Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With AV Security Suite


  • This topic is locked This topic is locked
13 replies to this topic

#1 bobsyouruncle

bobsyouruncle

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 25 June 2010 - 05:08 PM

Hi All,

A couple of days ago I started getting false security warnings from AV Security Suite. I removed it with Spyware Doctor but my browser kept redirecting to unwanted sites. I have tried to fix this with Malwarebytes and Spybot Search & Destroy and they haven't worked. I have also tried running ESET online scanner. Could you help me resolve this please. I have carried out all of the steps in the preparation guide but I could not generate a GMER log because my PC kept shutting down after about 2 hours.

Thanks In Advance.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Steve Facey at 22:55:25.25 on 24/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.108 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\kdx\KHost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:5555
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [STManager] "c:\program files\speedtouch\dr speedtouch\drst.exe" -b
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [kdx] c:\windows\kdx\KHost.exe -all
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [{9D8F2F9F-CC4D-5DD5-4636-8D047E986D92}] "c:\documents and settings\steve facey.personal-c78746\application data\xave\arak.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [PC Pitstop Optimize Scheduler] c:\program files\pcpitstop\optimize\PCPOptimize.exe -boot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [TomTomHOME.exe] "c:\program files\tomtom home\TomTomHOME.exe" -s
mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRunServicesOnce: [washindex] c:\program files\washer\washidx.exe "Steve Facey"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab
DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} - hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165183066869
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {52220260-25C0-408D-B2FE-B31375A65C71} - rundll32 hgop32.dll,laspi
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-6-21 218592]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys --> c:\windows\system32\drivers\pxscan.sys [?]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-26 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-26 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-26 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-11 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-11 308064]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-6-21 112592]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys --> c:\windows\system32\drivers\pxrts.sys [?]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-6-21 366840]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys --> c:\windows\system32\drivers\pxkbf.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-6-21 1142224]

=============== Created Last 30 ================

2010-06-24 12:45:41 0 d-----w- c:\program files\Trend Micro
2010-06-24 08:20:06 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-24 08:20:06 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2010-06-23 20:49:38 0 d-----w- c:\program files\Prevx
2010-06-22 23:07:58 0 d-----w- c:\docume~1\stevef~2.per\applic~1\Malwarebytes
2010-06-22 23:07:29 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-06-22 23:07:26 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-21 21:51:53 0 d-----w- c:\program files\Spyware Doctor
2010-06-21 21:51:53 0 d-----w- c:\docume~1\stevef~2.per\applic~1\PC Tools
2010-06-21 21:51:53 0 d-----w- c:\docume~1\alluse~1.win\applic~1\PC Tools
2010-06-21 21:23:34 0 d-----w- c:\program files\common files\PC Tools

==================== Find3M ====================

2010-06-08 02:16:01 763832 ----a-w- c:\windows\BDTSupport.dll
2010-06-08 00:21:02 1652664 ----a-w- c:\windows\PCTBDCore.dll
2010-06-03 12:36:01 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 14:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2003-03-09 12:38:46 271 --sh--w- c:\program files\desktop.ini
2003-03-09 12:38:46 23357 ---ha-w- c:\program files\folder.htt
2009-02-18 17:29:30 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009021820090219\index.dat

============= FINISH: 22:58:10.90 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:24 AM

Posted 30 June 2010 - 03:13 PM

Hi bobsyouruncle,

Welcome to Bleeping Computer!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.
STEP 1 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 2 - OTL

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • In the Custom Scans box, copy and paste the following:
    CODE
    netsvcs
    safebootminimal
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the files, and post it with your next reply.
STEP 3 - Reply

Please reply with the following logs:
  • MBAM Log
  • OTL Log

Edited by mpascal, 30 June 2010 - 03:15 PM.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#3 bobsyouruncle

bobsyouruncle
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 01 July 2010 - 05:55 PM

Hi mpascal,

Thanks for helping me.

Here are the logs.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4265

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

01/07/2010 22:42:09
mbam-log-2010-07-01 (22-42-09).txt

Scan type: Quick scan
Objects scanned: 184402
Time elapsed: 27 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{9d8f2f9f-cc4d-5dd5-4636-8d047e986d92} (Trojan.Zbot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL logfile created on: 01/07/2010 22:55:12 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 201.00 Mb Available Physical Memory | 39.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 45.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 26.66 Gb Free Space | 35.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 149.05 Gb Total Space | 97.47 Gb Free Space | 65.40% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PERSONAL-C78746
Current User Name: Steve Facey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)
PRC - C:\WINDOWS\kdx\KHost.exe (Kontiki Inc.)
PRC - C:\Program Files\TomTom HOME\TomTomHOME.exe (TomTom)
PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
PRC - C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe (THOMSON Telecom Belgium)
PRC - C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe ()
PRC - C:\WINDOWS\SOUNDMAN.EXE (Avance Logic, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (KService) -- File not found
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (InCDsrv) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Nero AG)
DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDrm.sys (Nero AG)
DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)
DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)
DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (ALCXWDM) Service for Avance AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Avance Logic, Inc.)
DRV - (VIAPFD) -- C:\WINDOWS\System32\Drivers\VIAPFD.SYS (VIA Technologies. Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 49 63 76 5D 19 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555



O1 HOSTS File: ([2010/06/24 12:51:05 | 000,408,553 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14129 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe (HP)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe (PC Pitstop, LLC.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Avance Logic, Inc.)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME\TomTomHOME.exe (TomTom)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [STManager] C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe ()
O4 - HKLM..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/0/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab (TraderMediaImgX Control)
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_6.cab (FixController Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1165183066869 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/03/21 17:13:18 | 000,000,194 | -HS- | M] () - C:\AUTOEXEC.BAK -- [ NTFS ]
O32 - AutoRun File - [2006/12/03 22:11:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f6ff5a00-595e-11dc-924e-00508d49851c}\Shell\AutoRun\command - "" = G:\RECYCLER\recycld.exe -- File not found
O33 - MountPoints2\{f6ff5a00-595e-11dc-924e-00508d49851c}\Shell\open\command - "" = G:\RECYCLER\recycld.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/12/03 22:10:53 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

SafeBootMin: AVG Anti-Spyware Driver - Driver
SafeBootMin: AVG Anti-Spyware Guard - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69537874164318208)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/01 22:43:54 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\OTL.exe
[2010/06/24 13:45:41 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/24 13:45:16 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\HJTInstall.exe
[2010/06/24 13:26:13 | 000,532,480 | ---- | C] (Trend Micro Incorporated) -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\cwshredder.exe
[2010/06/24 09:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/24 09:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2010/06/24 09:17:14 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\SpybotSD_1.6.2.exe
[2010/06/23 21:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2010/06/23 00:07:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Application Data\Malwarebytes
[2010/06/23 00:07:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/23 00:07:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/06/23 00:07:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/23 00:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/23 00:05:57 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\mbam-setup.exe
[2010/06/21 23:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Local Settings\Application Data\Threat Expert
[2010/06/21 22:52:21 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/06/21 22:52:20 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/06/21 22:52:20 | 001,652,664 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/06/21 22:52:20 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/06/21 22:52:15 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/06/21 22:52:10 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/06/21 22:52:10 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/06/21 22:52:02 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/06/21 22:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/21 22:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Application Data\PC Tools
[2010/06/21 22:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
[2010/06/21 22:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/06/21 12:08:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Local Settings\Application Data\hklspwwyc
[2010/06/09 23:06:10 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/06 23:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\Andrew
[2004/11/24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Steve Facey.PERSONAL-C78746\My Documents\*.tmp files -> C:\Documents and Settings\Steve Facey.PERSONAL-C78746\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/01 22:43:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\OTL.exe
[2010/07/01 22:06:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/01 21:25:01 | 000,050,257 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/01 21:24:27 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/01 21:24:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/01 21:24:14 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/01 21:23:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/29 13:51:57 | 061,482,731 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/28 22:18:21 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\ntuser.ini
[2010/06/28 22:18:20 | 011,010,048 | ---- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\ntuser.dat
[2010/06/24 23:02:10 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\gmer.zip
[2010/06/24 22:54:43 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\dds.scr
[2010/06/24 22:53:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\defogger_reenable
[2010/06/24 22:52:03 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\Defogger.exe
[2010/06/24 13:45:48 | 000,001,777 | ---- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\HijackThis.lnk
[2010/06/24 13:45:19 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\HJTInstall.exe
[2010/06/24 13:26:13 | 000,532,480 | ---- | M] (Trend Micro Incorporated) -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\cwshredder.exe
[2010/06/24 12:51:05 | 000,408,553 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/24 09:20:14 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\Spybot - Search & Destroy.lnk
[2010/06/24 09:17:14 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\SpybotSD_1.6.2.exe
[2010/06/23 21:49:31 | 000,000,055 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/06/23 08:42:41 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\rkill.com
[2010/06/23 00:07:39 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/23 00:05:57 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\mbam-setup.exe
[2010/06/22 22:52:17 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Local Settings\Application Data\housecall.guid.cache
[2010/06/22 21:37:17 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/22 16:57:37 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\Microsoft Word.lnk
[2010/06/21 22:52:06 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Spyware Doctor.lnk
[2010/06/10 11:20:17 | 000,113,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/09 23:33:03 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/08 03:16:01 | 000,763,832 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/08 01:21:02 | 001,652,664 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/06/06 22:55:23 | 000,286,652 | ---- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\interview_guide_987+yuiop.pdf
[2010/06/03 13:36:01 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/03 13:36:01 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/03 09:59:49 | 000,000,059 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2010/06/02 10:19:28 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Steve Facey.PERSONAL-C78746\My Documents\*.tmp files -> C:\Documents and Settings\Steve Facey.PERSONAL-C78746\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/24 23:04:21 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\gmer.exe
[2010/06/24 23:02:09 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\gmer.zip
[2010/06/24 22:54:43 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\dds.scr
[2010/06/24 22:53:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\defogger_reenable
[2010/06/24 22:52:01 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\Defogger.exe
[2010/06/24 13:45:47 | 000,001,777 | ---- | C] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\HijackThis.lnk
[2010/06/24 09:20:14 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\Spybot - Search & Destroy.lnk
[2010/06/23 08:42:07 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\rkill.com
[2010/06/23 00:07:39 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/22 22:52:17 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Local Settings\Application Data\housecall.guid.cache
[2010/06/21 22:52:21 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/06/21 22:52:21 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/06/21 22:52:21 | 000,763,832 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/21 22:52:21 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/06/21 22:52:21 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/06/21 22:52:21 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/06/21 22:52:15 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/06/21 22:52:10 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/06/21 22:52:06 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Spyware Doctor.lnk
[2010/06/21 22:52:02 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/06/06 22:55:10 | 000,286,652 | ---- | C] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\interview_guide_987+yuiop.pdf
[2009/12/12 18:38:08 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Easy Avi Divx Xvid to DVD Burner.INI
[2009/11/21 19:34:36 | 000,000,313 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/01/05 18:49:31 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/01/05 18:39:08 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/01/05 18:39:07 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/11/13 22:53:14 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/12/22 18:51:29 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2007/07/20 16:31:01 | 000,000,020 | ---- | C] () -- C:\WINDOWS\hppsapp.INI
[2007/01/14 17:47:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/10 13:04:43 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/01/05 15:30:50 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/12 21:44:33 | 000,000,055 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/12 21:07:07 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/12/12 21:07:07 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/12/12 18:53:27 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2006/12/03 22:50:12 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2006/12/03 22:00:44 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\hpgt21.dll
[2006/11/15 22:01:35 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/11/15 21:36:58 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/03/09 16:29:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/03/09 16:29:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/03/09 16:29:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/03/09 16:29:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/03/09 16:29:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/03/09 16:29:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/03/09 16:29:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/10/12 07:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004/10/12 07:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004/10/12 07:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004/10/09 07:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004/10/05 09:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004/10/03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2003/03/21 17:13:18 | 000,000,194 | -HS- | M] () -- C:\AUTOEXEC.BAK
[2006/12/03 22:11:45 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/12/03 22:03:19 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2003/03/21 17:43:44 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2003/03/09 13:34:06 | 001,642,528 | RH-- | M] () -- C:\CLASSES.1ST
[2006/12/12 17:49:57 | 000,006,251 | ---- | M] () -- C:\CLDMA.LOG
[2003/03/21 17:13:18 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/12/06 21:39:53 | 000,001,657 | ---- | M] () -- C:\dvdlog.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2004/12/10 19:21:23 | 536,403,968 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2000/06/08 18:00:00 | 000,110,080 | RHS- | M] () -- C:\IO.SYS
[2009/11/02 21:54:37 | 000,219,564 | ---- | M] () -- C:\khalinstall.log
[2007/11/21 23:15:40 | 000,000,000 | ---- | M] () -- C:\Log.txt
[2003/03/09 13:16:42 | 000,001,676 | RHS- | M] () -- C:\MSDOS.BAK
[2003/03/09 13:37:18 | 000,001,678 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/02/16 22:54:49 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/01 21:23:44 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2010/06/23 21:48:08 | 000,000,397 | ---- | M] () -- C:\rkill.log
[2005/12/06 14:48:06 | 000,001,184 | ---- | M] () -- C:\smitfiles.txt
[2009/12/13 19:54:57 | 000,036,405 | ---- | M] () -- C:\StarBurn.log
[2010/04/01 16:16:38 | 010,137,996 | ---- | M] () -- C:\stub.log
[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/12/03 21:54:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/12/03 21:54:14 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/12/03 21:54:14 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/06/03 13:36:01 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/06/03 13:36:01 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctplsg.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8
< End of report >



OTL Extras logfile created on: 01/07/2010 22:55:12 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 201.00 Mb Available Physical Memory | 39.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 45.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 26.66 Gb Free Space | 35.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 149.05 Gb Total Space | 97.47 Gb Free Space | 65.40% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PERSONAL-C78746
Current User Name: Steve Facey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"25128:TCP" = 25128:TCP:*:Enabled:BitComet 25128 TCP
"25128:UDP" = 25128:UDP:*:Enabled:BitComet 25128 UDP
"13386:TCP" = 13386:TCP:*:Enabled:BitComet 13386 TCP
"13386:UDP" = 13386:UDP:*:Enabled:BitComet 13386 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" = C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe:*:Enabled:Dr SpeedTouch -- ()
"C:\Program Files\Bit Lord 1.1\BitLord.exe" = C:\Program Files\Bit Lord 1.1\BitLord.exe:*:Enabled:BitLord -- File not found
"C:\WINDOWS\kdx\KHost.exe" = C:\WINDOWS\kdx\KHost.exe:*:Enabled:Delivery Manager -- (Kontiki Inc.)
"C:\Program Files\KService\KService.exe" = C:\Program Files\KService\KService.exe:*:Enabled:Delivery Manager Service -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager -- (Electronic Arts)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- File not found
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"E:\Setup\HPZnet01.exe" = E:\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in -- File not found
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40724630-C95F-449d-B71D-777CFDE9EA21}" = J5700
"{40BA976E-38B8-4C63-990C-50999C8C3521}" = BPD_Scan
"{413CEBC4-ABA1-4AC4-ADFB-69FA195F09AB}" = 7300_Help
"{41A96655-19FB-473c-AAB7-429E372527C8}" = ProductContext
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{5D0F0C1F-46B0-4AA2-B8DC-02E5FE777C19}" = 5700_Help
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{6314D540-E3C1-4F30-AEEB-4154C93375C3}" = HP Driver Diagnostics
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9EF5B77F-703E-4953-9DA9-186E28A62568}" = 7300Trb
"{A2CC286B-BFE9-4D1F-9EDA-AA3E8289CA12}" = BPDSoftware_Ini
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB8BDDBF-7965-4476-B9BC-ED8DFD603AA8}" = HP Officejet All-In-One Series
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ADBFF96D-EE54-46EA-A835-899955CDCFD8}" = 7300
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE325D55-FCAF-4273-BB79-069BB8747270}" = TomTom HOME
"{CE6D39E2-D4CB-4C49-ABD9-8724B095D1EF}" = Dr SpeedTouch
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Avance AC'97 Audio
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AddressBook" =
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Audacity_is1" = Audacity 1.2.6
"AVG9Uninstall" = AVG Free 9.0
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Belkin Range Extender" = Belkin Range Extender
"Branding" =
"Browser Defender_is1" = Browser Defender 2.0.6.15
"Connection Manager" =
"CoreVorbis Audio Decoder" = CoreVorbis Audio Decoder (remove only)
"DirectAnimation" =
"DirectDrawEx" =
"DivX Content Uploader" = DivX Content Uploader
"DXM_Runtime" =
"EADM" = EA Download Manager
"Easy Avi/Divx/Xvid to DVD Burner_is1" = Easy Avi/Divx/Xvid to DVD Burner 2.5.1
"ESET Online Scanner" = ESET Online Scanner v3
"Fontcore" =
"Game Cam" = Game Cam 2.2
"Guild Wars" = Guild Wars
"HighPoint ATA RAID Management Software" = HighPoint ATA RAID Management Software
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photo & Imaging" = HP Image Zone 4.7
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ICW" =
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IEData" =
"LHTTSENG" = L&H TTS3000 British English
"LHTTSFRF" = L&H TTS3000 Français
"LHTTSGED" = L&H TTS3000 Deutsch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MpcStar" = MpcStar 3.4
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Network Play System (Patching)" = Network Play System (Patching)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PC Pitstop Optimize_is1" = PC Pitstop Optimize 1.5
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995
"Spyware Doctor" = Spyware Doctor 7.0
"ST6UNST #1" = Year 7 German Vocab Revisor - LK Computers
"ST6UNST #2" = Year 7 French Vocab Revisor - LK Computers
"The Sims" = The Sims
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"Xvid_is1" = Xvid 1.1.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/06/2010 05:41:31 | Computer Name = PERSONAL-C78746 | Source = sdCoreService | ID = 0
Description =

Error - 25/06/2010 10:57:43 | Computer Name = PERSONAL-C78746 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10c.ocx, version 10.0.32.18, fault address 0x000e672a.

Error - 28/06/2010 15:10:26 | Computer Name = PERSONAL-C78746 | Source = Google Update | ID = 20
Description =

Error - 29/06/2010 08:48:01 | Computer Name = PERSONAL-C78746 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 29/06/2010 08:48:04 | Computer Name = PERSONAL-C78746 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 01/07/2010 06:38:12 | Computer Name = PERSONAL-C78746 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 01/07/2010 06:38:12 | Computer Name = PERSONAL-C78746 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 01/07/2010 16:43:33 | Computer Name = PERSONAL-C78746 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 01/07/2010 16:43:33 | Computer Name = PERSONAL-C78746 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 01/07/2010 17:53:50 | Computer Name = PERSONAL-C78746 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.7.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 01/07/2010 17:35:45 | Computer Name = PERSONAL-C78746 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.2.2
with the system having network hardware address 00:11:50:BA:74:29. Network operations
on this system may be disrupted as a result.

Error - 01/07/2010 17:35:45 | Computer Name = PERSONAL-C78746 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.2.2
with the system having network hardware address 00:11:50:BA:74:29. Network operations
on this system may be disrupted as a result.

Error - 01/07/2010 17:35:45 | Computer Name = PERSONAL-C78746 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.2.2
with the system having network hardware address 00:11:50:BA:74:29. Network operations
on this system may be disrupted as a result.

Error - 01/07/2010 17:35:45 | Computer Name = PERSONAL-C78746 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.2.2
with the system having network hardware address 00:11:50:BA:74:29. Network operations
on this system may be disrupted as a result.

Error - 01/07/2010 17:35:45 | Computer Name = PERSONAL-C78746 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.2.2
with the system having network hardware address 00:11:50:BA:74:29. Network operations
on this system may be disrupted as a result.

Error - 01/07/2010 17:35:45 | Computer Name = PERSONAL-C78746 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.2.2
with the system having network hardware address 00:11:50:BA:74:29. Network operations
on this system may be disrupted as a result.

Error - 01/07/2010 17:35:45 | Computer Name = PERSONAL-C78746 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.2.2
with the system having network hardware address 00:11:50:BA:74:29. Network operations
on this system may be disrupted as a result.

Error - 01/07/2010 17:35:45 | Computer Name = PERSONAL-C78746 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.2.2
with the system having network hardware address 00:11:50:BA:74:29. Network operations
on this system may be disrupted as a result.

Error - 01/07/2010 17:35:45 | Computer Name = PERSONAL-C78746 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.2.2
with the system having network hardware address 00:11:50:BA:74:29. Network operations
on this system may be disrupted as a result.

Error - 01/07/2010 17:35:45 | Computer Name = PERSONAL-C78746 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.2.2
with the system having network hardware address 00:11:50:BA:74:29. Network operations
on this system may be disrupted as a result.


< End of report >


#4 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:24 AM

Posted 02 July 2010 - 01:40 AM

Hi there,

Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#5 bobsyouruncle

bobsyouruncle
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 02 July 2010 - 01:27 PM

Hi Again,

Here is the TDSSkiller log.

18:15:20:062 2944 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
18:15:20:062 2944 ================================================================================
18:15:20:062 2944 SystemInfo:

18:15:20:062 2944 OS Version: 5.1.2600 ServicePack: 3.0
18:15:20:062 2944 Product type: Workstation
18:15:20:062 2944 ComputerName: PERSONAL-C78746
18:15:20:171 2944 UserName: Steve Facey
18:15:20:171 2944 Windows directory: C:\WINDOWS
18:15:20:171 2944 System windows directory: C:\WINDOWS
18:15:20:171 2944 Processor architecture: Intel x86
18:15:20:171 2944 Number of processors: 1
18:15:20:171 2944 Page size: 0x1000
18:15:20:234 2944 Boot type: Normal boot
18:15:20:234 2944 ================================================================================
18:15:22:906 2944 Initialize success
18:15:22:906 2944
18:15:22:906 2944 Scanning Services ...
18:15:23:953 2944 Raw services enum returned 329 services
18:15:23:968 2944
18:15:23:968 2944 Scanning Drivers ...
18:15:28:468 2944 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:15:28:765 2944 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:15:29:015 2944 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:15:29:171 2944 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
18:15:29:578 2944 alcan5wn (0940030d5a5869067ccc03e3b0b8dec7) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
18:15:29:843 2944 alcaudsl (4c9577888c53243e2991456f510488a1) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
18:15:30:140 2944 ALCXWDM (7bfe59f5eff8896d043cfde731b262e9) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
18:15:30:921 2944 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
18:15:31:312 2944 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:15:31:578 2944 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:15:31:781 2944 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:15:32:062 2944 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:15:32:281 2944 AvgLdx86 (9c0a7e6d3cb9a8a7ad4e4575d9a42e94) C:\WINDOWS\System32\Drivers\avgldx86.sys
18:15:32:500 2944 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
18:15:32:703 2944 AvgTdiX (6e11bbc8dc5af836adc9c5f682fa3186) C:\WINDOWS\System32\Drivers\avgtdix.sys
18:15:32:859 2944 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:15:33:093 2944 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:15:33:375 2944 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:15:33:578 2944 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:15:33:812 2944 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:15:34:312 2944 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:15:34:609 2944 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:15:34:968 2944 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:15:35:187 2944 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:15:35:453 2944 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:15:35:656 2944 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:15:35:859 2944 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:15:36:093 2944 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:15:36:312 2944 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
18:15:36:531 2944 FETNDIS (585b9c652299caf0128fbe598e29bb7e) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
18:15:36:781 2944 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:15:37:015 2944 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:15:37:281 2944 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:15:37:640 2944 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:15:37:828 2944 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:15:38:062 2944 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
18:15:38:281 2944 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:15:38:468 2944 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:15:38:765 2944 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:15:39:000 2944 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:15:39:281 2944 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:15:39:515 2944 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:15:39:796 2944 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:15:40:046 2944 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:15:40:437 2944 InCDfs (77863b1e6930027298627050cfdc4f80) C:\WINDOWS\system32\drivers\InCDfs.sys
18:15:40:687 2944 InCDPass (dd4a86c47afeb6a608366e01366519fb) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
18:15:40:953 2944 InCDrec (23fae379ca21f0af6dca78a83805d761) C:\WINDOWS\system32\drivers\InCDrec.sys
18:15:41:203 2944 incdrm (c725df8bb771ad5a5868aeee37a9322c) C:\WINDOWS\system32\drivers\incdrm.sys
18:15:41:546 2944 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:15:41:812 2944 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:15:42:046 2944 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:15:42:484 2944 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:15:42:875 2944 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:15:43:515 2944 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:15:44:109 2944 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:15:44:531 2944 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:15:45:250 2944 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:15:46:109 2944 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
18:15:46:640 2944 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:15:47:000 2944 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:15:47:343 2944 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
18:15:47:609 2944 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
18:15:47:765 2944 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
18:15:47:906 2944 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
18:15:48:328 2944 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:15:48:921 2944 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:15:49:187 2944 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:15:49:578 2944 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:15:49:906 2944 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:15:50:234 2944 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:15:50:437 2944 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:15:50:750 2944 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:15:51:031 2944 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:15:51:281 2944 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:15:51:609 2944 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:15:51:875 2944 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:15:52:156 2944 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
18:15:52:484 2944 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:15:52:796 2944 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:15:53:109 2944 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:15:53:312 2944 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:15:53:625 2944 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
18:15:53:828 2944 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:15:54:125 2944 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:15:54:343 2944 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:15:54:656 2944 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:15:55:093 2944 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:15:55:609 2944 nv (29b9163a6d9c486dcaefed190130acb0) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:15:56:250 2944 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:15:56:484 2944 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:15:57:015 2944 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:15:57:406 2944 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:15:57:687 2944 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:15:57:828 2944 PCI (ce6c5cf89d31ca0c072cc88fd2b845f1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:15:57:828 2944 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pci.sys. Real md5: ce6c5cf89d31ca0c072cc88fd2b845f1, Fake md5: a219903ccf74233761d92bef471a07b1
18:15:57:828 2944 File "C:\WINDOWS\system32\DRIVERS\pci.sys" infected by TDSS rootkit ... 18:16:07:187 2944 Backup copy not found, trying to cure infected file..
18:16:07:187 2944 Cure success, using it..
18:16:07:218 2944 will be cured on next reboot
18:16:08:000 2944 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:16:08:359 2944 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys
18:16:09:296 2944 Point32 (b4f59a953ef9e507f0d00c3a68580b8b) C:\WINDOWS\system32\DRIVERS\point32.sys
18:16:09:906 2944 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:16:10:203 2944 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:16:10:921 2944 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:16:11:390 2944 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:16:11:718 2944 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:16:11:921 2944 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:16:12:203 2944 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:16:12:515 2944 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:16:12:796 2944 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:16:13:187 2944 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
18:16:13:500 2944 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:16:13:734 2944 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:16:13:875 2944 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:16:14:281 2944 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:16:14:562 2944 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:16:15:390 2944 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:16:15:625 2944 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:16:16:156 2944 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
18:16:16:625 2944 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:16:17:046 2944 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:16:17:578 2944 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:16:17:859 2944 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:16:18:500 2944 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:16:18:812 2944 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:16:19:171 2944 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:16:20:046 2944 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
18:16:20:359 2944 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:16:21:062 2944 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:16:21:656 2944 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:16:22:140 2944 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:16:22:500 2944 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:16:23:015 2944 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:16:23:437 2944 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:16:23:765 2944 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:16:24:125 2944 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:16:24:578 2944 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:16:24:906 2944 viaagp1 (f76ea9ae8d32ec50159795d29674465e) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
18:16:25:359 2944 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:16:25:671 2944 VIAPFD (662626bccf060f2f4b6d5af7ac121ff5) C:\WINDOWS\System32\Drivers\VIAPFD.SYS
18:16:26:109 2944 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:16:26:640 2944 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:16:27:046 2944 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:16:27:750 2944 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:16:28:062 2944 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:16:28:546 2944 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:16:28:890 2944 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:16:29:484 2944 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:16:29:687 2944 Reboot required for cure complete..
18:16:30:906 2944 Cure on reboot scheduled successfully
18:16:30:906 2944
18:16:30:906 2944 Completed
18:16:30:906 2944
18:16:30:906 2944 Results:
18:16:30:906 2944 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
18:16:30:906 2944 File objects infected / cured / cured on reboot: 1 / 0 / 1
18:16:30:906 2944
18:16:30:937 2944 KLMD(ARK) unloaded successfully


#6 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:24 AM

Posted 02 July 2010 - 02:33 PM

Hi there,

Try searching on Google and let me know if you have any redirects.

STEP 1 - TFC

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
STEP 2 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.



  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following log:
  • MBAM Log
  • Kaspersky Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#7 bobsyouruncle

bobsyouruncle
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 04 July 2010 - 03:20 PM

Hi,

I am not getting redirects anymore, here is the MBAM log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4273

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03/07/2010 23:41:10
mbam-log-2010-07-03 (23-41-10).txt

Scan type: Quick scan
Objects scanned: 179006
Time elapsed: 19 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I tried running Kaspersky several times and the scanner kept hanging up. The scanner takes hours and I tried it 3 times with no luck, the first time it hung up I got a message that I was running out of virtual memory.

#8 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:24 AM

Posted 04 July 2010 - 04:03 PM

Hi there,

I'll give you another program to try instead. This scan may take a while.

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.
alternate download link
Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the anti-virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#9 bobsyouruncle

bobsyouruncle
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 06 July 2010 - 05:48 AM

Hi Again,

Here is the DrWeb.cvs report

RegUBP2b-Steve Facey.reg;C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
drstguimanager.dll;C:\Program Files\SpeedTouch\Dr SpeedTouch;Trojan.DownLoader1.8768;Deleted.;
A0223274.reg;C:\System Volume Information\_restore{BBD474A6-E054-43BD-8245-184BD2DC09BB}\RP1050;Trojan.StartPage.1505;Deleted.;
A0223275.dll;C:\System Volume Information\_restore{BBD474A6-E054-43BD-8245-184BD2DC09BB}\RP1050;Trojan.DownLoader1.8768;Deleted.;
A0046659.exe/cnbabeie.exe\winnet.exe;C:\System Volume Information\_restore{F0A7FAC3-D7FA-4A88-AC22-CB870856A7EE}\RP335\A0046659.exe/cnbabeie.exe;Adware.CommonName;;
A0046659.exe/cnbabeie.exe\_;C:\System Volume Information\_restore{F0A7FAC3-D7FA-4A88-AC22-CB870856A7EE}\RP335\A0046659.exe/cnbabeie.exe;Adware.CommonName;;
cnbabeie.exe;C:\System Volume Information\_restore{F0A7FAC3-D7FA-4A88-AC22-CB870856A7EE}\RP335;Container contains infected objects;;
A0046659.exe/setup.exe\Files/IEDRIVER.EXE;C:\System Volume Information\_restore{F0A7FAC3-D7FA-4A88-AC22-CB870856A7EE}\RP335\A0046659.exe/setup.exe;Trojan.IEDriverAd;;
A0046659.exe/setup.exe\Files/IEUPDATE.EXE;C:\System Volume Information\_restore{F0A7FAC3-D7FA-4A88-AC22-CB870856A7EE}\RP335\A0046659.exe/setup.exe;Adware.IEDriver;;
setup.exe;C:\System Volume Information\_restore{F0A7FAC3-D7FA-4A88-AC22-CB870856A7EE}\RP335;Archive contains infected objects;;
A0046659.exe;C:\System Volume Information\_restore{F0A7FAC3-D7FA-4A88-AC22-CB870856A7EE}\RP335;Container contains infected objects;Moved.;


#10 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:24 AM

Posted 06 July 2010 - 11:51 AM

Hi there,

Nothing to be concerned about there, are you still having any problems?

Open up OTL and push the Quickscan button. Post the resulting log here.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#11 bobsyouruncle

bobsyouruncle
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 10 July 2010 - 04:27 AM

Hi Again,

My computer seems to running fine.

Here are the OTL logs:

OTL logfile created on: 08/07/2010 22:52:01 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 125.00 Mb Available Physical Memory | 25.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 27.29 Gb Free Space | 36.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 149.05 Gb Total Space | 97.47 Gb Free Space | 65.40% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PERSONAL-C78746
Current User Name: Steve Facey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)
PRC - C:\WINDOWS\kdx\KHost.exe (Kontiki Inc.)
PRC - C:\Program Files\TomTom HOME\TomTomHOME.exe (TomTom)
PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
PRC - C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe (THOMSON Telecom Belgium)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Avance Logic, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (KService) -- File not found
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (InCDsrv) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)


========== Driver Services (SafeList) ==========

DRV - (PCI) -- C:\WINDOWS\system32\DRIVERS\pci.sys ()
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Nero AG)
DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDrm.sys (Nero AG)
DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)
DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)
DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (ALCXWDM) Service for Avance AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Avance Logic, Inc.)
DRV - (VIAPFD) -- C:\WINDOWS\System32\Drivers\VIAPFD.SYS (VIA Technologies. Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 49 63 76 5D 19 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555



O1 HOSTS File: ([2010/06/24 12:51:05 | 000,408,553 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14129 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe (HP)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe (PC Pitstop, LLC.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Avance Logic, Inc.)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME\TomTomHOME.exe (TomTom)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [STManager] C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe ()
O4 - HKLM..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/0/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab (TraderMediaImgX Control)
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_6.cab (FixController Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1165183066869 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/03/21 17:13:18 | 000,000,194 | -HS- | M] () - C:\AUTOEXEC.BAK -- [ NTFS ]
O32 - AutoRun File - [2006/12/03 22:11:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f6ff5a00-595e-11dc-924e-00508d49851c}\Shell\AutoRun\command - "" = G:\RECYCLER\recycld.exe -- File not found
O33 - MountPoints2\{f6ff5a00-595e-11dc-924e-00508d49851c}\Shell\open\command - "" = G:\RECYCLER\recycld.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/05 17:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\DoctorWeb
[2010/07/05 17:42:37 | 061,192,752 | ---- | C] (Doctor Web, Ltd. ) -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\drweb-600-win-x86.exe
[2010/07/03 22:56:53 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\TFC.exe
[2010/07/02 18:13:30 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\TDSSKiller.exe
[2010/07/01 23:37:16 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/07/01 22:43:54 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\OTL.exe
[2010/06/24 13:45:41 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/24 09:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/24 09:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2010/06/23 21:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2010/06/23 00:07:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Application Data\Malwarebytes
[2010/06/23 00:07:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/23 00:07:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/06/23 00:07:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/23 00:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/21 23:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Local Settings\Application Data\Threat Expert
[2010/06/21 22:52:21 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/06/21 22:52:20 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/06/21 22:52:20 | 001,652,664 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/06/21 22:52:20 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/06/21 22:52:15 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/06/21 22:52:10 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/06/21 22:52:10 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/06/21 22:52:02 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/06/21 22:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/21 22:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Application Data\PC Tools
[2010/06/21 22:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
[2010/06/21 22:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/06/21 12:08:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Local Settings\Application Data\hklspwwyc
[2010/06/06 23:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\Andrew
[2004/11/24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[1 C:\Documents and Settings\Steve Facey.PERSONAL-C78746\My Documents\*.tmp files -> C:\Documents and Settings\Steve Facey.PERSONAL-C78746\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/08 23:06:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/08 22:37:14 | 000,050,257 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/08 22:36:38 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/08 22:36:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/08 22:36:26 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/08 22:36:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/08 12:56:31 | 061,755,599 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/07 23:04:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\ntuser.ini
[2010/07/07 23:04:13 | 011,010,048 | ---- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\ntuser.dat
[2010/07/07 22:35:34 | 000,743,936 | ---- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\revised settings - children.xls
[2010/07/07 22:17:21 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\Microsoft Word.lnk
[2010/07/06 11:15:02 | 000,001,572 | ---- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\DrWeb.csv
[2010/07/05 17:42:40 | 061,192,752 | ---- | M] (Doctor Web, Ltd. ) -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\drweb-600-win-x86.exe
[2010/07/05 17:17:00 | 042,730,616 | ---- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\4k8t247w.exe
[2010/07/05 15:34:29 | 000,000,059 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2010/07/03 22:56:53 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\TFC.exe
[2010/07/02 18:19:46 | 000,068,224 | ---- | M] () -- C:\WINDOWS\System32\drivers\pci.sys
[2010/07/02 18:11:48 | 000,981,780 | ---- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\tdsskiller.zip
[2010/07/01 22:43:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\OTL.exe
[2010/06/30 17:25:08 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\TDSSKiller.exe
[2010/06/24 22:54:43 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\dds.scr
[2010/06/24 22:53:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\defogger_reenable
[2010/06/24 22:52:03 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\Defogger.exe
[2010/06/24 13:45:48 | 000,001,777 | ---- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\HijackThis.lnk
[2010/06/24 12:51:05 | 000,408,553 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/24 09:20:14 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\Spybot - Search & Destroy.lnk
[2010/06/23 21:49:31 | 000,000,055 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/06/23 08:42:41 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\rkill.com
[2010/06/23 00:07:39 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/22 22:52:17 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Local Settings\Application Data\housecall.guid.cache
[2010/06/22 21:37:17 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/21 22:52:06 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Spyware Doctor.lnk
[2010/06/10 11:20:17 | 000,113,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/09 23:33:03 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/08 03:16:01 | 000,763,832 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/08 01:21:02 | 001,652,664 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/06/06 22:55:23 | 000,286,652 | ---- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\interview_guide_987+yuiop.pdf
[2010/06/03 13:36:01 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/03 13:36:01 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/02 10:19:28 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[2010/05/04 19:55:37 | 000,004,295 | ---- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\user.conf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/14 17:06:47 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\My Documents\soldier essay.doc
[2010/04/14 17:06:47 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\My Documents\~$ldier essay.doc
[2010/04/12 23:01:18 | 000,109,568 | ---- | M] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Documents and Settings\Steve Facey.PERSONAL-C78746\My Documents\*.tmp files -> C:\Documents and Settings\Steve Facey.PERSONAL-C78746\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/07 22:35:24 | 000,743,936 | ---- | C] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\revised settings - children.xls
[2010/07/06 11:15:02 | 000,001,572 | ---- | C] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\DrWeb.csv
[2010/07/05 17:16:46 | 042,730,616 | ---- | C] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\4k8t247w.exe
[2010/07/02 18:11:40 | 000,981,780 | ---- | C] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\tdsskiller.zip
[2010/06/24 23:04:21 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\gmer.exe
[2010/06/24 22:54:43 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\dds.scr
[2010/06/24 22:53:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\defogger_reenable
[2010/06/24 22:52:01 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\Defogger.exe
[2010/06/24 13:45:47 | 000,001,777 | ---- | C] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\HijackThis.lnk
[2010/06/24 09:20:14 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\Spybot - Search & Destroy.lnk
[2010/06/23 08:42:07 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\rkill.com
[2010/06/23 00:07:39 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/22 22:52:17 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Local Settings\Application Data\housecall.guid.cache
[2010/06/21 22:52:21 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/06/21 22:52:21 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/06/21 22:52:21 | 000,763,832 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/21 22:52:21 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/06/21 22:52:21 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/06/21 22:52:21 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/06/21 22:52:15 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/06/21 22:52:10 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/06/21 22:52:06 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Spyware Doctor.lnk
[2010/06/21 22:52:02 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/06/06 22:55:10 | 000,286,652 | ---- | C] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\interview_guide_987+yuiop.pdf
[2010/05/04 19:55:37 | 000,004,295 | ---- | C] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop\user.conf
[2010/04/14 17:06:47 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\My Documents\~$ldier essay.doc
[2010/04/14 17:06:45 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\My Documents\soldier essay.doc
[2009/12/12 18:38:08 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Easy Avi Divx Xvid to DVD Burner.INI
[2009/11/21 19:34:36 | 000,000,313 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/01/05 18:49:31 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/01/05 18:39:08 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/01/05 18:39:07 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/11/13 22:53:14 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/12/22 18:51:29 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2007/07/20 16:31:01 | 000,000,020 | ---- | C] () -- C:\WINDOWS\hppsapp.INI
[2007/01/14 17:47:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/10 13:04:43 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/01/05 15:30:50 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/12 21:44:33 | 000,000,055 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/12 21:07:07 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/12/12 21:07:07 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/12/12 18:53:27 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2006/12/03 22:50:12 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2006/12/03 22:00:44 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\hpgt21.dll
[2006/11/15 22:01:35 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/11/15 21:36:58 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/03/09 16:29:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/03/09 16:29:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/03/09 16:29:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/03/09 16:29:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/03/09 16:29:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/03/09 16:29:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/03/09 16:29:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/10/12 07:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004/10/12 07:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004/10/12 07:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004/10/09 07:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004/10/05 09:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004/10/03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/08/04 13:00:00 | 000,068,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\pci.sys
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== LOP Check ==========

[2010/03/14 01:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
[2009/12/04 03:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2009/02/01 10:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Electronic Arts
[2009/04/25 16:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
[2010/07/05 15:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\pdf995
[2010/07/08 22:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2007/03/02 11:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TomTom
[2009/12/16 00:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/06/26 09:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Application Data\Image Zone Express
[2007/08/31 19:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Application Data\Kontiki
[2009/11/02 22:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Application Data\Leadertech
[2009/05/07 10:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Application Data\LimeWire
[2006/12/06 21:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Application Data\MailWasherPro
[2009/01/05 18:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Application Data\pdf995
[2008/06/26 09:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Application Data\Printer Info Cache
[2008/09/20 17:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Application Data\SPORE
[2009/02/25 18:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Application Data\TigerPlayer
[2010/06/24 22:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Application Data\Tyfyza
[2010/05/29 13:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Application Data\uTorrent
[2010/06/24 16:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Application Data\Xave

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8
< End of report >



OTL Extras logfile created on: 08/07/2010 22:52:02 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 125.00 Mb Available Physical Memory | 25.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 27.29 Gb Free Space | 36.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 149.05 Gb Total Space | 97.47 Gb Free Space | 65.40% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PERSONAL-C78746
Current User Name: Steve Facey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"25128:TCP" = 25128:TCP:*:Enabled:BitComet 25128 TCP
"25128:UDP" = 25128:UDP:*:Enabled:BitComet 25128 UDP
"13386:TCP" = 13386:TCP:*:Enabled:BitComet 13386 TCP
"13386:UDP" = 13386:UDP:*:Enabled:BitComet 13386 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" = C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe:*:Enabled:Dr SpeedTouch -- ()
"C:\Program Files\Bit Lord 1.1\BitLord.exe" = C:\Program Files\Bit Lord 1.1\BitLord.exe:*:Enabled:BitLord -- File not found
"C:\WINDOWS\kdx\KHost.exe" = C:\WINDOWS\kdx\KHost.exe:*:Enabled:Delivery Manager -- (Kontiki Inc.)
"C:\Program Files\KService\KService.exe" = C:\Program Files\KService\KService.exe:*:Enabled:Delivery Manager Service -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager -- (Electronic Arts)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- File not found
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"E:\Setup\HPZnet01.exe" = E:\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in -- File not found
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40724630-C95F-449d-B71D-777CFDE9EA21}" = J5700
"{40BA976E-38B8-4C63-990C-50999C8C3521}" = BPD_Scan
"{413CEBC4-ABA1-4AC4-ADFB-69FA195F09AB}" = 7300_Help
"{41A96655-19FB-473c-AAB7-429E372527C8}" = ProductContext
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{5D0F0C1F-46B0-4AA2-B8DC-02E5FE777C19}" = 5700_Help
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{6314D540-E3C1-4F30-AEEB-4154C93375C3}" = HP Driver Diagnostics
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9EF5B77F-703E-4953-9DA9-186E28A62568}" = 7300Trb
"{A2CC286B-BFE9-4D1F-9EDA-AA3E8289CA12}" = BPDSoftware_Ini
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB8BDDBF-7965-4476-B9BC-ED8DFD603AA8}" = HP Officejet All-In-One Series
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ADBFF96D-EE54-46EA-A835-899955CDCFD8}" = 7300
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE325D55-FCAF-4273-BB79-069BB8747270}" = TomTom HOME
"{CE6D39E2-D4CB-4C49-ABD9-8724B095D1EF}" = Dr SpeedTouch
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Avance AC'97 Audio
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AddressBook" =
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Audacity_is1" = Audacity 1.2.6
"AVG9Uninstall" = AVG Free 9.0
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Belkin Range Extender" = Belkin Range Extender
"Branding" =
"Browser Defender_is1" = Browser Defender 2.0.6.15
"Connection Manager" =
"CoreVorbis Audio Decoder" = CoreVorbis Audio Decoder (remove only)
"DirectAnimation" =
"DirectDrawEx" =
"DivX Content Uploader" = DivX Content Uploader
"DXM_Runtime" =
"EADM" = EA Download Manager
"Easy Avi/Divx/Xvid to DVD Burner_is1" = Easy Avi/Divx/Xvid to DVD Burner 2.5.1
"ESET Online Scanner" = ESET Online Scanner v3
"Fontcore" =
"Game Cam" = Game Cam 2.2
"Guild Wars" = Guild Wars
"HighPoint ATA RAID Management Software" = HighPoint ATA RAID Management Software
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photo & Imaging" = HP Image Zone 4.7
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ICW" =
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IEData" =
"LHTTSENG" = L&H TTS3000 British English
"LHTTSFRF" = L&H TTS3000 Français
"LHTTSGED" = L&H TTS3000 Deutsch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MpcStar" = MpcStar 3.4
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Network Play System (Patching)" = Network Play System (Patching)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PC Pitstop Optimize_is1" = PC Pitstop Optimize 1.5
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995
"Spyware Doctor" = Spyware Doctor 7.0
"ST6UNST #1" = Year 7 German Vocab Revisor - LK Computers
"ST6UNST #2" = Year 7 French Vocab Revisor - LK Computers
"The Sims" = The Sims
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"Xvid_is1" = Xvid 1.1.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/07/2010 17:18:26 | Computer Name = PERSONAL-C78746 | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application excel.exe, version 10.0.2614.0, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x000108d3.

Error - 07/07/2010 17:19:55 | Computer Name = PERSONAL-C78746 | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application excel.exe, version 10.0.2614.0, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x000108d3.

Error - 07/07/2010 17:20:33 | Computer Name = PERSONAL-C78746 | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application excel.exe, version 10.0.2614.0, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x000108d3.

Error - 07/07/2010 17:21:40 | Computer Name = PERSONAL-C78746 | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application excel.exe, version 10.0.2614.0, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x000108d3.

Error - 07/07/2010 17:21:45 | Computer Name = PERSONAL-C78746 | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application excel.exe, version 10.0.2614.0, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x000108d3.

Error - 07/07/2010 17:22:00 | Computer Name = PERSONAL-C78746 | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application excel.exe, version 10.0.2614.0, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x000108d3.

Error - 07/07/2010 17:32:28 | Computer Name = PERSONAL-C78746 | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application excel.exe, version 10.0.2614.0, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x000108d3.

Error - 07/07/2010 17:35:41 | Computer Name = PERSONAL-C78746 | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application excel.exe, version 10.0.2614.0, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x000108d3.

Error - 08/07/2010 07:46:41 | Computer Name = PERSONAL-C78746 | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 08/07/2010 07:55:33 | Computer Name = PERSONAL-C78746 | Source = Application Error | ID = 1000
Description = Faulting application hpwucli.exe, version 5.0.8.1, faulting module
hpwucli.exe, version 5.0.8.1, fault address 0x000045ea.

[ System Events ]
Error - 08/07/2010 07:47:42 | Computer Name = PERSONAL-C78746 | Source = Service Control Manager | ID = 7000
Description = The WMI Performance Adapter service failed to start due to the following
error: %%1053

Error - 08/07/2010 17:36:25 | Computer Name = PERSONAL-C78746 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 00508D49851C has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 08/07/2010 17:37:31 | Computer Name = PERSONAL-C78746 | Source = Service Control Manager | ID = 7000
Description = The KService service failed to start due to the following error: %%2

Error - 08/07/2010 17:39:09 | Computer Name = PERSONAL-C78746 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 08/07/2010 17:40:25 | Computer Name = PERSONAL-C78746 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 08/07/2010 17:40:32 | Computer Name = PERSONAL-C78746 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 08/07/2010 17:40:32 | Computer Name = PERSONAL-C78746 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 08/07/2010 17:43:10 | Computer Name = PERSONAL-C78746 | Source = Service Control Manager | ID = 7023
Description = The iPod Service service terminated with the following error: %%2147549465

Error - 08/07/2010 17:43:24 | Computer Name = PERSONAL-C78746 | Source = DCOM | ID = 10010
Description = The server {063D34A4-BF84-4B8D-B699-E8CA06504DDE} did not register
with DCOM within the required timeout.

Error - 08/07/2010 17:44:05 | Computer Name = PERSONAL-C78746 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.4 for the Network Card with network
address 00508D49851C has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >


#12 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:24 AM

Posted 10 July 2010 - 09:51 AM

Hi there,

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    CODE
    :OTL
    [2010/06/21 12:08:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Local Settings\Application Data\hklspwwyc
    [2010/06/24 22:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Facey.PERSONAL-C78746\Application Data\Tyfyza

    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.

Other than that, everything looks good. smile.gif

Now that your system appears to be clean, I'll give you some instructions to remove the tools we have used and I'll offer some advice to help prevent future infection.

STEP 1 - Clear Restore Points

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :Commands
    [CLEARALLRESTOREPOINTS]

  • Then click the Run Fix button at the top.
STEP 2 - Remove Tools

Run OTL
  • Click Clean Up in the upper right corner.
  • This will remove most if not all the tools we used while we were fixing your computer. Feel free to delete any others it leaves behind.
Now that you have a clean system, I would like to share with you some advice to help reduce the risk of future infection.

+++++++++++++++++++++++++++++++++++++++++++++++

I recommend that you install both of the following free programs if you haven''t already, as they can greatly increase the security of your system. It is not essential that you have these programs installed, but they do a very good job at preventing infection if your system is scanned regularly.+++++++++++++++++++++++++++++++++++++++++++++++

A good firewall is also useful for keeping a system infection free. You should only have ONE firewall installed on your computer - having more than one will not increase the security of your system. Here is a small list of some free firewallsAn antivirus program is also a program that should be installed on all computers. These will help reduce the risk that your computer gets infected by viruses or trojans in the future. Keep in mind that you only need ONE antivirus program installed on your computer. If you have more than one installed, they can often conflict and leave your system unprotected.Having up to date Antivirus and Firewall software is vital to keeping a healthy, infection free system

+++++++++++++++++++++++++++++++++++++++++++++++

To find out more information on how your system got infected, or how to protect yourself on the internet in the future, this article by Tony Klein provides some great information.

Good luck and safe surfing!

-mpascal

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#13 bobsyouruncle

bobsyouruncle
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 10 July 2010 - 05:34 PM

Thank you very much for your time and your help. Without your help I would not have been able to get this sorted.

Regards,

Bobsyouruncle.

thumbup2.gif

#14 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:24 AM

Posted 11 July 2010 - 02:22 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users