Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirection ans unwanted popups


  • This topic is locked This topic is locked
22 replies to this topic

#1 Gingerswine

Gingerswine

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 17 July 2010 - 04:04 PM

I have a virus / malware that is redirecting to incorrect websites (sometimes) when clicking on search results in Google. This only seems to affect one of the two users on my PC. However both users are suffering from the occassional unwanted Explorer windows which pops up - advertsing various things. I have tried to remove the problem by :- starting XP in safe Mode, running Advanced System Care, Malwarebytes Anti Malware, Spybot Search & Destroy and AVG Anti Virus. Although problems are found which these programs say are fixed the problems reoccur immediately after rebooting the PC.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Caroline at 17:34:23.79 on 15/07/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.304 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Ralink\Common\RaRegistry.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\EMC\Keyboard Application\1.2\EMCKBAPP.exe
C:\Program Files\Trust\305KS\Keyboard\KbdAp32A.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ralink\Common\RaUI.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Caroline\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://skyid.sky.com/signin/email/
mStart Page = hxxp://search.myheritage.com
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uWinlogon: Shell=explorer.exe,c:\documents and settings\caroline\application data\ufxw.exe
BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\family toolbar\tbcore3.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Family Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\family toolbar\tbcore3.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus D68 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /M "Stylus D68" /EF "HKCU"
uRun: [EPSON SX210 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifde.exe /fu "c:\windows\temp\E_S8B.tmp" /EF "HKCU"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [FLMK08KB] c:\program files\trust\305ks\keyboard\MMKEYBD.EXE
mRun: [EPSON Stylus D68 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
mRun: [Family Tree Builder Update] c:\program files\myheritage\bin\FTBCheckUpdates.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [EMCKEYBOARD] c:\program files\emc\keyboard application\1.2\EMCKBAPP.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\caroline\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\caroline\startm~1\programs\startup\remind~1.lnk - c:\program files\textbridge pro 9.0\bin\ereg\Remind32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253299471062
DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} - hxxps://go.girlguiding.org.uk/crystalreportviewers115/ActiveXControls/ActiveXViewer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-18 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-18 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-18 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-13 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-13 308064]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RaRegistry.exe [2009-12-31 185632]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [2009-12-31 19072]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-12-31 722432]
S3 magpsc;magpsc;c:\windows\system32\drivers\magpsc.sys [2010-3-7 53719]

=============== Created Last 30 ================

2010-07-15 16:32:31 0 ----a-w- c:\documents and settings\caroline\defogger_reenable
2010-07-14 14:18:23 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-07-14 14:18:23 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-07-14 14:18:23 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-07-14 14:18:23 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-07-14 14:18:19 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-07-14 14:18:18 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-06-24 10:10:24 0 d-----w- c:\docume~1\caroline\applic~1\IObit

==================== Find3M ====================

2010-06-03 08:19:18 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-09-18 20:07:25 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009091820090919\index.dat

============= FINISH: 17:36:03.92 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 IndiGenus

IndiGenus

    Anti-Malware Buddha


  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 PM

Posted 23 July 2010 - 05:26 PM

Hello Gingerswine and welcome to the forums here at BC.

welcome.gif

Sorry for the delay in getting to you here.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#3 Gingerswine

Gingerswine
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 25 July 2010 - 01:45 PM

Thanks for finding the time to respond to my post. Please find attached the results of the ComboFix run.

Thanks

Attached Files



#4 IndiGenus

IndiGenus

    Anti-Malware Buddha


  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 PM

Posted 25 July 2010 - 03:24 PM

Looks like a proxy may be set.

Open Internet Explorer
  • Click Tools then select Internet Options
  • Click on the connections tab and click the Lan Settings button at bottom
  • Uncheck Use a Proxy server for your LAN
  • Click Ok to close the Local Area Network (LAN) Settings window.
  • Click Ok to close the Internet Options window.


+++++++++++++++++++++++

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.




  • If an infected file is detected, the default action will be Cure, click on Continue.




  • If a suspicious file is detected, the default action will be Skip, click on Continue.




  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Let me know how it's running now too please.
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#5 Gingerswine

Gingerswine
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 26 July 2010 - 12:41 PM

Hi and thanks for the reply.

The proxy setting was already UNCHECKED when I looked so I have left it as it was.

The PC seems to be running OK now and currently the Google redirection and unwanted popups appear to have disappeared. I've run the TDSSKiller program as requested and have pasted the resluts below.

Thanks

2010/07/26 18:36:23.0812 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49
2010/07/26 18:36:23.0812 ================================================================================
2010/07/26 18:36:23.0812 SystemInfo:
2010/07/26 18:36:23.0812
2010/07/26 18:36:23.0812 OS Version: 5.1.2600 ServicePack: 3.0
2010/07/26 18:36:23.0812 Product type: Workstation
2010/07/26 18:36:23.0812 ComputerName: MAIN-250855BBDE
2010/07/26 18:36:23.0812 UserName: Caroline
2010/07/26 18:36:23.0812 Windows directory: C:\WINDOWS
2010/07/26 18:36:23.0812 System windows directory: C:\WINDOWS
2010/07/26 18:36:23.0812 Processor architecture: Intel x86
2010/07/26 18:36:23.0812 Number of processors: 1
2010/07/26 18:36:23.0812 Page size: 0x1000
2010/07/26 18:36:23.0812 Boot type: Normal boot
2010/07/26 18:36:23.0812 ================================================================================
2010/07/26 18:36:24.0562 Initialize success
2010/07/26 18:36:27.0437 ================================================================================
2010/07/26 18:36:27.0437 Scan started
2010/07/26 18:36:27.0437 Mode: Manual;
2010/07/26 18:36:27.0437 ================================================================================
2010/07/26 18:36:28.0890 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/07/26 18:36:29.0062 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/07/26 18:36:29.0218 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/07/26 18:36:29.0390 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/07/26 18:36:29.0812 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/07/26 18:36:30.0500 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2010/07/26 18:36:31.0140 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/07/26 18:36:31.0265 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/07/26 18:36:31.0406 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/07/26 18:36:31.0546 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/07/26 18:36:31.0671 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/07/26 18:36:31.0843 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/07/26 18:36:31.0937 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/07/26 18:36:32.0062 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/07/26 18:36:32.0125 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/07/26 18:36:32.0250 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/07/26 18:36:32.0390 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2010/07/26 18:36:32.0546 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/07/26 18:36:32.0609 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/07/26 18:36:32.0703 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/07/26 18:36:32.0796 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/07/26 18:36:32.0859 Cdr4_xp (223dea13c9d064babc882b4727f6f905) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/07/26 18:36:32.0906 Cdralw2k (9e26599599d178e71afb5599e146031a) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/07/26 18:36:33.0015 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/07/26 18:36:33.0812 cmuda (297cc8a257cbd3c46bbd675ec5e35cc2) C:\WINDOWS\system32\drivers\cmuda.sys
2010/07/26 18:36:34.0156 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/07/26 18:36:34.0296 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/07/26 18:36:34.0484 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/07/26 18:36:34.0609 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/07/26 18:36:34.0687 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/07/26 18:36:34.0890 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/07/26 18:36:35.0062 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/07/26 18:36:35.0312 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/07/26 18:36:35.0437 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2010/07/26 18:36:35.0593 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
2010/07/26 18:36:35.0734 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/07/26 18:36:35.0812 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/07/26 18:36:35.0921 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/07/26 18:36:36.0046 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/07/26 18:36:36.0140 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/07/26 18:36:36.0328 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/07/26 18:36:36.0468 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/07/26 18:36:36.0593 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/07/26 18:36:36.0734 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/07/26 18:36:36.0984 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/07/26 18:36:37.0125 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/07/26 18:36:37.0265 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/07/26 18:36:37.0390 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/07/26 18:36:37.0500 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/07/26 18:36:37.0578 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/07/26 18:36:37.0718 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/07/26 18:36:37.0828 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/07/26 18:36:37.0921 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/07/26 18:36:38.0078 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/07/26 18:36:38.0187 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/07/26 18:36:38.0265 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys
2010/07/26 18:36:38.0359 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/07/26 18:36:38.0484 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/07/26 18:36:38.0593 magpsc (b8df33eab6d6f69558f53c3c062014ad) C:\WINDOWS\system32\Drivers\magpsc.sys
2010/07/26 18:36:38.0859 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/07/26 18:36:38.0937 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/07/26 18:36:39.0031 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/07/26 18:36:39.0125 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/07/26 18:36:39.0250 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/07/26 18:36:39.0328 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/07/26 18:36:39.0453 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/07/26 18:36:39.0625 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/07/26 18:36:39.0687 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/07/26 18:36:39.0750 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/07/26 18:36:39.0781 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/07/26 18:36:39.0843 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/07/26 18:36:39.0921 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/07/26 18:36:40.0078 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/07/26 18:36:40.0203 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/07/26 18:36:40.0281 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/07/26 18:36:40.0390 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/07/26 18:36:40.0578 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/07/26 18:36:40.0671 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/07/26 18:36:40.0781 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/07/26 18:36:40.0953 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/07/26 18:36:41.0109 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/07/26 18:36:41.0234 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/07/26 18:36:41.0312 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/07/26 18:36:41.0437 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/07/26 18:36:41.0578 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/07/26 18:36:41.0703 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/07/26 18:36:41.0796 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/07/26 18:36:41.0921 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/07/26 18:36:42.0125 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/07/26 18:36:42.0437 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/07/26 18:36:42.0562 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/07/26 18:36:42.0656 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/07/26 18:36:42.0734 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/07/26 18:36:43.0062 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/07/26 18:36:43.0187 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/07/26 18:36:43.0234 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/07/26 18:36:43.0312 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/07/26 18:36:43.0437 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/07/26 18:36:43.0562 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/07/26 18:36:43.0625 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/07/26 18:36:43.0765 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/07/26 18:36:43.0890 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/07/26 18:36:44.0046 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/07/26 18:36:44.0203 rt2870 (b9b17aca28d3e60caabd92402de413d5) C:\WINDOWS\system32\DRIVERS\rt2870.sys
2010/07/26 18:36:44.0484 Scutum50 (f34c06d1c706a6d9433570b087a18b02) C:\WINDOWS\system32\Drivers\Scutum50.sys
2010/07/26 18:36:44.0765 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/07/26 18:36:44.0890 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/07/26 18:36:45.0000 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/07/26 18:36:45.0140 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/07/26 18:36:45.0328 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/07/26 18:36:45.0500 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/07/26 18:36:45.0640 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/07/26 18:36:45.0796 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/07/26 18:36:45.0890 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/07/26 18:36:46.0187 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/07/26 18:36:46.0328 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/07/26 18:36:46.0468 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/07/26 18:36:46.0531 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/07/26 18:36:46.0609 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/07/26 18:36:46.0750 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
2010/07/26 18:36:47.0046 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
2010/07/26 18:36:47.0140 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/07/26 18:36:47.0296 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/07/26 18:36:47.0421 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/07/26 18:36:47.0515 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/07/26 18:36:47.0562 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/07/26 18:36:47.0640 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/07/26 18:36:47.0718 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/07/26 18:36:47.0796 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/07/26 18:36:47.0875 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/07/26 18:36:47.0953 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/07/26 18:36:48.0031 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/07/26 18:36:48.0171 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/07/26 18:36:48.0312 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/07/26 18:36:48.0453 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/07/26 18:36:48.0609 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/07/26 18:36:48.0750 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/07/26 18:36:48.0828 ================================================================================
2010/07/26 18:36:48.0828 Scan finished
2010/07/26 18:36:48.0828 ================================================================================


#6 IndiGenus

IndiGenus

    Anti-Malware Buddha


  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 PM

Posted 26 July 2010 - 01:27 PM

Okay great please run DDS and GMER again, then post the logs.
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#7 Gingerswine

Gingerswine
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 27 July 2010 - 11:57 AM

Please find attached the results from DDs & GMER. I'm also now having a slight problem with one of the two users on the computer. When the PC is booted up I get a Windows Security Alert saying that Internet Explorer has been blocked. I've attached the screen shot in an attached file as well. I haven't answerered yes or no to this yet - simply closed the window down whenevre it appears - until you advise if I should answer yes or not. Finally after running GMER my PC rebooted when I tried to open Internet Explorer. This was before I saved the log file so I had to run GMER again. The second time I made sure I saved the log file but it again rebooted the PC when I tried to start Internet Explorer. Not sure if this is a sdide effect of running GMER or something else. Internet Explorer seems to work OK if I just boot up the PC, close the warning window I mentyioned above, and then open Internet Explorer.

Thanks


DDS (Ver_10-03-17.01) - NTFSx86
Run by Caroline at 21:04:37.50 on 26/07/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.573 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Ralink\Common\RaRegistry.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\EMC\Keyboard Application\1.2\EMCKBAPP.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trust\305KS\Keyboard\KbdAp32A.exe
C:\Program Files\Ralink\Common\RaUI.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Documents and Settings\Caroline\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://skyid.sky.com/signin/email/
mStart Page = hxxp://search.myheritage.com
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uWinlogon: Shell=explorer.exe,c:\documents and settings\caroline\application data\ufxw.exe
BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\family toolbar\tbcore3.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Family Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\family toolbar\tbcore3.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus D68 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /M "Stylus D68" /EF "HKCU"
uRun: [EPSON SX210 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifde.exe /fu "c:\windows\temp\E_S8B.tmp" /EF "HKCU"
uRun: [{03E1AB22-CF8F-2F0D-0D0F-32C1188FA331}] "c:\documents and settings\caroline\application data\xova\qolop.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [FLMK08KB] c:\program files\trust\305ks\keyboard\MMKEYBD.EXE
mRun: [EPSON Stylus D68 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
mRun: [Family Tree Builder Update] c:\program files\myheritage\bin\FTBCheckUpdates.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [EMCKEYBOARD] c:\program files\emc\keyboard application\1.2\EMCKBAPP.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\caroline\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\caroline\startm~1\programs\startup\remind~1.lnk - c:\program files\textbridge pro 9.0\bin\ereg\Remind32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253299471062
DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} - hxxps://go.girlguiding.org.uk/crystalreportviewers115/ActiveXControls/ActiveXViewer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-18 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-18 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-18 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-16 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RaRegistry.exe [2009-12-31 185632]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [2009-12-31 19072]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-12-31 722432]
S3 magpsc;magpsc;c:\windows\system32\drivers\magpsc.sys [2010-3-7 53719]

=============== Created Last 30 ================

2010-07-26 19:59:10 0 d-----w- C:\spoolerlogs
2010-07-25 19:00:04 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-25 16:02:22 0 d-sha-r- C:\cmdcons
2010-07-25 15:57:08 98816 ----a-w- c:\windows\sed.exe
2010-07-25 15:57:08 77312 ----a-w- c:\windows\MBR.exe
2010-07-25 15:57:08 256512 ----a-w- c:\windows\PEV.exe
2010-07-25 15:57:08 161792 ----a-w- c:\windows\SWREG.exe
2010-07-16 14:15:00 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 16:32:31 0 ----a-w- c:\documents and settings\caroline\defogger_reenable
2010-07-14 14:18:23 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-07-14 14:18:23 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-07-14 14:18:23 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-07-14 14:18:23 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-07-14 14:18:19 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-07-14 14:18:18 6144 ----a-w- c:\windows\system32\kbd106.dll

==================== Find3M ====================

2010-07-16 14:15:07 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 14:13:36 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2009-09-18 20:07:25 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009091820090919\index.dat

============= FINISH: 21:06:13.96 ===============

Attached Files


Edited by Gingerswine, 27 July 2010 - 11:58 AM.


#8 IndiGenus

IndiGenus

    Anti-Malware Buddha


  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 PM

Posted 27 July 2010 - 01:10 PM

Appears you may be having some disk issues. This from the attached DDS report.

QUOTE
25/07/2010 18:10:13, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
Have you run chkdsk on this drive or has it been run by the OS since then? Something to keep an eye on.


While we're at it here I would like to check something else.

Download MBRCheck.exe to your desktop
XP users > double click on MBRCheck.exe to run it
Vista and Windows 7 users > right click on MBRCheck.exe and select Run as Administrator
It will show a black screen with some data on it
Click on the black C:\ in the upper left hand corner of the black screen
Choose Edit > Select All > Press Enter to copy the data to your clip board
Press Enter again to close MBRCheck
Now open up notepad or wordpad and paste the data in (press Control+V)

Post the results in your reply
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#9 Gingerswine

Gingerswine
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 27 July 2010 - 03:17 PM

Hello. I hadn't run chkdsk manually or noticed it running automatically when the PC boots up - and its not hard to miss. So I ran it manually just now in read only mode (it said there was a problem with the file system) and set it to run automatically when tyhe PC was next booted. I then restarted the PC and chkdsk ran but I missed what it did (if anything) to resolve the problem with the file system as it rebooted the PC at the end before I could read the screen.

Still getting the messaghe about Internet Explorer being blocked when I first logon and am still just closing the window without replying yes or no.

Results of running MBRCheck attached :-

MBRCheck, version 1.1.1

© 2010, AD



\\.\C: --> \\.\PhysicalDrive0

\\.\E: --> \\.\PhysicalDrive1



Size Device Name MBR Status

--------------------------------------------

186 GB \\.\PhysicalDrive0 Windows XP MBR code detected

465 GB \\.\PhysicalDrive1 Error reading raw MBR!





Done! Press ENTER to exit...




#10 IndiGenus

IndiGenus

    Anti-Malware Buddha


  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 PM

Posted 27 July 2010 - 09:21 PM

QUOTE
Hello. I hadn't run chkdsk manually or noticed it running automatically when the PC boots up - and its not hard to miss. So I ran it manually just now in read only mode (it said there was a problem with the file system) and set it to run automatically when tyhe PC was next booted. I then restarted the PC and chkdsk ran but I missed what it did (if anything) to resolve the problem with the file system as it rebooted the PC at the end before I could read the screen.
You should run it and let it fix anything that it finds as bad.

http://support.microsoft.com/kb/315265

QUOTE
Still getting the messaghe about Internet Explorer being blocked when I first logon and am still just closing the window without replying yes or no.
It's actually Windows Explorer, not IE that is being blocked. Which is strange. You still appear to have some infections present so let's get things clean and then see if that still needs to be looked at. Is this user an Admin? Or just a regular user?

Run OTL
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#11 Gingerswine

Gingerswine
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 28 July 2010 - 12:52 PM

Hello. Firstly the user getting the Windows Explorer blocked message is an Administrator.

Secondly I'm having some problems running OTL. When I ran it the first time I got an error message about no Windows disk. See attached file.

I eventually got OTL to continue by closing this window (cancel, try again, and continue had no effect). OTL then continued and created the two files as expected. As OTL hadn't run cleanly I decided to try and start again. I deleted both the output files (probably shouldn't have in retrospect) and ran OTL again. I get the same 'no disk' error but now it will only create the OTL.txt file when it runs and I can't get an extras.txt file. I've tried rebooting and running OTL again but still getvthe same error message and can't get an extras file to be produced. I've therefore included the contents of the original extras.txt file which I got out of the recycle bin.

Thanks

OTL Extras logfile created on: 28/07/2010 18:18:16 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Caroline\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

991.00 Mb Total Physical Memory | 460.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 125.21 Gb Free Space | 67.21% Space Free | Partition Type: NTFS
Drive D: | 634.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 465.65 Gb Total Space | 402.87 Gb Free Space | 86.52% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAIN-250855BBDE
Current User Name: Caroline
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}" = EPSON Easy Photo Print
"{607CE53B-0999-4F3B-8FF1-DB1AA47548A8}" = Roxio PhotoSuite 5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7760A193-8668-4FAB-B1B1-525C259F84DC}_is1" = File Helper 2.5.0.2
"{7D9E1A52-7E61-4656-0100-000000000000}" = @trip PC
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A62892A7-9D90-4A58-8FFF-78FC5A2BC3C5}" = OpenOffice.org 3.2
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9F83CB8-EDD2-448F-86B3-E4E678278500}" = Ancestry Family Tree
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AVG9Uninstall" = AVG Free 9.0
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"C-Media Audio Driver" = C-Media WDM Audio Driver
"CSCLIB" = Canon Camera Support Core Library
"EMC Keyboard Application" = Keyboard Application 1.2
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 Userís Guide" = Epson Stylus SX210_SX410_TX210_TX410 Manual
"EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall
"Family Tree Builder" = MyHeritage Family Tree Builder
"GoldWave v5.55" = GoldWave v5.55
"ie8" = Windows Internet Explorer 8
"LimeWire" = LimeWire 5.5.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Trust 305KS Wireless Optical Deskset 2.1" = Trust 305KS Wireless Optical Deskset 2.1
"TVAnts 1.0" = TVAnts 1.0
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Windows XP Service Pack" = Windows XP Service Pack 3
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 27/07/2010 02:41:41 | Computer Name = MAIN-250855BBDE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 27/07/2010 02:41:45 | Computer Name = MAIN-250855BBDE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 27/07/2010 02:41:49 | Computer Name = MAIN-250855BBDE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 27/07/2010 02:41:53 | Computer Name = MAIN-250855BBDE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 27/07/2010 02:41:57 | Computer Name = MAIN-250855BBDE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 27/07/2010 02:42:13 | Computer Name = MAIN-250855BBDE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 27/07/2010 02:42:14 | Computer Name = MAIN-250855BBDE | Source = PlugPlayManager | ID = 12
Description = The device 'LITE-ON DVDRW SOHW-1673S' (IDE\CdRomLITE-ON_DVDRW_SOHW-1673S________________JS01____\5&2dfcc752&0&0.0.0)
disappeared from the system without first being prepared for removal.

Error - 27/07/2010 12:43:22 | Computer Name = MAIN-250855BBDE | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 27/07/2010 15:56:29 | Computer Name = MAIN-250855BBDE | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 28/07/2010 06:14:24 | Computer Name = MAIN-250855BBDE | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126


< End of report >





OTL logfile created on: 28/07/2010 18:40:19 - Run 5
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Caroline\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

991.00 Mb Total Physical Memory | 424.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 125.21 Gb Free Space | 67.21% Space Free | Partition Type: NTFS
Drive D: | 634.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 465.65 Gb Total Space | 402.87 Gb Free Space | 86.52% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAIN-250855BBDE
Current User Name: Caroline
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/28 18:17:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Caroline\Desktop\OTL.exe
PRC - [2010/07/21 09:28:28 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/16 15:15:10 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/16 15:15:01 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 15:15:00 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/16 15:14:52 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 15:13:33 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/16 15:13:00 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/01 22:55:06 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/01 22:55:04 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/09/22 19:07:45 | 000,375,296 | ---- | M] () -- C:\Program Files\Trust\305KS\Keyboard\KBDAP32A.EXE
PRC - [2009/07/14 22:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaRegistry.exe
PRC - [2009/07/09 18:10:16 | 001,561,888 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaUI.exe
PRC - [2008/12/04 13:24:30 | 000,665,424 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/12/09 15:28:52 | 000,376,320 | ---- | M] (EMC) -- C:\Program Files\EMC\Keyboard Application\1.2\EMCKBAPP.exe
PRC - [2004/05/14 08:47:18 | 000,067,072 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe


========== Modules (SafeList) ==========

MOD - [2010/07/28 18:17:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Caroline\Desktop\OTL.exe
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/07/21 09:28:28 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/16 15:14:52 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/07/14 22:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX)
DRV - [2010/07/16 15:15:07 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/16 15:13:36 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 09:19:18 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/30 12:06:02 | 000,722,432 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009/04/21 16:31:10 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)
DRV - [2008/11/20 20:19:06 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/11/20 20:19:06 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/11/16 23:22:02 | 000,053,719 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\magpsc.sys -- (magpsc)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://skyid.sky.com/signin/email/
IE - HKCU\..\URLSearchHook: *{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{8B0F85F5-DC2B-4252-885A-AEF91DAABDA4}: C:\Documents and Settings\Caroline\Local Settings\Application Data\{8B0F85F5-DC2B-4252-885A-AEF91DAABDA4} [2010/01/28 18:19:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{9E32FB12-B052-420F-B246-444999A19055}: C:\Documents and Settings\Julian\Local Settings\Application Data\{9E32FB12-B052-420F-B246-444999A19055} [2010/01/29 21:38:26 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/07/25 19:25:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EMCKEYBOARD] C:\Program Files\EMC\Keyboard Application\1.2\EMCKBAPP.exe (EMC)
O4 - HKLM..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
O4 - HKLM..\Run: [FLMK08KB] C:\Program Files\Trust\305KS\Keyboard\MMKEYBD.EXE ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [{03E1AB22-CF8F-2F0D-0D0F-32C1188FA331}] C:\Documents and Settings\Caroline\Application Data\Xova\qolop.exe (Xsqu Ju Iiil Omtx)
O4 - HKCU..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON SX210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
O4 - Startup: C:\Documents and Settings\Caroline\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Caroline\Start Menu\Programs\Startup\reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Pro 9.0\Bin\Ereg\Remind32.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1253299471062 (WUWebControl Class)
O16 - DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} https://go.girlguiding.org.uk/crystalreport...tiveXViewer.cab (Crystal ActiveX Report Viewer Control 11.5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Caroline\Application Data\ufxw.exe) - C:\Documents and Settings\Caroline\Application Data\ufxw.exe File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Caroline\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Caroline\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/17 17:27:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/01/24 10:08:56 | 000,000,000 | ---D | M] - E:\autorun -- [ FAT32 ]
O33 - MountPoints2\{076a6134-2386-11df-af14-00081073cf94}\Shell - "" = AutoRun
O33 - MountPoints2\{076a6134-2386-11df-af14-00081073cf94}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{076a6134-2386-11df-af14-00081073cf94}\Shell\AutoRun\command - "" = F:\DPFMate.exe -- File not found
O33 - MountPoints2\{2301086f-a7a5-11de-a1e2-00115b9e5a70}\Shell\AutoRun\command - "" = nano/bananna.exe
O33 - MountPoints2\{2301086f-a7a5-11de-a1e2-00115b9e5a70}\Shell\explore\command - "" = nano/bananna.exe
O33 - MountPoints2\{2301086f-a7a5-11de-a1e2-00115b9e5a70}\Shell\open\command - "" = nano/bananna.exe
O33 - MountPoints2\{67830625-0a72-11df-aef2-00081073cf94}\Shell - "" = AutoRun
O33 - MountPoints2\{67830625-0a72-11df-aef2-00081073cf94}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{67830625-0a72-11df-aef2-00081073cf94}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/28 18:23:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/28 18:17:23 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Caroline\Desktop\OTL.exe
[2010/07/26 20:59:10 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/07/25 17:02:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/25 16:57:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/25 16:57:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/25 16:57:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/25 16:57:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/25 16:56:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/25 16:56:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/22 16:11:12 | 001,170,256 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Caroline\Desktop\TDSSKiller.exe
[2010/07/16 15:15:00 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/15 17:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caroline\Desktop\gmer
[2010/06/25 08:10:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/25 08:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/06/24 11:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caroline\Application Data\IObit
[2010/06/20 04:37:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/20 04:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/19 21:52:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/19 21:52:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/09 10:19:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caroline\Desktop\New Folder
[2010/05/26 09:52:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caroline\My Documents\WORLD JAMBOREE
[2010/05/15 12:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caroline\Application Data\OpenOffice.org
[2010/05/15 12:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/05/15 12:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caroline\Desktop\OpenOffice.org 3.2 (en-GB) Installation Files
[2010/05/15 11:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caroline\Application Data\Blitware
[2010/05/15 11:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\File Helper
[2010/05/02 08:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caroline\Local Settings\Application Data\AskToolbar
[2010/05/01 20:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/05/01 20:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/28 18:41:20 | 000,639,488 | ---- | M] () -- C:\Documents and Settings\Caroline\Desktop\OTL Error.doc
[2010/07/28 18:41:20 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Caroline\Desktop\~$L Error.doc
[2010/07/28 18:31:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/28 18:31:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/28 18:31:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/28 18:30:00 | 009,175,040 | ---- | M] () -- C:\Documents and Settings\Caroline\NTUSER.DAT
[2010/07/28 18:30:00 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Caroline\ntuser.ini
[2010/07/28 18:29:51 | 005,912,618 | -H-- | M] () -- C:\Documents and Settings\Caroline\Local Settings\Application Data\IconCache.db
[2010/07/28 18:17:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Caroline\Desktop\OTL.exe
[2010/07/28 18:05:02 | 062,660,424 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/28 18:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/07/27 20:59:00 | 000,055,296 | ---- | M] () -- C:\Documents and Settings\Caroline\Desktop\MBRCheck.exe
[2010/07/27 17:46:03 | 000,121,856 | ---- | M] () -- C:\Documents and Settings\Caroline\Desktop\Error Message.doc
[2010/07/27 07:26:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/26 19:36:50 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Caroline\My Documents\Weather Forecast.doc
[2010/07/26 18:35:33 | 001,170,256 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Caroline\Desktop\TDSSKiller.exe
[2010/07/26 18:34:39 | 001,108,900 | ---- | M] () -- C:\Documents and Settings\Caroline\Desktop\tdsskiller.zip
[2010/07/26 12:19:28 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Caroline\My Documents\Sam's Mill Close List - Filtered.xls
[2010/07/25 23:04:37 | 000,488,794 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/25 23:04:37 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/25 23:04:37 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/25 19:26:31 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/25 19:25:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/25 17:02:30 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/21 23:02:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/20 11:32:29 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/16 15:15:07 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/16 15:15:00 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/16 15:13:36 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/15 17:38:27 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Caroline\Desktop\gmer.zip
[2010/07/15 17:33:47 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Caroline\Desktop\dds.scr
[2010/07/15 17:32:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Caroline\defogger_reenable
[2010/07/06 14:53:45 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Caroline\My Documents\Norjam hoody order.xls
[2010/06/30 20:14:32 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Caroline\My Documents\Guess cake weight.xls
[2010/06/24 13:41:24 | 000,408,553 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100714-162725.backup
[2010/06/24 11:10:06 | 000,000,945 | ---- | M] () -- C:\Documents and Settings\Caroline\Desktop\Spybot - Search & Destroy (2).lnk
[2010/06/20 18:40:10 | 000,000,553 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/20 18:40:10 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/06/20 10:43:06 | 000,408,427 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100624-134124.backup
[2010/06/11 09:05:47 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Caroline\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/11 06:56:00 | 000,175,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/10 23:39:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/03 09:19:18 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/23 08:52:02 | 000,395,292 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100620-104306.backup
[2010/05/19 12:29:31 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Caroline\My Documents\Letter to Miss Prince re Sam.doc
[2010/05/15 19:00:30 | 000,035,104 | ---- | M] () -- C:\Documents and Settings\Caroline\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/15 12:25:52 | 000,000,864 | ---- | M] () -- C:\Documents and Settings\Caroline\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/05/15 12:18:39 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/05/15 11:58:59 | 000,016,494 | ---- | M] () -- C:\Documents and Settings\Caroline\My Documents\home contact sheet.ods
[2010/05/15 11:50:22 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\File Helper.lnk
[2010/05/06 10:40:58 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/04 20:29:53 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/02 12:08:26 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Caroline\My Documents\Mug.doc
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/28 18:41:20 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Caroline\Desktop\~$L Error.doc
[2010/07/28 18:41:19 | 000,639,488 | ---- | C] () -- C:\Documents and Settings\Caroline\Desktop\OTL Error.doc
[2010/07/27 20:58:52 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\Caroline\Desktop\MBRCheck.exe
[2010/07/27 17:46:03 | 000,121,856 | ---- | C] () -- C:\Documents and Settings\Caroline\Desktop\Error Message.doc
[2010/07/26 19:36:50 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Caroline\My Documents\Weather Forecast.doc
[2010/07/26 18:34:32 | 001,108,900 | ---- | C] () -- C:\Documents and Settings\Caroline\Desktop\tdsskiller.zip
[2010/07/25 17:02:29 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/25 17:02:24 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/25 16:57:08 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/25 16:57:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/25 16:57:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/25 16:57:08 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/25 16:57:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/15 17:38:26 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Caroline\Desktop\gmer.zip
[2010/07/15 17:33:46 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Caroline\Desktop\dds.scr
[2010/07/15 17:32:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Caroline\defogger_reenable
[2010/07/06 14:53:45 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Caroline\My Documents\Norjam hoody order.xls
[2010/06/30 20:14:32 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Caroline\My Documents\Guess cake weight.xls
[2010/06/24 11:10:06 | 000,000,945 | ---- | C] () -- C:\Documents and Settings\Caroline\Desktop\Spybot - Search & Destroy (2).lnk
[2010/06/10 12:26:28 | 001,133,442 | ---- | C] () -- C:\Documents and Settings\Caroline\My Documents\004_4.JPG
[2010/05/19 12:29:30 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Caroline\My Documents\Letter to Miss Prince re Sam.doc
[2010/05/15 12:25:52 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\Caroline\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/05/15 12:18:39 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/05/15 11:58:53 | 000,016,494 | ---- | C] () -- C:\Documents and Settings\Caroline\My Documents\home contact sheet.ods
[2010/05/15 11:50:22 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\File Helper.lnk
[2010/05/02 12:08:25 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Caroline\My Documents\Mug.doc
[2010/05/01 20:48:15 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/04/05 23:00:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/03/30 15:02:46 | 000,000,792 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/03/30 14:35:04 | 000,000,663 | ---- | C] () -- C:\WINDOWS\fe.INI
[2010/03/07 10:50:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\GpsPlatformExe.INI
[2010/01/30 22:02:15 | 000,000,094 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/12/31 18:29:50 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2009/12/31 18:29:50 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2009/12/31 18:29:50 | 000,000,480 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2009/10/29 15:17:06 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2009/10/28 18:19:03 | 000,000,886 | ---- | C] () -- C:\WINDOWS\MyHeritage.INI
[2009/10/28 17:40:34 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2009/10/07 20:23:30 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/10/07 20:16:30 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDED68PE.ini
[2009/09/22 19:49:06 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009/09/19 09:07:48 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009/09/19 08:41:57 | 000,002,731 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/09/19 08:41:56 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/09/19 06:50:59 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/09/18 21:33:31 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/17 20:38:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2003/02/18 18:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2002/01/08 16:57:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== LOP Check ==========

[2009/11/14 20:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/05 18:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/04/11 19:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWave
[2009/10/28 18:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyHeritage
[2009/12/31 18:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2010/03/30 14:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/04/05 18:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/03/13 19:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/29 17:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caroline\Application Data\Ancestry.com
[2010/05/15 11:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caroline\Application Data\Blitware
[2010/04/05 19:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caroline\Application Data\Epson
[2009/10/29 15:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caroline\Application Data\FTW
[2010/06/24 11:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caroline\Application Data\IObit
[2010/07/28 17:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caroline\Application Data\Kefaiv
[2010/03/07 18:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caroline\Application Data\Mobile Action
[2009/10/28 17:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caroline\Application Data\MyHeritage
[2010/05/15 12:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caroline\Application Data\OpenOffice.org
[2010/07/20 12:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caroline\Application Data\Risaid
[2010/07/22 20:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caroline\Application Data\Sakui
[2009/10/28 17:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caroline\Application Data\The Complete Genealogy Reporter - FTB
[2010/07/19 22:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caroline\Application Data\Uqero
[2010/03/12 14:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caroline\Application Data\Xova
[2010/07/23 12:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caroline\Application Data\Ykyso
[2010/07/28 18:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========


< End of report >


#12 IndiGenus

IndiGenus

    Anti-Malware Buddha


  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 PM

Posted 28 July 2010 - 04:00 PM

QUOTE
Hello. Firstly the user getting the Windows Explorer blocked message is an Administrator.

Okay thanks for letting me know.

QUOTE
Secondly I'm having some problems running OTL. When I ran it the first time I got an error message about no Windows disk. See attached file.

Hmmm? Not sure about that one. Clearly, there is a Windows disk present. I'll check into that.

QUOTE
I eventually got OTL to continue by closing this window (cancel, try again, and continue had no effect). OTL then continued and created the two files as expected. As OTL hadn't run cleanly I decided to try and start again. I deleted both the output files (probably shouldn't have in retrospect) and ran OTL again. I get the same 'no disk' error but now it will only create the OTL.txt file when it runs and I can't get an extras.txt file. I've tried rebooting and running OTL again but still getvthe same error message and can't get an extras file to be produced. I've therefore included the contents of the original extras.txt file which I got out of the recycle bin.

The extras log is only produced on the first run, unless specified in OTL. The one you posted is fine. Let's continue with the fix. Work around the OTL error for now.


AskBar.dll (Ask Toolbar) process can be removed to free up resources without compromising system performance. http://vil.nai.com/vil/content/v_146646.htm
QUOTE
This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.


To remove go into your Control Panel, then Add or Remove Programs. Uninstall Ask Toolbar.

+++++++++++++++++++++

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    IE - HKCU\..\URLSearchHook: *{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - Reg Error: Key error. File not found
    IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKCU..\Run: [{03E1AB22-CF8F-2F0D-0D0F-32C1188FA331}] C:\Documents and Settings\Caroline\Application Data\Xova\qolop.exe (Xsqu Ju Iiil Omtx)
    O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Caroline\Application Data\ufxw.exe) - C:\Documents and Settings\Caroline\Application Data\ufxw.exe File not found
    O33 - MountPoints2\{076a6134-2386-11df-af14-00081073cf94}\Shell - "" = AutoRun
    O33 - MountPoints2\{076a6134-2386-11df-af14-00081073cf94}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{076a6134-2386-11df-af14-00081073cf94}\Shell\AutoRun\command - "" = F:\DPFMate.exe -- File not found
    O33 - MountPoints2\{2301086f-a7a5-11de-a1e2-00115b9e5a70}\Shell\AutoRun\command - "" = nano/bananna.exe
    O33 - MountPoints2\{2301086f-a7a5-11de-a1e2-00115b9e5a70}\Shell\explore\command - "" = nano/bananna.exe
    O33 - MountPoints2\{2301086f-a7a5-11de-a1e2-00115b9e5a70}\Shell\open\command - "" = nano/bananna.exe
    O33 - MountPoints2\{67830625-0a72-11df-aef2-00081073cf94}\Shell - "" = AutoRun
    O33 - MountPoints2\{67830625-0a72-11df-aef2-00081073cf94}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{67830625-0a72-11df-aef2-00081073cf94}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

    :Files
    C:\Documents and Settings\Caroline\Application Data\ufxw.exe
    C:\Documents and Settings\Caroline\Application Data\Xova

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log

IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#13 Gingerswine

Gingerswine
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 29 July 2010 - 03:02 PM

OK - firstly the message about Windows Explorer being blocked no longer appears. Great!

Secondly I can't see Ask Toolbar on the list of programs so I can't uninstall it. I double checked the list of programs under Add / Remove and couldn't see it or anything even vaguely named the same anywhere.

I ran OTL again with the fix code you listed. It errored again with the no disk error which I got through. When it had completed it produced a 07282010_223313.txt log file. I've pasted the contents of this below. The OTL.txt file didn't get updated.

Thanks

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\*{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{03E1AB22-CF8F-2F0D-0D0F-32C1188FA331} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03E1AB22-CF8F-2F0D-0D0F-32C1188FA331}\ not found.
C:\Documents and Settings\Caroline\Application Data\Xova\qolop.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Caroline\Application Data\ufxw.exe deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{076a6134-2386-11df-af14-00081073cf94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{076a6134-2386-11df-af14-00081073cf94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{076a6134-2386-11df-af14-00081073cf94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{076a6134-2386-11df-af14-00081073cf94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{076a6134-2386-11df-af14-00081073cf94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{076a6134-2386-11df-af14-00081073cf94}\ not found.
File F:\DPFMate.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2301086f-a7a5-11de-a1e2-00115b9e5a70}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2301086f-a7a5-11de-a1e2-00115b9e5a70}\ not found.
File nano/bananna.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2301086f-a7a5-11de-a1e2-00115b9e5a70}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2301086f-a7a5-11de-a1e2-00115b9e5a70}\ not found.
File nano/bananna.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2301086f-a7a5-11de-a1e2-00115b9e5a70}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2301086f-a7a5-11de-a1e2-00115b9e5a70}\ not found.
File nano/bananna.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67830625-0a72-11df-aef2-00081073cf94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67830625-0a72-11df-aef2-00081073cf94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67830625-0a72-11df-aef2-00081073cf94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67830625-0a72-11df-aef2-00081073cf94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67830625-0a72-11df-aef2-00081073cf94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67830625-0a72-11df-aef2-00081073cf94}\ not found.
File G:\LaunchU3.exe not found.
========== FILES ==========
File\Folder C:\Documents and Settings\Caroline\Application Data\ufxw.exe not found.
C:\Documents and Settings\Caroline\Application Data\Xova folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 405 bytes

User: All Users

User: Caroline
->Temp folder emptied: 10512209 bytes
->Temporary Internet Files folder emptied: 313154615 bytes
->Java cache emptied: 62206957 bytes
->Flash cache emptied: 64076 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Julian
->Temp folder emptied: 1843296 bytes
->Temporary Internet Files folder emptied: 15493735 bytes
->Java cache emptied: 10682604 bytes
->Flash cache emptied: 8023 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 524422 bytes
->Flash cache emptied: 5228 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1130630 bytes
->Java cache emptied: 62697 bytes
->Flash cache emptied: 12680 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2176856 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 107007 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 15222488 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 201150 bytes

Total Files Cleaned = 413.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 07282010_223313

Files\Folders moved on Reboot...
C:\Documents and Settings\Caroline\Local Settings\Temporary Internet Files\Content.IE5\DE5T26CM\iframe[1].htm moved successfully.
C:\Documents and Settings\Caroline\Local Settings\Temporary Internet Files\Content.IE5\DBRWO7AF\topic332489[1].htm moved successfully.

Registry entries deleted on Reboot...


#14 IndiGenus

IndiGenus

    Anti-Malware Buddha


  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 PM

Posted 29 July 2010 - 07:26 PM

Okay great, I think we're getting there. Please do a fresh run with OTL and post the log (there will be only the one).
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#15 Gingerswine

Gingerswine
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 30 July 2010 - 09:25 AM

Hello. Results of OTL scan attached below. It ran without the 'No Disk' error appearing.

Thanks

OTL logfile created on: 30/07/2010 14:15:59 - Run 6
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Caroline\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

991.00 Mb Total Physical Memory | 630.00 Mb Available Physical Memory | 64.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 125.60 Gb Free Space | 67.42% Space Free | Partition Type: NTFS
Drive D: | 634.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 465.65 Gb Total Space | 402.87 Gb Free Space | 86.52% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAIN-250855BBDE
Current User Name: Caroline
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/28 18:17:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Caroline\Desktop\OTL.exe
PRC - [2010/07/21 09:28:28 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/16 15:15:10 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/16 15:15:01 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 15:15:00 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/16 15:14:52 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 15:13:33 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/16 15:13:00 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/01 22:55:06 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/01 22:55:04 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/09/22 19:07:45 | 000,375,296 | ---- | M] () -- C:\Program Files\Trust\305KS\Keyboard\KBDAP32A.EXE
PRC - [2009/07/14 22:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaRegistry.exe
PRC - [2009/07/09 18:10:16 | 001,561,888 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaUI.exe
PRC - [2008/12/04 13:24:30 | 000,665,424 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/12/09 15:28:52 | 000,376,320 | ---- | M] (EMC) -- C:\Program Files\EMC\Keyboard Application\1.2\EMCKBAPP.exe
PRC - [2004/05/14 08:47:18 | 000,067,072 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe


========== Modules (SafeList) ==========

MOD - [2010/07/28 18:17:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Caroline\Desktop\OTL.exe
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/07/21 09:28:28 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/16 15:14:52 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/07/14 22:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX)
DRV - [2010/07/16 15:15:07 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/16 15:13:36 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 09:19:18 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/30 12:06:02 | 000,722,432 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009/04/21 16:31:10 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)
DRV - [2008/11/20 20:19:06 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/11/20 20:19:06 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/11/16 23:22:02 | 000,053,719 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\magpsc.sys -- (magpsc)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://skyid.sky.com/signin/email/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{8B0F85F5-DC2B-4252-885A-AEF91DAABDA4}: C:\Documents and Settings\Caroline\Local Settings\Application Data\{8B0F85F5-DC2B-4252-885A-AEF91DAABDA4} [2010/01/28 18:19:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{9E32FB12-B052-420F-B246-444999A19055}: C:\Documents and Settings\Julian\Local Settings\Application Data\{9E32FB12-B052-420F-B246-444999A19055} [2010/01/29 21:38:26 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/07/25 19:25:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EMCKEYBOARD] C:\Program Files\EMC\Keyboard Application\1.2\EMCKBAPP.exe (EMC)
O4 - HKLM..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
O4 - HKLM..\Run: [FLMK08KB] C:\Program Files\Trust\305KS\Keyboard\MMKEYBD.EXE ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [{03E1AB22-CF8F-2F0D-0D0F-32C1188FA331}] C:\Documents and Settings\Caroline\Application Data\Xova\qolop.exe File not found
O4 - HKCU..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON SX210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
O4 - Startup: C:\Documents and Settings\Caroline\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Caroline\Start Menu\Programs\Startup\reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Pro 9.0\Bin\Ereg\Remind32.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1253299471062 (WUWebControl Class)
O16 - DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} https://go.girlguiding.org.uk/crystalreport...tiveXViewer.cab (Crystal ActiveX Report Viewer Control 11.5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (c:\documents) - File not found
O20 - HKCU Winlogon: Shell - (and) - File not found
O20 - HKCU Winlogon: Shell - (settings\caroline\application) - File not found
O20 - HKCU Winlogon: Shell - (data\ufxw.exe) - File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Caroline\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Caroline\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/17 17:27:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/01/24 10:08:56 | 000,000,000 | ---D | M] - E:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/28 22:33:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/28 18:23:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/28 18:17:23 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Caroline\Desktop\OTL.exe
[2010/07/26 20:59:10 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/07/25 17:02:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/25 16:57:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/25 16:57:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/25 16:57:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/25 16:57:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/25 16:56:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/25 16:56:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/22 16:11:12 | 001,170,256 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Caroline\Desktop\TDSSKiller.exe
[2010/07/16 15:15:00 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/15 17:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caroline\Desktop\gmer
[2010/06/25 08:10:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/25 08:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/06/24 11:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caroline\Application Data\IObit
[2010/06/20 04:37:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/20 04:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/19 21:52:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/19 21:52:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/09 10:19:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caroline\Desktop\New Folder
[2010/05/26 09:52:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caroline\My Documents\WORLD JAMBOREE
[2010/05/15 12:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caroline\Application Data\OpenOffice.org
[2010/05/15 12:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/05/15 12:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caroline\Desktop\OpenOffice.org 3.2 (en-GB) Installation Files
[2010/05/15 11:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caroline\Application Data\Blitware
[2010/05/15 11:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\File Helper
[2010/05/02 08:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caroline\Local Settings\Application Data\AskToolbar
[2010/05/01 20:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/05/01 20:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire

========== Files - Modified Within 90 Days ==========

[2010/07/30 14:13:55 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Caroline\My Documents\NORJAM TENT DUTIES.doc
[2010/07/30 14:13:37 | 009,175,040 | ---- | M] () -- C:\Documents and Settings\Caroline\NTUSER.DAT
[2010/07/30 14:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/07/30 12:34:58 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/30 08:29:39 | 062,737,703 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/30 07:58:18 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/30 06:42:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/30 06:42:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/29 22:58:53 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Caroline\ntuser.ini
[2010/07/29 22:58:46 | 005,913,070 | -H-- | M] () -- C:\Documents and Settings\Caroline\Local Settings\Application Data\IconCache.db
[2010/07/28 23:02:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/28 18:41:20 | 000,639,488 | ---- | M] () -- C:\Documents and Settings\Caroline\Desktop\OTL Error.doc
[2010/07/28 18:17:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Caroline\Desktop\OTL.exe
[2010/07/27 20:59:00 | 000,055,296 | ---- | M] () -- C:\Documents and Settings\Caroline\Desktop\MBRCheck.exe
[2010/07/27 17:46:03 | 000,121,856 | ---- | M] () -- C:\Documents and Settings\Caroline\Desktop\Error Message.doc
[2010/07/26 19:36:50 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Caroline\My Documents\Weather Forecast.doc
[2010/07/26 18:35:33 | 001,170,256 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Caroline\Desktop\TDSSKiller.exe
[2010/07/26 18:34:39 | 001,108,900 | ---- | M] () -- C:\Documents and Settings\Caroline\Desktop\tdsskiller.zip
[2010/07/26 12:19:28 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Caroline\My Documents\Sam's Mill Close List - Filtered.xls
[2010/07/25 23:10:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/25 23:04:37 | 000,488,794 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/25 23:04:37 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/25 23:04:37 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/25 19:26:31 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/25 19:25:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/25 17:02:30 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/20 11:32:29 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/16 15:15:07 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/16 15:15:00 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/16 15:13:36 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/15 17:38:27 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Caroline\Desktop\gmer.zip
[2010/07/15 17:33:47 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Caroline\Desktop\dds.scr
[2010/07/15 17:32:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Caroline\defogger_reenable
[2010/07/06 14:53:45 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Caroline\My Documents\Norjam hoody order.xls
[2010/06/30 20:14:32 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Caroline\My Documents\Guess cake weight.xls
[2010/06/24 13:41:24 | 000,408,553 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100714-162725.backup
[2010/06/24 11:10:06 | 000,000,945 | ---- | M] () -- C:\Documents and Settings\Caroline\Desktop\Spybot - Search & Destroy (2).lnk
[2010/06/20 18:40:10 | 000,000,553 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/20 18:40:10 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/06/20 10:43:06 | 000,408,427 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100624-134124.backup
[2010/06/11 09:05:47 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Caroline\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/11 06:56:00 | 000,175,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/03 09:19:18 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/23 08:52:02 | 000,395,292 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100620-104306.backup
[2010/05/19 12:29:31 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Caroline\My Documents\Letter to Miss Prince re Sam.doc
[2010/05/15 19:00:30 | 000,035,104 | ---- | M] () -- C:\Documents and Settings\Caroline\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/15 12:25:52 | 000,000,864 | ---- | M] () -- C:\Documents and Settings\Caroline\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/05/15 12:18:39 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/05/15 11:58:59 | 000,016,494 | ---- | M] () -- C:\Documents and Settings\Caroline\My Documents\home contact sheet.ods
[2010/05/15 11:50:22 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\File Helper.lnk
[2010/05/06 10:40:58 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/04 20:29:53 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/02 12:08:26 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Caroline\My Documents\Mug.doc

========== Files Created - No Company Name ==========

[2010/07/30 14:13:55 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Caroline\My Documents\NORJAM TENT DUTIES.doc
[2010/07/28 18:41:19 | 000,639,488 | ---- | C] () -- C:\Documents and Settings\Caroline\Desktop\OTL Error.doc
[2010/07/27 20:58:52 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\Caroline\Desktop\MBRCheck.exe
[2010/07/27 17:46:03 | 000,121,856 | ---- | C] () -- C:\Documents and Settings\Caroline\Desktop\Error Message.doc
[2010/07/26 19:36:50 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Caroline\My Documents\Weather Forecast.doc
[2010/07/26 18:34:32 | 001,108,900 | ---- | C] () -- C:\Documents and Settings\Caroline\Desktop\tdsskiller.zip
[2010/07/25 17:02:29 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/25 17:02:24 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/25 16:57:08 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/25 16:57:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/25 16:57:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/25 16:57:08 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/25 16:57:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/15 17:38:26 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Caroline\Desktop\gmer.zip
[2010/07/15 17:33:46 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Caroline\Desktop\dds.scr
[2010/07/15 17:32:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Caroline\defogger_reenable
[2010/07/06 14:53:45 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Caroline\My Documents\Norjam hoody order.xls
[2010/06/30 20:14:32 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Caroline\My Documents\Guess cake weight.xls
[2010/06/24 11:10:06 | 000,000,945 | ---- | C] () -- C:\Documents and Settings\Caroline\Desktop\Spybot - Search & Destroy (2).lnk
[2010/06/10 12:26:28 | 001,133,442 | ---- | C] () -- C:\Documents and Settings\Caroline\My Documents\004_4.JPG
[2010/05/19 12:29:30 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Caroline\My Documents\Letter to Miss Prince re Sam.doc
[2010/05/15 12:25:52 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\Caroline\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/05/15 12:18:39 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/05/15 11:58:53 | 000,016,494 | ---- | C] () -- C:\Documents and Settings\Caroline\My Documents\home contact sheet.ods
[2010/05/15 11:50:22 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\File Helper.lnk
[2010/05/02 12:08:25 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Caroline\My Documents\Mug.doc
[2010/05/01 20:48:15 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/04/05 23:00:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/03/30 15:02:46 | 000,000,792 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/03/30 14:35:04 | 000,000,663 | ---- | C] () -- C:\WINDOWS\fe.INI
[2010/03/07 10:50:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\GpsPlatformExe.INI
[2010/01/30 22:02:15 | 000,000,094 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/12/31 18:29:50 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2009/12/31 18:29:50 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2009/12/31 18:29:50 | 000,000,480 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2009/10/29 15:17:06 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2009/10/28 18:19:03 | 000,000,886 | ---- | C] () -- C:\WINDOWS\MyHeritage.INI
[2009/10/28 17:40:34 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2009/10/07 20:23:30 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/10/07 20:16:30 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDED68PE.ini
[2009/09/22 19:49:06 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009/09/19 09:07:48 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009/09/19 08:41:57 | 000,002,731 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/09/19 08:41:56 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/09/19 06:50:59 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/09/18 21:33:31 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/17 20:38:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2003/02/18 18:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2002/01/08 16:57:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== LOP Check ==========

[2009/11/14 20:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/05 18:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/04/11 19:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWave
[2009/10/28 18:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyHeritage
[2009/12/31 18:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2010/03/30 14:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/04/05 18:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/03/13 19:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/29 17:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caroline\Application Data\Ancestry.com
[2010/05/15 11:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caroline\Application Data\Blitware
[2010/04/05 19:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caroline\Application Data\Epson
[2009/10/29 15:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caroline\Application Data\FTW
[2010/06/24 11:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caroline\Application Data\IObit
[2010/07/28 22:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caroline\Application Data\Kefaiv
[2010/03/07 18:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caroline\Application Data\Mobile Action
[2009/10/28 17:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caroline\Application Data\MyHeritage
[2010/05/15 12:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caroline\Application Data\OpenOffice.org
[2010/07/20 12:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caroline\Application Data\Risaid
[2010/07/22 20:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caroline\Application Data\Sakui
[2009/10/28 17:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caroline\Application Data\The Complete Genealogy Reporter - FTB
[2010/07/19 22:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caroline\Application Data\Uqero
[2010/07/23 12:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caroline\Application Data\Ykyso
[2010/07/30 14:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========


< End of report >





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users