Microsoft Help
2010-11-26 14:53:28 -------- d-----w- c:\docume~1\marcwe~1\applic~1\Microsoft Help
2010-11-26 12:28:56 -------- d-----w- c:\program files\Conduit
2010-11-26 12:28:55 -------- d-----w- c:\docume~1\marcwe~1\applic~1\temp
2010-11-26 12:28:55 -------- d-----w- c:\docume~1\marcwe~1\applic~1\temp
2010-11-26 12:28:51 -------- d-----w- c:\program files\BitTorrent
2010-11-26 12:28:45 -------- d-----w- c:\docume~1\marcwe~1\applic~1\AVG10
2010-11-26 12:28:45 -------- d-----w- c:\docume~1\marcwe~1\applic~1\AVG10
2010-11-26 12:04:12 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-11-26 12:04:12 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-21 13:12:12 -------- d-----w- c:\docume~1\marcwe~1\applic~1\PriceGong
2010-11-21 13:12:12 -------- d-----w- c:\docume~1\marcwe~1\applic~1\PriceGong
2010-11-21 12:05:09 -------- d-----w- c:\docume~1\marcwe~1\applic~1\Conduit
2010-11-21 12:05:09 -------- d-----w- c:\docume~1\marcwe~1\applic~1\Conduit
2010-11-21 12:05:04 -------- d-----w- c:\docume~1\marcwe~1\applic~1\BitTorrentBar
2010-11-21 12:05:04 -------- d-----w- c:\docume~1\marcwe~1\applic~1\BitTorrentBar
2010-11-21 12:04:59 -------- d-----w- c:\docume~1\marcwe~1\applic~1\ConduitEngine
2010-11-21 12:04:59 -------- d-----w- c:\docume~1\marcwe~1\applic~1\ConduitEngine
2010-11-21 12:04:58 -------- d-----w- c:\program files\ConduitEngine
2010-11-21 12:04:42 -------- d-----w- c:\program files\BitTorrentBar
2010-11-21 12:04:34 -------- d-----w- C:\extensions
2010-11-21 12:03:07 -------- d-----w- c:\docume~1\marcwe~1\applic~1\BitTorrent
2010-11-21 12:03:07 -------- d-----w- c:\docume~1\marcwe~1\applic~1\BitTorrent
2010-11-19 10:43:58 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-11-19 10:41:24 -------- d-----w- c:\windows\system32\drivers\avg
2010-11-19 10:41:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-11-19 10:15:02 -------- d-----w- c:\documents and settings\marc weissenberger\Apps
2010-11-16 15:42:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-11-06 11:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2010-11-03 21:24:24 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-03 21:24:23 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-11-03 21:24:10 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-11-03 20:47:13 -------- d-----w- c:\program files\Virgin Media
2010-11-03 20:42:04 -------- d-----w- c:\docume~1\marcwe~1\applic~1\Virgin Media
2010-11-03 20:42:04 -------- d-----w- c:\docume~1\marcwe~1\applic~1\Virgin Media
2010-11-03 20:41:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\Radialpoint
2010-11-03 20:41:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\Virgin Media

==================== Find3M ====================

2010-09-18 12:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:26 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:26 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:26 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2009-02-02 13:32:38 59981528 ----a-w- c:\program files\avg_free_stf_en_8_233a1415.exe
2008-12-28 16:12:04 6167304 ----a-w- c:\program files\BBC-iPlayer_Setup.exe
2006-03-28 23:06:16 4429593 ----a-w- c:\program files\Logitech.exe

============= FINISH: 19:02:03.25 ===============
 
Sure thing :)

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 133):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF8AB6000 \WINDOWS\system32\KDCOM.DLL
0xF89C6000 \WINDOWS\system32\BOOTVID.dll
0xF8567000 ACPI.sys
0xF8AB8000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF8556000 pci.sys
0xF85B6000 isapnp.sys
0xF8B7E000 pciide.sys
0xF8836000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF85C6000 MountMgr.sys
0xF8537000 ftdisk.sys
0xF8ABA000 dmload.sys
0xF8511000 dmio.sys
0xF883E000 PartMgr.sys
0xF85D6000 VolSnap.sys
0xF84F9000 atapi.sys
0xF85E6000 disk.sys
0xF85F6000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF84D9000 fltmgr.sys
0xF84C7000 sr.sys
0xF8846000 PxHelp20.sys
0xF84A3000 Fastfat.sys
0xF848C000 KSecDD.sys
0xF845F000 NDIS.sys
0xF884E000 nv_agp.sys
0xF8445000 Mup.sys
0xF8856000 avgrkx86.sys
0xF8606000 AVGIDSEH.Sys
0xF8636000 \SystemRoot\System32\DRIVERS\amdk7.sys
0xF8876000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xF82A0000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF887E000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF8646000 \SystemRoot\system32\drivers\nvax.sys
0xF8204000 \SystemRoot\System32\DRIVERS\Intels51.sys
0xF8886000 \SystemRoot\System32\Drivers\Modem.SYS
0xF81F0000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xF8A3E000 \SystemRoot\system32\drivers\pfc.sys
0xF8A42000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS
0xF8656000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF8666000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF81A5000 \SystemRoot\System32\DRIVERS\ks.sys
0xF8A46000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xF8676000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF80E3000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
0xF80CF000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF888E000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF8686000 \SystemRoot\System32\DRIVERS\serial.sys
0xF8A52000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF80BB000 \SystemRoot\System32\DRIVERS\parport.sys
0xF8322000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF8696000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF8A56000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF80A4000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF86A6000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF86B6000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF8896000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF889E000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF88A6000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF8074000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF86C6000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF88AE000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF88B6000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF8ABC000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF7FEE000 \SystemRoot\System32\DRIVERS\update.sys
0xF8A6E000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF86D6000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8ABE000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF86E6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7FA1000 \SystemRoot\system32\drivers\nvapu.sys
0xF7F7D000 \SystemRoot\system32\drivers\portcls.sys
0xF86F6000 \SystemRoot\system32\drivers\drmk.sys
0xF7E2A000 \SystemRoot\system32\drivers\nvmcp.sys
0xF7E19000 \SystemRoot\system32\drivers\nvarm.sys
0xF8AA2000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF88CE000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF8746000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0xF8AC0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF82F7000 \SystemRoot\System32\Drivers\Null.SYS
0xF8AC2000 \SystemRoot\System32\Drivers\Beep.SYS
0xF88DE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF88E6000 \SystemRoot\System32\drivers\vga.sys
0xF8AC4000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8AC6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF88EE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF88F6000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF81E8000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xA67A5000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF8766000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xA674C000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xA6704000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0xA66DE000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF8776000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xA66B6000 \SystemRoot\System32\DRIVERS\netbt.sys
0xA6694000 \SystemRoot\System32\drivers\afd.sys
0xF8786000 \SystemRoot\System32\DRIVERS\netbios.sys
0xA6669000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xA65F9000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF8796000 \SystemRoot\System32\Drivers\Fips.SYS
0xA65BD000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0xF88FE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF87A6000 \SystemRoot\System32\Drivers\LHidUsb.Sys
0xF87B6000 \SystemRoot\System32\Drivers\HIDCLASS.SYS
0xF81C8000 \SystemRoot\System32\Drivers\LCcFltr.Sys
0xF8070000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF806C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF87D6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA648D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8AC8000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA6505000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8906000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF83FF000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF078000 \SystemRoot\System32\ati3duag.dll
0xBF1C9000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA634D000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xA5FF0000 \SystemRoot\system32\drivers\wdmaud.sys
0xA61D5000 \SystemRoot\system32\drivers\sysaudio.sys
0xA5D83000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xA60E5000 \SystemRoot\system32\drivers\DVDAccss.sys
0xF8AFC000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA608D000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xA5CDB000 \SystemRoot\System32\DRIVERS\secdrv.sys
0xA5C0B000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xA5ADB000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xA5572000 \SystemRoot\System32\Drivers\HTTP.sys
0xA3D17000 \??\C:\DOCUME~1\MARCWE~1\LOCALS~1\Temp\pxtdrpow.sys
0xF8976000 \??\C:\DOCUME~1\MARCWE~1\LOCALS~1\Temp\mbr.sys
0xA3B10000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\System32\ntdll.dll

Processes (total 46):
0 System Idle Process
4 System
332 C:\WINDOWS\System32\SMSS.EXE
540 CSRSS.EXE
568 C:\WINDOWS\System32\WINLOGON.EXE
616 C:\WINDOWS\System32\SERVICES.EXE
628 C:\WINDOWS\System32\LSASS.EXE
784 C:\WINDOWS\System32\ATI2EVXX.EXE
800 C:\WINDOWS\System32\SVCHOST.EXE
876 SVCHOST.EXE
936 C:\WINDOWS\System32\SVCHOST.EXE
1076 SVCHOST.EXE
1164 C:\WINDOWS\System32\ATI2EVXX.EXE
1240 SVCHOST.EXE
1276 C:\WINDOWS\EXPLORER.EXE
1400 C:\WINDOWS\System32\SPOOLSV.EXE
1608 C:\Program Files\Logitech\iTouch\iTouch.exe
1640 C:\Program Files\Winamp\WINAMPA.EXE
1676 SVCHOST.EXE
1728 C:\Program Files\BroadJump\Client Foundation\CFD.EXE
1740 C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe
1760 C:\Program Files\Common Files\InstallShield\UpdateService\ISSCH.EXE
1772 C:\Program Files\AVG\AVG10\AVGTRAY.EXE
1812 C:\Program Files\Common Files\Apple\Mobile Device Support\BIN\AppleMobileDeviceService.exe
1856 C:\Program Files\AVG\AVG10\AVGWDSVC.EXE
1932 C:\Program Files\Bonjour\mDNSResponder.exe
2040 C:\Program Files\Java\JRE6\BIN\JQS.EXE
632 C:\Program Files\Virgin Media\HUB\ServicepointService.exe
888 C:\WINDOWS\System32\SVCHOST.EXE
1436 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
2872 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
2992 alg.exe
3080 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
3172 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
4036 WMIPRVSE.EXE
2004 WMIPRVSE.EXE
2152 C:\WINDOWS\System32\wuauclt.exe
3240 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
4088 C:\Program Files\AVG\AVG10\avgnsx.exe
4048 C:\Program Files\AVG\AVG10\avgchsvx.exe
3400 C:\Program Files\AVG\AVG10\avgrsx.exe
3864 C:\Program Files\AVG\AVG10\avgcsrvx.exe
1188 C:\Program Files\Internet Explorer\iexplore.exe
2372 C:\Program Files\Internet Explorer\iexplore.exe
2104 C:\Program Files\Virgin Media\HUB\VirginMediaHUBComHandler.exe
3880 C:\Documents and Settings\Marc Weissenberger\Desktop\8 step cleansing with TechSpot - Nov 10\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: Maxtor6Y080L0, Rev: YAR41BW0

Size Device Name MBR Status
--------------------------------------------
76 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 62D3FC1627EC28E36E9284E130DD762077E0DB4B


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
 
Combofix log

Note - I had to uninstall AVG 11, which was a pain to install last week for some reason. I'd like to re-install asap?

ComboFix 10-11-25.06 - Marc Weissenberger 26/11/2010 20:31:10.3.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.511.270 [GMT 0:00]
Running from: c:\documents and settings\Marc Weissenberger\Desktop\8 step cleansing with TechSpot - Nov 10\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Marc Weissenberger\Application Data\PriceGong
c:\documents and settings\Marc Weissenberger\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Marc Weissenberger\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Marc Weissenberger\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Marc Weissenberger\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Marc Weissenberger\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Marc Weissenberger\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Marc Weissenberger\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Marc Weissenberger\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Marc Weissenberger\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Marc Weissenberger\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Marc Weissenberger\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Marc Weissenberger\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Marc Weissenberger\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Marc Weissenberger\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Marc Weissenberger\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Marc Weissenberger\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Marc Weissenberger\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Marc Weissenberger\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Marc Weissenberger\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Marc Weissenberger\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Marc Weissenberger\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Marc Weissenberger\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Marc Weissenberger\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Marc Weissenberger\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Marc Weissenberger\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Marc Weissenberger\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Marc Weissenberger\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Marc Weissenberger\Application Data\PriceGong\Data\z.xml

.
((((((((((((((((((((((((( Files Created from 2010-10-26 to 2010-11-26 )))))))))))))))))))))))))))))))
.

2010-11-26 20:22 . 2010-11-26 20:22 -------- d-----w- c:\documents and settings\NetworkService\Application Data\BitTorrentBar
2010-11-26 15:19 . 2010-11-26 15:19 -------- d-----w- c:\program files\Microsoft Works
2010-11-26 15:14 . 2010-11-26 15:14 -------- d-----w- c:\program files\Microsoft.NET
2010-11-26 14:55 . 2010-11-26 14:55 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-11-26 14:53 . 2010-11-26 14:53 -------- d-----w- c:\documents and settings\Marc Weissenberger\Application Data\Microsoft Help
2010-11-26 14:53 . 2010-11-26 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-11-26 12:28 . 2010-11-26 12:28 -------- d-----w- c:\program files\Conduit
2010-11-26 12:28 . 2010-11-26 12:28 -------- d-----w- c:\documents and settings\Marc Weissenberger\Application Data\temp
2010-11-26 12:28 . 2010-11-26 12:28 -------- d-----w- c:\program files\BitTorrent
2010-11-26 12:28 . 2010-11-26 12:28 -------- d-----w- c:\documents and settings\Marc Weissenberger\Application Data\AVG10
2010-11-26 12:04 . 2010-11-26 12:04 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-21 12:05 . 2010-11-21 12:05 -------- d-----w- c:\documents and settings\Marc Weissenberger\Application Data\Conduit
2010-11-21 12:04 . 2010-11-21 12:04 -------- d-----w- C:\extensions
2010-11-21 12:03 . 2010-11-21 12:03 -------- d-----w- c:\documents and settings\Marc Weissenberger\Application Data\BitTorrent
2010-11-19 10:43 . 2010-11-19 10:44 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-11-19 10:41 . 2010-11-19 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-11-19 10:15 . 2010-11-19 10:15 -------- d-----w- c:\documents and settings\Marc Weissenberger\Apps
2010-11-16 15:42 . 2010-11-16 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-11-06 11:37 . 2010-11-06 11:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-11-03 21:24 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-03 21:24 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-11-03 21:24 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-11-03 20:47 . 2010-11-03 20:47 -------- d-----w- c:\program files\Virgin Media
2010-11-03 20:42 . 2010-11-03 20:42 -------- d-----w- c:\documents and settings\Marc Weissenberger\Application Data\Virgin Media
2010-11-03 20:41 . 2010-11-03 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Radialpoint
2010-11-03 20:41 . 2010-11-03 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Virgin Media

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 12:23 . 2004-12-01 20:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-12-01 20:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-12-01 20:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-12-01 20:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-12-07 16:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-12-01 19:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-12-01 19:59 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-12-01 19:58 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-12-01 20:02 1852800 ----a-w- c:\windows\system32\win32k.sys
2009-02-02 13:32 . 2009-02-02 13:32 59981528 ----a-w- c:\program files\avg_free_stf_en_8_233a1415.exe
2008-12-28 16:12 . 2008-12-28 16:10 6167304 ----a-w- c:\program files\BBC-iPlayer_Setup.exe
2006-03-28 23:06 . 2006-03-28 23:06 4429593 ----a-w- c:\program files\Logitech.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 12:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-10-18 12:26 3908192 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"VirginMediaHUB.exe"="c:\program files\Virgin Media\HUB\VirginMediaHUB.exe" [2009-12-14 4277488]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD@ccess.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DVD@ccess.lnk
backup=c:\windows\pss\DVD@ccess.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2010-03-17 00:29 300992 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2004-01-14 02:10 409600 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 13:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 11:50 155648 ----a-w- c:\windows\SYSTEM32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-12-03 12:47 1205760 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\REALPLAY.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Axence\\NetTools\\4.0\\NetTools.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Virgin Media\\HUB\\ServicepointService.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R2 DVDAccss;DVDAccss;c:\windows\SYSTEM32\DRIVERS\DVDAccss.sys [09/03/2009 17:10 29156]
R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\HUB\ServicepointService.exe [03/11/2010 20:47 668912]
S3 SaiHFF0C;SaiHFF0C;c:\windows\SYSTEM32\DRIVERS\SaiHFF0C.sys [15/03/2004 15:16 56576]
S3 SaiUFF0C;SaiUFF0C;c:\windows\SYSTEM32\DRIVERS\saiuFF0C.sys [11/06/2004 10:59 19584]
S3 WLAN(WLAN);802.11b+g USB Wireless LAN Adapter Driver(WLAN);c:\windows\SYSTEM32\DRIVERS\ZD1211U.sys [15/01/2005 16:59 237056]
.
Contents of the 'Scheduled Tasks' folder

2010-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-11-26 c:\windows\Tasks\User_Feed_Synchronization-{EB3D35C7-430A-4E5E-AB49-F021103AC1B7}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uCustomizeSearch =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-AvgRemover - c:\documents and settings\Marc Weissenberger\Local Settings\Temporary Internet Files\Content.IE5\DXLK71E4\avg_remover_stf_x86_2011_1165[1].exe
MSConfigStartUp-Broadbandadvisor - c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe
MSConfigStartUp-kdx - c:\program files\Kontiki\KHost.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-26 20:37
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Xanthic\{1246792F-C12E-81AE-FE96-35D2FC917677}*_]
"fr"="078C477F465242"
"lr"="078C477F465242"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(388)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-11-26 20:39:45
ComboFix-quarantined-files.txt 2010-11-26 20:39
ComboFix2.txt 2010-04-21 21:00

Pre-Run: 48,454,729,728 bytes free
Post-Run: 48,745,807,872 bytes free

- - End Of File - - 8740E47E19E08E88FF021FA301A78CDB

So - I saw a few things crop up, one in the AVG scan, one in the MBR check? Anything horrific? Machine working ok quietly as we type
 
Combofix vs. AVG, more info: http://www.bleepingcomputer.com/for..._hl__combofix+avg__fromsearch__1#entry2014042

I note AVG removed a version of Win Media Player 11 I downloaded as a Torrent
Click to expand...
I can't comment on AVG behavior. You may want to complain at AVG forum.
Personally, I don't recommend AVG anyway.

Combofix log looks good now, so you're free to reinstall AVG, or switch to something less problematic like:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

When done...

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
NOTE - Have to split this file, it's over 51,000 characters!!

OTL logfile created on: 26/11/2010 22:13:34 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Marc Weissenberger\Desktop\8 step cleansing with TechSpot - Nov 10
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: eng | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 150.00 Mb Available Physical Memory | 29.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.31 Gb Total Space | 45.14 Gb Free Space | 59.16% Space Free | Partition Type: FAT32

Computer Name: A | User Name: Marc Weissenberger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/26 22:12:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marc Weissenberger\Desktop\8 step cleansing with TechSpot - Nov 10\OTL.exe
PRC - [2010/09/07 16:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 16:12:00 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/12/14 11:26:02 | 000,668,912 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\HUB\ServicepointService.exe
PRC - [2009/12/14 11:25:56 | 004,277,488 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe
PRC - [2009/12/14 11:25:56 | 000,468,208 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\HUB\VirginMediaHUBComHandler.exe
PRC - [2008/12/03 12:47:34 | 001,205,760 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008/09/19 08:52:04 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008/06/03 08:02:34 | 000,119,808 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008/04/14 00:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/02/17 07:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/03/18 09:33:26 | 000,892,928 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe
PRC - [2003/01/27 17:16:58 | 000,376,912 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe


========== Modules (SafeList) ==========

MOD - [2010/11/26 22:12:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marc Weissenberger\Desktop\8 step cleansing with TechSpot - Nov 10\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\framedyn.dll
MOD - [2004/03/18 09:26:50 | 000,004,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\itchhk.dll
MOD - [2004/03/18 09:26:48 | 000,114,688 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL


========== Win32 Services (SafeList) ==========

SRV - [2010/09/07 16:12:00 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 16:12:00 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 16:12:00 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/12/14 11:26:02 | 000,668,912 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\HUB\ServicepointService.exe -- (ServicepointService)
SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\MARCWE~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/09/07 15:52:26 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 15:52:04 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 15:47:20 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 15:47:08 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 15:46:52 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/01/21 01:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - [2010/01/21 01:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - [2010/01/21 01:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - [2008/09/15 07:56:34 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/09/15 07:56:24 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/09/15 07:56:24 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ccdcmb.sys -- (nmwcd)
DRV - [2008/09/15 07:56:24 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006/01/18 19:41:58 | 000,080,512 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/02/11 10:24:24 | 000,079,488 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\k750obex.sys -- (k750obex)
DRV - [2005/02/11 10:22:48 | 000,081,728 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\k750mgmt.sys -- (k750mgmt)
DRV - [2005/02/11 10:21:10 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\k750mdm.sys -- (k750mdm)
DRV - [2005/02/11 10:21:02 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\k750mdfl.sys -- (k750mdfl)
DRV - [2005/02/11 10:19:20 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2004/08/06 12:54:26 | 000,237,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ZD1211U.sys -- (WLAN(WLAN)) 802.11b+g USB Wireless LAN Adapter Driver(WLAN)
DRV - [2004/08/04 05:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/06/11 10:59:20 | 000,019,584 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\saiuFF0C.sys -- (SaiUFF0C)
DRV - [2004/03/15 15:16:56 | 000,056,576 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SaiHFF0C.sys -- (SaiHFF0C)
DRV - [2004/03/10 13:42:24 | 000,012,953 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\itchfltr.sys -- (itchfltr)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2004/03/03 09:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidUsb.sys -- (LHidUsb)
DRV - [2004/03/03 09:50:00 | 000,014,095 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LCcfltr.sys -- (LCcfltr)
DRV - [2004/03/03 04:31:22 | 000,679,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/01/14 11:30:00 | 000,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\ZDPNDIS5.sys -- (ZDPNDIS5)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\alcaudsl.sys -- (alcaudsl)
DRV - [2003/11/21 16:15:14 | 000,029,156 | ---- | M] (Apple Computer, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DVDAccss.sys -- (DVDAccss)
DRV - [2003/10/24 03:38:00 | 000,311,936 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2003/10/24 03:38:00 | 000,038,784 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2003/05/22 15:44:44 | 000,670,203 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Intels51.sys -- (Intels51) Intel(R)
DRV - [2003/04/10 11:42:56 | 000,048,384 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SaiNtHid.sys -- (SaiNtHid)
DRV - [2003/04/10 11:42:32 | 000,019,200 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SaiNtSub.sys -- (SaiNtSub)
DRV - [2003/03/19 07:51:00 | 000,018,688 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2002/04/11 16:21:38 | 000,013,335 | R--- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbcm.sys -- (usbcm)
DRV - [2002/02/11 14:15:50 | 000,014,572 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PFC.SYS -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/04/28 20:49:56 | 000,000,000 | ---D | M]

[2009/03/30 13:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc Weissenberger\Application Data\Mozilla\Extensions
[2009/03/30 13:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc Weissenberger\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/11/26 20:37:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [VirginMediaHUB.exe] C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe (Virgin Media)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe File not found
O4 - Startup: C:\Documents and Settings\Marc Weissenberger\Start Menu\Programs\Startup\Taskbar Activate.lnk = C:\Program Files\Taskbar Activate\TaskbarActivate.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1111170187941 (WUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Marc Weissenberger\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marc Weissenberger\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/01 19:53:24 | 000,000,194 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\LHACM.ACM (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.IV50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VDOM - vdowave.drv File not found
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/26 22:07:10 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/11/26 22:07:10 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/11/26 22:07:09 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/11/26 22:07:08 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/11/26 22:07:05 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/11/26 22:07:05 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/11/26 22:07:05 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/11/26 22:06:48 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/11/26 22:06:47 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/11/26 22:06:38 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/11/26 22:06:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/26 20:29:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/26 20:29:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/26 20:29:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/26 20:29:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/26 20:22:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/26 20:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\BitTorrentBar
[2010/11/26 18:36:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc Weissenberger\Desktop\8 step cleansing with TechSpot - Nov 10
[2010/11/26 15:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/11/26 15:17:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/11/26 15:16:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/11/26 15:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/11/26 15:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/11/26 14:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/11/26 14:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc Weissenberger\Application Data\Microsoft Help
[2010/11/26 14:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/11/26 12:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/11/26 12:28:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc Weissenberger\Application Data\temp
[2010/11/26 12:28:51 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2010/11/26 12:28:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc Weissenberger\Application Data\AVG10
[2010/11/26 11:51:11 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/11/21 12:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc Weissenberger\My Documents\Downloads
[2010/11/21 12:05:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc Weissenberger\Application Data\Conduit
[2010/11/21 12:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc Weissenberger\Application Data\BitTorrentBar
[2010/11/21 12:04:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc Weissenberger\Application Data\ConduitEngine
[2010/11/21 12:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2010/11/21 12:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrentBar
[2010/11/21 12:04:34 | 000,000,000 | ---D | C] -- C:\extensions
[2010/11/21 12:03:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc Weissenberger\Application Data\BitTorrent
[2010/11/19 10:43:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/19 10:41:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/19 10:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc Weissenberger\Apps
[2010/11/16 15:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/03 20:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\Virgin Media
[2010/11/03 20:42:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc Weissenberger\Application Data\Virgin Media
[2010/11/03 20:41:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2010/11/03 20:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Virgin Media
[2009/02/02 13:32:37 | 059,981,528 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_8_233a1415.exe
[2008/12/28 16:10:10 | 006,167,304 | ---- | C] (Microsoft Corporation) -- C:\Program Files\BBC-iPlayer_Setup.exe
[2006/03/28 23:06:15 | 004,429,593 | ---- | C] (Logitech ) -- C:\Program Files\Logitech.exe

========== Files - Modified Within 30 Days ==========

[2010/11/26 22:07:12 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/26 22:07:08 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/26 20:42:12 | 000,000,448 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EB3D35C7-430A-4E5E-AB49-F021103AC1B7}.job
[2010/11/26 20:28:30 | 000,000,051 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2010/11/26 20:28:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/26 20:22:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/26 20:17:08 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Marc Weissenberger\Desktop\Microsoft Office Word 2007.lnk
[2010/11/26 17:58:26 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marc Weissenberger\Desktop\TFC.exe
[2010/11/26 17:51:34 | 000,270,062 | ---- | M] () -- C:\Documents and Settings\Marc Weissenberger\Desktop\Will.pdf
[2010/11/26 16:39:38 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Marc Weissenberger\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/11/26 16:05:46 | 000,002,485 | ---- | M] () -- C:\Documents and Settings\Marc Weissenberger\Desktop\Microsoft Office Excel 2007.lnk
[2010/11/26 15:43:08 | 000,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/26 12:05:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/26 10:18:50 | 000,012,013 | ---- | M] () -- C:\Documents and Settings\Marc Weissenberger\Desktop\Generics functional map.xlsx
[2010/11/21 11:28:34 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Marc Weissenberger\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/20 12:35:38 | 000,000,192 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010/11/20 11:30:18 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\Marc Weissenberger\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/11/20 11:13:50 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/19 14:13:08 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Marc Weissenberger\Desktop\Running.xls
[2010/11/08 01:20:26 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/03 23:42:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2010/11/26 22:07:11 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/26 20:29:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/26 20:29:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/26 20:29:36 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/26 20:29:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/26 20:29:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/26 17:31:28 | 000,270,062 | ---- | C] () -- C:\Documents and Settings\Marc Weissenberger\Desktop\Will.pdf
[2010/11/26 15:24:59 | 000,002,515 | ---- | C] () -- C:\Documents and Settings\Marc Weissenberger\Desktop\Microsoft Office Word 2007.lnk
[2010/11/26 15:24:58 | 000,002,485 | ---- | C] () -- C:\Documents and Settings\Marc Weissenberger\Desktop\Microsoft Office Excel 2007.lnk
[2010/11/26 11:41:23 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Marc Weissenberger\Desktop\PROTTPLN.DOC
[2010/11/26 11:41:23 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Marc Weissenberger\Desktop\PROTTPLN.XLS
[2010/11/26 11:41:23 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Marc Weissenberger\Desktop\PROTTPLN.PPT
[2010/11/26 10:19:41 | 000,012,013 | ---- | C] () -- C:\Documents and Settings\Marc Weissenberger\Desktop\Generics functional map.xlsx
[2010/04/20 17:17:59 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/04/12 13:51:48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2010/04/12 13:51:48 | 000,002,412 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/03/03 17:44:30 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/06/22 21:32:52 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/09/24 21:04:35 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Multimedia manager.INI
[2008/09/24 20:57:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2007/03/29 22:00:40 | 000,203,264 | ---- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2007/01/08 23:02:32 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/30 18:41:43 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2006/03/02 20:50:52 | 000,000,070 | ---- | C] () -- C:\WINDOWS\847F6667.ini
[2006/03/02 18:51:27 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32_1-1-0_DDR.dll
[2006/03/02 18:51:26 | 000,663,552 | ---- | C] () -- C:\WINDOWS\System32\libeay32_1-1-0_DDR.dll
[2006/03/02 18:51:26 | 000,532,594 | ---- | C] () -- C:\WINDOWS\System32\xerces-c_1_40_0_DDR.dll
[2006/03/02 18:51:26 | 000,524,377 | ---- | C] () -- C:\WINDOWS\System32\stlport_4_0_0_DDR.dll
[2006/03/02 18:51:26 | 000,307,329 | ---- | C] () -- C:\WINDOWS\System32\BJBase_2-2-2_DDR.dll
[2005/12/03 03:03:34 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\ZLIB.DLL
[2005/07/13 10:52:10 | 000,002,052 | ---- | C] () -- C:\WINDOWS\sites.ini
[2005/06/12 22:06:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/06/12 22:04:58 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS66.DLL
[2005/04/09 17:53:49 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/03/18 18:15:11 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/01/15 16:59:58 | 000,237,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\ZD1211U.sys
[2005/01/15 16:49:44 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2004/12/14 23:39:41 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\SaiCfg.dll
[2004/12/04 21:56:54 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\Marc Weissenberger\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/12/01 21:11:03 | 000,000,248 | ---- | C] () -- C:\WINDOWS\RomeTW.ini
[2004/12/01 20:49:21 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/12/01 20:38:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/01 20:14:36 | 000,012,484 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2004/12/01 20:14:36 | 000,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2004/12/01 20:14:36 | 000,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2004/12/01 20:14:36 | 000,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2004/12/01 20:14:36 | 000,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2004/12/01 20:14:36 | 000,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2004/12/01 20:14:36 | 000,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2004/12/01 20:14:36 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2004/12/01 20:14:36 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2004/12/01 20:14:36 | 000,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2004/12/01 20:14:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2004/12/01 20:08:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/12/01 19:50:38 | 000,023,357 | -H-- | C] () -- C:\Program Files\folder.htt
[2004/03/03 04:29:58 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[1980/01/01 00:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ICMFILTER.DLL
[1980/01/01 00:00:00 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
 
OTL part 2!

========== LOP Check ==========

[2005/06/19 11:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/05/19 18:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
[2009/02/18 13:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/04/28 20:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/04/28 20:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/11/27 10:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/12 13:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2010/11/03 20:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Media
[2010/11/03 20:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2010/11/16 15:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/19 10:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/19 10:44:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/26 22:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2005/03/20 02:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc Weissenberger\Application Data\STOPzilla!
[2006/01/04 22:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc Weissenberger\Application Data\FUJIFILM
[2007/07/11 18:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc Weissenberger\Application Data\Teleca
[2008/05/19 18:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc Weissenberger\Application Data\Virgin Broadband
[2008/05/24 11:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc Weissenberger\Application Data\Auslogics
[2008/09/16 22:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc Weissenberger\Application Data\LimeWire
[2008/09/24 21:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc Weissenberger\Application Data\Samsung
[2009/04/28 20:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc Weissenberger\Application Data\Nokia
[2009/04/28 20:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc Weissenberger\Application Data\PC Suite
[2009/05/09 17:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc Weissenberger\Application Data\PowerChallenge
[2009/07/10 10:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc Weissenberger\Application Data\Spotify
[2009/12/17 19:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc Weissenberger\Application Data\vkvava
[2010/03/02 17:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc Weissenberger\Application Data\Facebook
[2010/03/03 17:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc Weissenberger\Application Data\CutePDF Writer
[2010/04/12 13:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc Weissenberger\Application Data\LG Electronics
[2010/08/19 17:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc Weissenberger\Application Data\MiTAC_International_Corpo
[2010/11/03 20:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc Weissenberger\Application Data\Virgin Media
[2010/11/21 12:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc Weissenberger\Application Data\BitTorrent
[2010/11/21 12:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc Weissenberger\Application Data\ConduitEngine
[2010/11/21 12:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc Weissenberger\Application Data\BitTorrentBar
[2010/11/21 12:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc Weissenberger\Application Data\Conduit
[2010/11/26 12:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc Weissenberger\Application Data\AVG10
[2010/11/26 12:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc Weissenberger\Application Data\temp
[2010/11/26 20:42:12 | 000,000,448 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EB3D35C7-430A-4E5E-AB49-F021103AC1B7}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/12/01 19:49:18 | 000,001,660 | RHS- | M] () -- C:\MSDOS.SYS
[2004/12/01 19:53:24 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004/12/01 19:44:58 | 000,245,792 | RH-- | M] () -- C:\CLASSES.1ST
[2004/12/01 19:53:24 | 000,000,194 | ---- | M] () -- C:\AUTOEXEC.BAT
[2000/06/08 17:00:00 | 000,110,080 | RHS- | M] () -- C:\IO.SYS
[2004/12/01 19:53:26 | 000,000,000 | ---- | M] () -- C:\CONFIG.BAK
[2006/08/04 10:46:40 | 000,000,466 | ---- | M] () -- C:\PPCleanDeleteAtReboot.bat
[2007/10/26 15:43:02 | 000,000,000 | ---- | M] () -- C:\itouch_config_crash_info.txt
[2010/08/19 17:49:58 | 000,000,773 | ---- | M] () -- C:\tmp1
[2010/11/26 20:28:18 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2004/12/01 20:04:22 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2008/10/01 22:19:28 | 000,000,074 | ---- | M] () -- C:\CMLoader.log
[2009/09/17 11:36:58 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2005/03/24 19:52:34 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com
[2010/10/16 10:11:18 | 000,000,288 | RHS- | M] () -- C:\boot.ini
[2010/08/19 17:49:58 | 000,000,128 | ---- | M] () -- C:\tmp2
[2010/11/25 22:08:32 | 000,002,030 | ---- | M] () -- C:\BOOTEX.LOG
[2010/04/12 13:30:26 | 000,000,000 | ---- | M] () -- C:\Tech_Vista.log
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/11/26 20:39:46 | 000,015,589 | ---- | M] () -- C:\ComboFix.txt
[2010/01/19 23:28:20 | 000,000,217 | ---- | M] () -- C:\Boot.bak
[2010/06/29 12:25:28 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2005/09/19 23:56:20 | 000,000,117 | ---- | M] () -- C:\W
[2009/06/12 18:28:36 | 000,008,554 | ---- | M] () -- C:\itouch_crash_info.txt

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/12/01 20:13:56 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\FONTS\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\spool\prtprocs\w32x86\mdippr.dll
[2004/05/21 06:00:00 | 000,017,920 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\spool\prtprocs\w32x86\CNMPD66.DLL
[2004/05/21 06:00:00 | 000,054,272 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\spool\prtprocs\w32x86\CNMPP66.DLL
[2008/07/06 11:50:04 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2000/06/08 17:00:00 | 000,071,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Channel Screen Saver.SCR
[2010/09/07 16:12:18 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/01/19 15:24:24 | 005,992,758 | ---- | M] () -- C:\Documents and Settings\Marc Weissenberger\Application Data\Microsoft\Wallpaper1.bmp

< %PROGRAMFILES%\*.* >
[2004/12/01 19:50:40 | 000,023,357 | -H-- | M] () -- C:\Program Files\folder.htt
[2004/12/01 19:50:40 | 000,000,271 | -HS- | M] () -- C:\Program Files\desktop.ini
[2006/03/28 23:06:16 | 004,429,593 | ---- | M] (Logitech ) -- C:\Program Files\Logitech.exe
[2008/12/28 16:12:04 | 006,167,304 | ---- | M] (Microsoft Corporation) -- C:\Program Files\BBC-iPlayer_Setup.exe
[2009/02/02 13:32:38 | 059,981,528 | ---- | M] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_8_233a1415.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/12/01 20:07:52 | 000,413,696 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\system.sav
[2004/12/01 20:07:52 | 000,626,688 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\software.sav
[2004/12/01 20:07:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\default.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/09/17 11:51:48 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
[2005/07/13 10:43:24 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Spam Filters.url

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2004/12/01 20:20:06 | 000,000,085 | ---- | M] () -- C:\Documents and Settings\Marc Weissenberger\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2005/03/24 20:59:16 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Marc Weissenberger\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/11/26 17:58:26 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marc Weissenberger\Desktop\TFC.exe
[2005/12/21 15:43:52 | 002,855,080 | ---- | M] () -- C:\Documents and Settings\Marc Weissenberger\Desktop\aawsepersonal.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2005/03/24 20:59:18 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Marc Weissenberger\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/11/26 22:11:40 | 000,196,608 | -HS- | M] () -- C:\Documents and Settings\Marc Weissenberger\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/14 00:12:38 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2000/06/08 17:00:00 | 000,000,000 | ---- | M] () -- C:\Program Files\Messenger\BLOGO.GI_
[2000/06/08 17:00:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\NEWEMAIL.WA_
[2000/06/08 17:00:00 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\ONLINE.WA_
[2000/06/08 17:00:00 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\TYPE.WA_
[2002/08/20 15:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2002/08/20 12:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2002/08/20 12:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2004/07/17 18:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm
[2002/08/20 12:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2002/08/20 20:30:06 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/08/20 20:30:06 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/08/20 20:29:48 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2008/04/14 00:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/04/13 17:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 00:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2008/05/02 15:01:50 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
Extras

OTL Extras logfile created on: 26/11/2010 22:13:34 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Marc Weissenberger\Desktop\8 step cleansing with TechSpot - Nov 10
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: eng | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 150.00 Mb Available Physical Memory | 29.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.31 Gb Total Space | 45.14 Gb Free Space | 59.16% Space Free | Partition Type: FAT32

Computer Name: A | User Name: Marc Weissenberger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- File not found
"C:\Program Files\Axence\NetTools\4.0\NetTools.exe" = C:\Program Files\Axence\NetTools\4.0\NetTools.exe:*:Enabled:Axence NetTools -- (Axence Software, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\REALPLAY.EXE" = C:\Program Files\Real\RealPlayer\REALPLAY.EXE:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\Axence\NetTools\4.0\NetTools.exe" = C:\Program Files\Axence\NetTools\4.0\NetTools.exe:*:Enabled:Axence NetTools -- (Axence Software, Inc.)
"C:\Program Files\Virgin Media\HUB\ServicepointService.exe" = C:\Program Files\Virgin Media\HUB\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0F0D79F1-F46E-4433-9A16-E683A1D8CC9B}" = LG PC Suite II
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{1798227A-AA89-4C78-AF55-56A38E654788}" = Belkin F5D5000 Desktop PCI Card Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{2B34414C-14FB-11D6-A329-0050045C24B2}" = DVD@ccess 2.0.3
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A9E0E2F-B0D1-452B-B833-7A7300EA1231}" = Saitek NT Controller Drivers
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7617FC2E-EA1B-4F07-A0F5-5D5F437CB32D}" = MioMore Desktop
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F99520C7-7EE6-472E-8DD8-E60003A9292F}" = WOT for Internet Explorer
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Windows Driver Package - Nokia Modem (10/27/2008 3.9)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"Axence NetTools Pro_is1" = Axence NetTools Pro 4.0
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"BroadJump Client Foundation" = BroadJump Client Foundation
"CANONBJ_Deinstall_CNMCP66.DLL" = Canon PIXMA iP2000
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"InstallShield_{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"LimeWire" = LimeWire 5.5.8
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA nForce Drivers" = NVIDIA nForce Drivers
"PROPLUS" = Microsoft Office Professional Plus 2007
"RadialpointClientGateway_is1" = Virgin Media HUB 3.5.12
"RealPlayer 6.0" = RealPlayer
"Spotify" = Spotify
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp (remove only)
"Windows" = Windows XP Uninstall
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/10/2008 17:06:51 | Computer Name = A | Source = Application Error | ID = 1001
Description = Fault bucket 882402816.

Error - 23/10/2008 14:20:53 | Computer Name = A | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module msvcr80.dll, version 8.0.50727.762, fault address 0x00014580.

Error - 25/10/2008 05:19:09 | Computer Name = A | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module msvcr80.dll, version 8.0.50727.762, fault address 0x00014580.

Error - 27/10/2008 06:59:15 | Computer Name = A | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 27/10/2008 06:59:54 | Computer Name = A | Source = Application Hang | ID = 1001
Description = Fault bucket 939517030.

Error - 28/10/2008 13:39:21 | Computer Name = A | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 28/10/2008 13:39:29 | Computer Name = A | Source = Application Hang | ID = 1001
Description = Fault bucket 939517030.

Error - 05/11/2008 13:27:37 | Computer Name = A | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 16/12/2008 17:00:16 | Computer Name = A | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 16/12/2008 17:00:31 | Computer Name = A | Source = Application Hang | ID = 1001
Description = Fault bucket 939517030.

[ System Events ]
Error - 02/06/2010 17:20:01 | Computer Name = A | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00173FD013D3 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 03/06/2010 04:39:26 | Computer Name = A | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 03/06/2010 05:20:06 | Computer Name = A | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
address 00173FD013D3 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 05/06/2010 03:15:17 | Computer Name = A | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 05/06/2010 10:37:31 | Computer Name = A | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 05/06/2010 10:39:43 | Computer Name = A | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 06/06/2010 04:32:23 | Computer Name = A | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 07/06/2010 13:27:30 | Computer Name = A | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 08/06/2010 05:12:21 | Computer Name = A | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 10/06/2010 01:53:22 | Computer Name = A | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2


< End of report >
 
511.00 Mb Total Physical Memory
Click to expand...
Your computer could use another 512MB of RAM for better performance.

=========================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
[2010/11/26 12:28:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc Weissenberger\Application Data\AVG10
[2010/11/19 10:41:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2006/03/02 20:50:52 | 000,000,070 | ---- | C] () -- C:\WINDOWS\847F6667.ini
[2005/03/20 02:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc Weissenberger\Application Data\STOPzilla!


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=====================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Re: the 512mb, yes, it's quite an old machine, but served me well (I use the work laptop most of the time). I will have to invest in a new machine soon, but for the time being...

Will crack on with the rest, many thanks
 
OTL Logfile

All processes killed
========== OTL ==========
Error: No service named RPSKT) Security Services Driver (x86 was found to stop!
Service\Driver key RPSKT) Security Services Driver (x86 not found.
File C:\WINDOWS\System32\DRIVERS\rp_skt32.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\ not found.
File Animation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\Documents and Settings\Marc Weissenberger\Application Data\AVG10\cfgall folder moved successfully.
C:\Documents and Settings\Marc Weissenberger\Application Data\AVG10 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10\log\IDP\log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10\log\IDP folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10\log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10 folder moved successfully.
C:\WINDOWS\847F6667.ini moved successfully.
C:\Documents and Settings\Marc Weissenberger\Application Data\STOPzilla! folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Marc Weissenberger
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 66233827 bytes
->Java cache emptied: 2027 bytes
->Flash cache emptied: 566 bytes

User: NetworkService
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
Session Manager Temp folder emptied: 0 bytes
Session Manager Tmp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 63.00 mb


[EMPTYFLASH]

User: Default User

User: All Users

User: Marc Weissenberger
->Flash cache emptied: 0 bytes

User: NetworkService

User: LocalService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11262010_230534

Files\Folders moved on Reboot...
C:\Documents and Settings\Marc Weissenberger\Local Settings\Temporary Internet Files\Content.IE5\M0CRBXWX\sh28[1].html moved successfully.
C:\Documents and Settings\Marc Weissenberger\Local Settings\Temporary Internet Files\Content.IE5\DXLK71E4\crosspixel-dest[1].htm moved successfully.
C:\Documents and Settings\Marc Weissenberger\Local Settings\Temporary Internet Files\Content.IE5\DXLK71E4\topic157192[1].html moved successfully.
C:\Documents and Settings\Marc Weissenberger\Local Settings\Temporary Internet Files\Content.IE5\DXLK71E4\aclk[2].htm moved successfully.
C:\Documents and Settings\Marc Weissenberger\Local Settings\Temporary Internet Files\Content.IE5\DXLK71E4\data_sync[1].htm moved successfully.
C:\Documents and Settings\Marc Weissenberger\Local Settings\Temporary Internet Files\Content.IE5\UNSJ0I2S\search[2].htm moved successfully.
C:\Documents and Settings\Marc Weissenberger\Local Settings\Temporary Internet Files\Content.IE5\UNSJ0I2S\adsCAQJ7JVH.htm moved successfully.
File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...
 
SecurityCheck file

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.0.12.36
Adobe Reader 9.4.1
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
 
done everything, TFC again etc, just running the ESET online scanner, it is quite slow, been on 17% for 3 minutes! Actually, think it may have got stuck, cos the files scanned total isn't moving...ah, now it's moving again, weird
 
Status
Not open for further replies.

Similar threads

Scorpus
AMD launches Ryzen 6000 series for laptops: What's new with the Zen 3+ architecture?
2
Replies
47
Views
7K
mxfalcon54
M
Julio Franco
The complete list of alternatives to all Google products
2 3 4
Replies
98
Views
34K
wizardB
wizardB
Cal Jeffrey
How I finally beat the scalpers and landed a PS5 (Update)
2
Replies
43
Views
9K
captaincranky
captaincranky

Latest posts

Back