Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJack This Log


  • Please log in to reply
19 replies to this topic

#1 Bish

Bish

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 19 January 2011 - 11:21 AM

The computer seems to be working on its own sometimes (opening programs), no speed issues, programs open up with good speed but recently the keyboard seems to be 4-5 seconds behind what I've typed, and recently takes 20-30mins to shut down. I've no idea whats causing the problem and I've been directed here. Please help, its very much appreciated!!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:04:05, on 19/01/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\All Users\Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=1061125
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=1061125
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dcu.ie:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\WINDOWS\stsystra.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] "C:\WINDOWS\System32\DLA\DLACTRLW.EXE"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\progra~1\common~1\instal~1\update~1\isuspm.exe" -startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79344.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG Security Toolbar Service - AVAST Software - (no file)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVAST Software - (no file)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVAST Software - (no file)
O23 - Service: AVG WatchDog (avg9wd) - AVAST Software - (no file)
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - Unknown owner - (no file)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 12480 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 AM

Posted 24 January 2011 - 12:00 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR

#3 Bish

Bish
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 25 January 2011 - 05:17 PM

Hi, thanks for getting back to me.
As requested the information is below. Thank You

As previously mentioned the problems I'm experiencing are sudden performance loss. The laptop was fine one day and the next it became very unresponsive. The keyboard seems to be 4-5 seconds behind what i'm typing.

DDS:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Joe Bish at 21:16:45.64 on 25/01/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.132 [GMT 0:00]

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Joe Bish\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ie/
uSearch Page =
uSearch Bar =
uDefault_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=1061125
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = proxy.dcu.ie:8080
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
mRun: [SigmatelSysTrayApp] "c:\windows\stsystra.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] "c:\windows\system32\dla\DLACTRLW.EXE"
mRun: [Broadcom Wireless Manager UI] "c:\windows\system32\WLTRAY.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [REGSHAVE] "c:\program files\regshave\REGSHAVE.EXE" /AUTORUN
mRun: [ISUSPM Startup] "c:\progra~1\common~1\instal~1\update~1\isuspm.exe" -startup
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LXCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCCtime.dll,_RunDLLEntry@16
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw_promo.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} - hxxp://www.tvlution.com/KooPlayer.ocx
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79344.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - hxxp://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} - hxxp://www.miniclip.com/igloader/igloader.CAB
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\joebis~1\applic~1\mozilla\firefox\profiles\xld9zehg.default\
FF - prefs.js: network.proxy.ftp - proxy.dcu.ie
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy.dcu.ie
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy.dcu.ie
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.dcu.ie
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.dcu.ie
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-23 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-23 17744]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-11-23 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110125.003\NAVENG.SYS [2011-1-25 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110125.003\NAVEX15.SYS [2011-1-25 1360760]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]
S3 AVGIDSDriverxpx;AVG9IDSDriver; [x]
S3 AVGIDSFilterxpx;AVG9IDSFilter; [x]
S3 AVGIDSShimxpx;AVG9IDSShim; [x]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]

=============== Created Last 30 ================

2011-01-19 13:39:21 -------- d-----w- c:\program files\uTorrent

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

============= FINISH: 21:34:44.93 ===============

Attached Files



#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:08:57 AM

Posted 26 January 2011 - 08:28 AM

Hi Bish.


Step 1
It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Avast or Symantec Endpoint Protection.

I see you have already removed AVG.
But there's still files etc showing in the report.

To remove AVG go to:
http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe

download to your desktop.
then double click to start the uninstaller.

Step 2
  • Download OTL to your desktop.
    right click on the link and select 'Save Link/Target As'.

    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check
.

.
Posted Image
  • Now copy the lines in bold below.

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT


  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    Posted Image
    .
  • Click the Run Scan button.

    Posted Image
  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.


In your next reply, please submit:
Both reports from OTL


Thanks.

BBPP6nz.png


#5 Bish

Bish
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 26 January 2011 - 10:42 AM

Hi Starbuck,
Thanks for the reply, did everything you said, removed the remaining parts of AVG and also uninstalled Avast. Below are the results from the OTL Scan. I've also attached them if it makes it any easier. Thanks! I really appreciate your help!

OTL.txt:
OTL logfile created on: 26/01/2011 15:25:52 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Joe Bish\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

894.00 Mb Total Physical Memory | 469.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.80 Gb Total Space | 24.46 Gb Free Space | 46.32% Space Free | Partition Type: NTFS

Computer Name: JOE | User Name: Joe Bish | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Joe Bish\Desktop\OTL.scr (OldTimer Tools)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\PSIService.exe ()
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Joe Bish\Desktop\OTL.scr (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AVG Security Toolbar Service) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (dlcx_device) -- C:\WINDOWS\System32\dlcxcoms.exe ( )
SRV - (lxcc_device) -- C:\WINDOWS\System32\lxcccoms.exe (Lexmark International, Inc.)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110125.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110125.003\NAVENG.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WpsHelper) -- C:\WINDOWS\system32\drivers\WpsHelper.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (ssidrv) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (SysPlant) -- C:\WINDOWS\system32\drivers\SysPlant.sys (Symantec Corporation)
DRV - (WPS) -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (Teefer2) -- C:\WINDOWS\system32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SDDMI2) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=1061125
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=1061125

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=1061125
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.dcu.ie:8080

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.ftp: "proxy.dcu.ie"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy.dcu.ie"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy.dcu.ie"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.dcu.ie"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy.dcu.ie"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/21 19:34:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/26 15:21:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/11/24 22:19:25 | 000,000,000 | ---D | M]

[2010/11/24 18:14:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joe Bish\Application Data\Mozilla\Extensions
[2010/06/18 19:05:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joe Bish\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/11/24 18:14:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joe Bish\Application Data\Mozilla\Firefox\Profiles\xld9zehg.default\extensions
[2011/01/25 20:10:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/12 18:04:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/06/18 15:38:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/10 12:02:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009/02/19 10:37:33 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/25 00:32:17 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009/11/25 00:32:17 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml

O1 HOSTS File: ([2010/10/25 22:29:32 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LXCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.DLL ()
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (StagingUI Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw_promo.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab (ZonePAChat Object)
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} http://www.tvlution.com/KooPlayer.ocx (KooPlayer Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79344.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} http://www.miniclip.com/igloader/igloader.CAB (Reg Error: Key error.)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (MSN Games – Game Communicator)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Joe Bish\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Joe Bish\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{365f50d7-2101-11de-a473-0015c5c7afc6}\Shell - "" = AutoRun
O33 - MountPoints2\{365f50d7-2101-11de-a473-0015c5c7afc6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{41ba6c76-5d16-11de-a4af-0015c5c7afc6}\Shell - "" = AutoRun
O33 - MountPoints2\{41ba6c76-5d16-11de-a4af-0015c5c7afc6}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "wltrysvc"
MsConfig - Services: "NICCONFIGSVC"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (BVRP Software)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: AVG8_TRAY - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: AVG9_TRAY - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Corel Photo Downloader - hkey= - key= - C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)
MsConfig - StartUpReg: DAEMON Tools - hkey= - key= - C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
MsConfig - StartUpReg: DellSupport - hkey= - key= - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
MsConfig - StartUpReg: dlcxmon.exe - hkey= - key= - C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
MsConfig - StartUpReg: DVDLauncher - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
MsConfig - StartUpReg: FaxCenterServer - hkey= - key= - C:\Program Files\Dell PC Fax\fm3032.exe ()
MsConfig - StartUpReg: Google Update - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: lxccmon.exe - hkey= - key= - C:\Program Files\Lexmark 3300 Series\lxccmon.exe (Lexmark International, Inc.)
MsConfig - StartUpReg: MemoryCardManager - hkey= - key= - C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
MsConfig - StartUpReg: ModemOnHold - hkey= - key= - C:\Program Files\NetWaiting\netwaiting.exe ()
MsConfig - StartUpReg: NSLauncher - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: PCSuiteTrayApplication - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: PcSync - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: updateMgr - hkey= - key= - Reg Error: Value error. File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/26 15:04:01 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joe Bish\Desktop\OTL.scr
[2011/01/26 15:03:44 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Joe Bish\Desktop\avgremover.exe
[2011/01/26 15:02:40 | 000,157,232 | ---- | C] (Alwil Software) -- C:\Documents and Settings\Joe Bish\Desktop\aswclear5.exe
[2011/01/19 14:04:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Michael Jackson - Michael (2010)
[2011/01/19 13:55:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Rihanna - Loud CDRip -2010- [MJN]
[2011/01/19 13:39:21 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2006/11/25 14:06:44 | 001,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2006/11/25 14:06:44 | 000,983,040 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2006/11/25 14:06:44 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll
[2006/11/25 14:06:44 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2006/11/25 14:06:44 | 000,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2006/11/25 14:06:44 | 000,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxlmpm.dll
[2006/11/25 14:06:44 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[2006/11/25 14:06:44 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxinpa.dll
[2006/11/25 14:06:44 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxiesc.dll
[2006/11/25 14:06:44 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2006/11/25 14:06:44 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll

========== Files - Modified Within 30 Days ==========

[2011/01/26 15:19:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/26 15:17:24 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2314272217-1156916750-3517222459-1006.job
[2011/01/26 15:16:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/26 15:16:38 | 937,537,536 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/26 15:13:29 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/26 15:04:33 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe Bish\Desktop\OTL.scr
[2011/01/26 15:03:53 | 000,718,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Joe Bish\Desktop\avgremover.exe
[2011/01/26 15:02:42 | 000,157,232 | ---- | M] (Alwil Software) -- C:\Documents and Settings\Joe Bish\Desktop\aswclear5.exe
[2011/01/26 13:35:01 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/01/26 10:01:45 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C59F053A-A0CF-4032-8437-BEE3507BB877}.job
[2011/01/25 21:37:33 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Joe Bish\defogger_reenable
[2011/01/25 21:36:27 | 000,004,605 | ---- | M] () -- C:\Documents and Settings\Joe Bish\Desktop\Attach.zip
[2011/01/25 21:20:03 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Joe Bish\Desktop\Defogger.exe
[2011/01/25 21:15:51 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Joe Bish\Desktop\dds.scr
[2011/01/19 16:03:10 | 000,014,690 | ---- | M] () -- C:\Documents and Settings\Joe Bish\My Documents\cc_20110119_160254.reg
[2011/01/17 12:00:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

========== Files Created - No Company Name ==========

[2011/01/25 21:38:16 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Joe Bish\Desktop\gmer.exe
[2011/01/25 21:37:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Joe Bish\defogger_reenable
[2011/01/25 21:36:27 | 000,004,605 | ---- | C] () -- C:\Documents and Settings\Joe Bish\Desktop\Attach.zip
[2011/01/25 21:18:31 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Joe Bish\Desktop\Defogger.exe
[2011/01/25 21:15:31 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Joe Bish\Desktop\dds.scr
[2011/01/19 16:03:02 | 000,014,690 | ---- | C] () -- C:\Documents and Settings\Joe Bish\My Documents\cc_20110119_160254.reg
[2009/12/17 20:17:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/09/07 18:03:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
[2009/09/07 18:03:06 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
[2009/09/07 18:00:54 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\dlcxinst.dll
[2008/08/21 17:13:54 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Installer.log
[2008/06/26 11:21:47 | 000,000,246 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/12 09:21:12 | 000,000,066 | ---- | C] () -- C:\WINDOWS\custvoic.ini
[2007/12/11 22:34:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/12/11 22:32:28 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/11/14 03:12:46 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/10/22 19:59:14 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/08 12:03:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2007/03/06 00:26:15 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/02/28 23:37:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/21 17:11:29 | 000,116,736 | ---- | C] () -- C:\Documents and Settings\Joe Bish\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/31 14:56:55 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2006/12/31 14:56:55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2006/12/31 14:54:15 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxccvs.dll
[2006/12/25 13:54:25 | 000,005,642 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/25 13:54:25 | 000,000,168 | RHS- | C] () -- C:\WINDOWS\System32\6A5308F84B.sys
[2006/12/25 10:09:02 | 000,005,772 | ---- | C] () -- C:\Documents and Settings\Joe Bish\Application Data\wklnhst.dat
[2006/12/25 10:01:35 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Joe Bish\Local Settings\Application Data\fusioncache.dat
[2006/11/25 14:44:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/25 14:38:01 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/25 14:30:34 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/11/25 14:06:44 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\dlcxdrs.dll
[2006/11/25 14:06:44 | 000,450,560 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2006/11/25 14:06:44 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\dlcxcoin.dll
[2006/11/25 14:06:44 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2006/11/25 14:06:44 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2006/11/25 14:06:44 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2006/11/25 14:06:44 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2006/11/25 14:06:44 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2006/11/25 14:06:44 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2006/11/25 14:06:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2006/11/25 14:06:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcxvs.dll
[2006/11/25 14:06:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2006/11/25 14:06:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcfg.dll
[2006/11/25 14:06:42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcxcaps.dll
[2006/11/25 14:06:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcxcnv4.dll
[2006/11/25 14:06:24 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/11/25 14:06:20 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/11/25 14:05:46 | 000,000,473 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/02/13 08:56:04 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\dlcxplc.ini
[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1999/01/27 12:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999/01/22 18:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 08:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1997/06/13 06:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2010/11/23 22:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/01/26 15:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/11/23 21:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2009/11/24 12:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/11/20 22:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2010/11/20 22:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2010/11/24 18:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2007/12/25 23:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007/02/28 23:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2009/01/06 12:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/12/09 21:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2009/03/26 12:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/11/15 11:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/17 16:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/09 08:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe Bish\Application Data\Datalayer
[2007/01/07 00:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe Bish\Application Data\FUJIFILM
[2006/12/25 15:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe Bish\Application Data\Leadertech
[2009/04/23 14:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe Bish\Application Data\Magnet Entertainment
[2007/02/07 12:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe Bish\Application Data\MSNInstaller
[2007/12/25 22:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe Bish\Application Data\Nokia
[2008/11/30 17:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe Bish\Application Data\NSeries
[2007/03/07 16:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe Bish\Application Data\PC Suite
[2009/01/06 12:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe Bish\Application Data\ScanSoft
[2008/12/09 21:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe Bish\Application Data\Sports Interactive
[2006/12/25 13:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe Bish\Application Data\Template
[2010/06/18 19:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe Bish\Application Data\Thunderbird
[2011/01/17 12:00:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/01/26 13:35:01 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2011/01/26 10:01:45 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C59F053A-A0CF-4032-8437-BEE3507BB877}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/31 15:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/06/18 15:48:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/06/18 15:48:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/06/18 15:48:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/06/18 15:48:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 18:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/05/09 17:07:18 | 000,048,000 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FwsVpn.dll
[2008/05/09 17:08:00 | 000,107,904 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\SymVPN.dll
[2008/05/09 17:08:02 | 000,357,760 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sysfer.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2007/11/14 03:12:48 | 000,685,816 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
[2008/05/09 17:09:58 | 000,091,520 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\SysPlant.sys
[2008/03/12 15:19:50 | 000,049,536 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\Teefer2.sys
[2008/05/12 00:38:34 | 000,038,632 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\WGX.SYS
[2008/05/09 17:08:14 | 000,040,832 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys
[2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\WpsHelper.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81

< End of report >


Extras.Txt:
OTL Extras logfile created on: 26/01/2011 15:25:52 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Joe Bish\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

894.00 Mb Total Physical Memory | 469.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.80 Gb Total Space | 24.46 Gb Free Space | 46.32% Space Free | Partition Type: NTFS

Computer Name: JOE | User Name: Joe Bish | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
Directory [FinePixPrint] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" /p "%1" (FUJI PHOTO FILM CO.,LTD.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009 -- (Sports Interactive)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Magnet Entertainment\Magnet PCTV\Magnet PCTV.exe" = C:\Program Files\Magnet Entertainment\Magnet PCTV\Magnet PCTV.exe:*:Enabled:Magnet PCTV -- (Magnet Entertainment)
"C:\WINDOWS\system32\dlcxcoms.exe" = C:\WINDOWS\system32\dlcxcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{12665B01-3F3A-4433-B179-9D8E352D7547}" = Try Corel Snapfire muvee autoProducer add on
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.4.3
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 21
"{2E2966EA-2169-4E42-8A8A-CC1749D80088}" = Symantec Endpoint Protection
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1" = AML Free Registry Cleaner 4.21
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{6094AB91-4CC8-498E-9DFF-134CC0B159DE}" = PC Connectivity Solution
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC6AE077-1566-4655-BE73-38A869C150DC}" = ATI Catalyst Control Center
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B33E4C22-23EA-465F-BDFF-F9AE0FF364E0}" = 926plc32
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3BBF72B-67F9-40A9-B7B5-8B53260B1CB2}" = Magnet PCTV
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
"Football Manager 2009" = Football Manager 2009
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{F3BBF72B-67F9-40A9-B7B5-8B53260B1CB2}" = Magnet PCTV
"Lexmark 3300 Series" = Lexmark 3300 Series
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 12.0" = RealPlayer
"Veetle TV" = Veetle TV 0.9.14
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/01/2011 15:57:19 | Computer Name = JOE | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 25/01/2011 17:41:44 | Computer Name = JOE | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15530, faulting module
gmer.exe, version 1.0.15.15530, fault address 0x0000c551.

Error - 25/01/2011 17:41:53 | Computer Name = JOE | Source = Application Error | ID = 1001
Description = Fault bucket -2116861254.

Error - 26/01/2011 05:59:32 | Computer Name = JOE | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 26/01/2011 07:11:19 | Computer Name = JOE | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 26/01/2011 07:41:58 | Computer Name = JOE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3989, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 26/01/2011 07:42:36 | Computer Name = JOE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/01/2011 08:04:07 | Computer Name = JOE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3989, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 26/01/2011 08:38:04 | Computer Name = JOE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3989, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 26/01/2011 10:53:43 | Computer Name = JOE | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

[ System Events ]
Error - 26/01/2011 10:55:18 | Computer Name = JOE | Source = Service Control Manager | ID = 7002
Description = The AVG9IDSAgent service depends on the AVGIDSDriver group and no
member of this group started.

Error - 26/01/2011 10:55:18 | Computer Name = JOE | Source = Service Control Manager | ID = 7000
Description = The AVG Free8 WatchDog service failed to start due to the following
error: %%3

Error - 26/01/2011 10:55:18 | Computer Name = JOE | Source = Service Control Manager | ID = 7000
Description = The AVG WatchDog service failed to start due to the following error:
%%3

Error - 26/01/2011 10:55:18 | Computer Name = JOE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Webroot Spy Sweeper Engine
service to connect.

Error - 26/01/2011 10:55:18 | Computer Name = JOE | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%1053

Error - 26/01/2011 10:55:18 | Computer Name = JOE | Source = Service Control Manager | ID = 7001
Description = The AVG Free8 E-mail Scanner service depends on the AVG Free8 WatchDog
service which failed to start because of the following error: %%3

Error - 26/01/2011 11:08:47 | Computer Name = JOE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Webroot Spy Sweeper Engine
service to connect.

Error - 26/01/2011 11:08:47 | Computer Name = JOE | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%1053

Error - 26/01/2011 11:18:26 | Computer Name = JOE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Webroot Spy Sweeper Engine
service to connect.

Error - 26/01/2011 11:18:26 | Computer Name = JOE | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%1053


< End of report >

Attached Files



#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:08:57 AM

Posted 28 January 2011 - 02:03 PM

Hi Bish,

Sorry for the delay, i thought i'd replied but obviously hadn't.

Step 1
Double click on OTL.exe to run it.
Copy the lines in bold below. (make sure that :Otl is on the first line )

:otl
SRV - (AVG Security Toolbar Service) -- File not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} http://www.miniclip.com/igloader/igloader.CAB (Reg Error: Key error.)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
MsConfig - StartUpReg: AVG8_TRAY - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: AVG9_TRAY - hkey= - key= - Reg Error: Value error. File not found
[2011/01/26 15:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/11/23 21:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2009/11/24 12:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]
[EMPTYFLASH]


  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    Posted Image
  • Click the red Run Fix button.

    Posted Image
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles


Step 2
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 23 and save it to your desktop.
  • Scroll down to where it says "JDK 6 Update 23 (JDK or JRE).
  • Click the "Download JRE" button to the right.
  • select 'Windows' from the Platform down arrow.
  • Read the License Agreement and then check the box that says: "Accept License Agreement".
  • Click Continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.

    J2SE Runtime Environment 5.0 Update 6
    Java™ 6 Update 21

  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u23-windows-i586-p.exe to install the newest version.

In your next reply, please submit:
Otl fix report
and let me know how the system is running.


Thanks.

Edited by Starbuck, 28 January 2011 - 02:06 PM.

BBPP6nz.png


#7 Bish

Bish
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 28 January 2011 - 05:43 PM

Hey Starbuck,

No worries about the delay, I really appreciate you taking your time responding to me at all! Ive done the OTL fix and he results are below & attached.

The laptop is running much faster than before but in webpages the text can still be slow to appear on screen, I can have a username or password or url fully typed but when i look at the screen the keys are still slowly appearing on in the text field.

Another thing ive only noticed is the USB & SD slots have stopped working in the last number of weeks. Thank you so much for the work you've done so far!

All processes killed
========== OTL ==========
Service AVG Security Toolbar Service stopped successfully!
Service AVG Security Toolbar Service deleted successfully!
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A}
C:\WINDOWS\Downloaded Program Files\igloader.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D1548A26-B8F6-4E86-AE74-E7062CCC2E2A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D1548A26-B8F6-4E86-AE74-E7062CCC2E2A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D1548A26-B8F6-4E86-AE74-E7062CCC2E2A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D1548A26-B8F6-4E86-AE74-E7062CCC2E2A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}\ not found.
File {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ not found.
File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\AVG8_TRAY\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\AVG9_TRAY\ deleted successfully.
C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\Update folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10\log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\9a782bad782b86db folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10\Cfg folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\scanlogs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Lsdb\Prev folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Lsdb folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\IDS\quarantine folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\IDS\profile folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\IDS\outbox\9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\IDS\outbox\8 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\IDS\outbox\7 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\IDS\outbox\6 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\IDS\outbox\5 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\IDS\outbox\4 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\IDS\outbox\3 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\IDS\outbox\2 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\IDS\outbox\1 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\IDS\outbox\0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\IDS\outbox folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\IDS\malwareprofile folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\IDS\log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\IDS\download folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\IDS\Config\EN_US folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\IDS\Config folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\IDS folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Dumps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Chjw folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\CfgAll folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Cfg folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\AvgApi folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\AvgAm folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Antispam folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\admincli folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Joe Bish\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Joe Bish\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Joe Bish
->Temp folder emptied: 10553260 bytes
->Temporary Internet Files folder emptied: 5350718 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54871431 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 13232 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 5208789 bytes
->Flash cache emptied: 1040 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 920881 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82584 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 35201 bytes
RecycleBin emptied: 4771426 bytes

Total Files Cleaned = 78.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Joe Bish
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 01282011_193010

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_400.dat not found!

Registry entries deleted on Reboot...

Attached Files



#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:08:57 AM

Posted 29 January 2011 - 11:23 AM

Hi Bish,

Another thing ive only noticed is the USB & SD slots have stopped working in the last number of weeks.

Take a look here, see if this helps:

http://support.microsoft.com/kb/817900

Let's take a closer look at things and make sure we have everything covered.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

Posted Image


Posted Image

This is an example, you may rename ComboFix to anything you want.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
    For more information read:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

    Then:

    Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    If running Vista or Win7, you may not see this screen
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Thanks

BBPP6nz.png


#9 Bish

Bish
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 31 January 2011 - 11:08 AM

Hi, I did the combofix scan. It told me I still had AVG anti-virus running and to disable it. I ran the avg-remover tool again and it proceeded. Thank You. I have pasted the results below:

ComboFix 11-01-30.02 - Joe Bish 31/01/2011 15:12:47.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.430 [GMT 0:00]
Running from: c:\documents and settings\Joe Bish\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\dat.txt
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
c:\windows\search_res.txt
c:\windows\system32\logs
c:\windows\system32\logs\Events.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_USNJSVC
-------\Service_usnjsvc


((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-31 )))))))))))))))))))))))))))))))
.

2011-01-28 20:04 . 2011-01-28 20:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-28 19:30 . 2011-01-28 19:30 -------- d-----w- C:\_OTL
2011-01-19 13:39 . 2011-01-26 14:59 -------- d-----w- c:\program files\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-28 20:04 . 2010-06-18 15:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-18 18:12 . 2004-08-10 13:02 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-10 12:51 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2004-08-10 12:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-10 12:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-10 12:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-10 12:51 385024 ----a-w- c:\windows\system32\html.iec
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-11-02 1862456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\windows\stsystra.exe" [2006-09-22 282624]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 73728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 23:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2007-02-06 17:20 478800 ----a-w- c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-04-03 22:29 165784 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-08-28 21:57 395776 ----a-w- c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcxmon.exe]
2006-06-14 00:51 286720 ----a-w- c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-09 20:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2006-06-14 22:03 307200 ----a-w- c:\program files\Dell PC Fax\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 16:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-28 20:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
2005-07-21 00:16 192512 ----a-w- c:\program files\Lexmark 3300 Series\LXCCmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2006-06-26 23:34 299008 ----a-w- c:\program files\Dell Photo AIO Printer 926\memcard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 02:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 00:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-16 16:52 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-06-28 21:18 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wltrysvc"=2 (0x2)
"NICCONFIGSVC"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Magnet Entertainment\\Magnet PCTV\\Magnet PCTV.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/11/2007 03:12 685816]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [09/08/2008 13:42 29808]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [23/11/2010 19:01 102448]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [29/05/2007 13:55 23888]
.
Contents of the 'Scheduled Tasks' folder

2010-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2011-01-31 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2011-01-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2314272217-1156916750-3517222459-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-12-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2314272217-1156916750-3517222459-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2011-01-31 c:\windows\Tasks\User_Feed_Synchronization-{C59F053A-A0CF-4032-8437-BEE3507BB877}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ie/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = proxy.dcu.ie:8080
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} - hxxp://www.tvlution.com/KooPlayer.ocx
FF - ProfilePath - c:\documents and settings\Joe Bish\Application Data\Mozilla\Firefox\Profiles\xld9zehg.default\
FF - prefs.js: network.proxy.ftp - proxy.dcu.ie
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy.dcu.ie
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy.dcu.ie
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.dcu.ie
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.dcu.ie
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-Symantec Antvirus



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-31 15:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


c:\windows\0.log 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1240)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(5400)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PSIService.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\windows\system32\fxssvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\Symantec\Symantec Endpoint Protection\DoScan.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\Symantec\Symantec Endpoint Protection\SavUI.exe
.
**************************************************************************
.
Completion time: 2011-01-31 15:48:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-31 15:48

Pre-Run: 27,611,607,040 bytes free
Post-Run: 27,473,666,048 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 670A8BC41A9A1858583A46F1DF08EDC0

#10 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:08:57 AM

Posted 31 January 2011 - 07:26 PM

Hi Bish.

It told me I still had AVG anti-virus running and to disable it

Yes, AVG is a pig to get rid of sometimes.
There's still some entries in the CF report, we'll take care of those now.

How did you get on with the USB ports? ... any luck?

Do you know anything about this proxy:
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.dcu.ie:8080

It's not being used now by IE but was in the past.
Was it something you used?
It also has entries in Firefox.
If it's not used anymore we can remove the entries, but i wanted to check with you first.


Step 1
Close any open browsers.
Close/disable all anti virus, firewall and anti malware programs so they do not interfere with the running of ComboFix:

Open Notepad - it must be Notepad, not Wordpad.
Copy the text below in the code box by highlighting all the text and pressing Ctrl+C
SecCenter:: 
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

Driver::
Avgfwdx

File::
c:\windows\system32\DRIVERS\avgfwdx.sys

Go to the Notepad window and click Edit >> Paste
Then click File >> Save
Name the file "CFScript.txt" (including the quotes)
Save the file to your Desktop

The main ComboFix.exe program should be on your Desktop
Drag the file you just created... CFScript.txt and drop it on the main ComboFix.exe icon
as below.
Posted Image

Now please wait for ComboFix to finish running.

Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash


Step 2
I'd like you to do an ESET OnlineScan

You may find it beneficial to close your resident AV program before running the scan.
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Click Posted Image, and save the file to your desktop using a unique name, such as ESETScan.
    Include the contents of this report in your next reply.
  • Click the Posted Image button.
  • Click Posted Image
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


In your next reply, please submit:
Combofix.txt
eset scan report

and let me know about the questions at the beginning.


Thanks.

BBPP6nz.png


#11 Bish

Bish
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 01 February 2011 - 12:15 AM

Hey Starbuck, how's it going?

I tried all the methods on the microsoft site for the USB fixes including the workaround & none of them worked. The option to use Device manager to scan for Hardware changes made the device manager non responsive and the same thing happened when I tried to disable & re-enable the USB controller, the device manager window sits non-responding.

That proxy is from when i was staying on campus at University. The IT department in university most likely installed it when I lived there. That can be removed, I dont need it anymore.

I've posted the ComboFix log below but there was no threats found in the ESETScan (I ran it twice to be sure) so nothing to export to a text file as a report so i've pasted the log in that was in the folder you specified, Thanks for this help:

ComboFix Log:
ComboFix 11-01-30.02 - Joe Bish 01/02/2011 0:54.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.420 [GMT 0:00]
Running from: c:\documents and settings\Joe Bish\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Joe Bish\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

FILE ::
"c:\windows\system32\DRIVERS\avgfwdx.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Avgfwdx


((((((((((((((((((((((((( Files Created from 2011-01-01 to 2011-02-01 )))))))))))))))))))))))))))))))
.

2011-01-31 15:05 . 2011-01-31 15:48 -------- d-----w- C:\Combo-Fix
2011-01-28 20:04 . 2011-01-28 20:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-28 19:30 . 2011-01-28 19:30 -------- d-----w- C:\_OTL
2011-01-19 13:39 . 2011-01-26 14:59 -------- d-----w- c:\program files\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-28 20:04 . 2010-06-18 15:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-18 18:12 . 2004-08-10 13:02 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-10 12:51 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2004-08-10 12:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-10 12:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-10 12:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-10 12:51 385024 ----a-w- c:\windows\system32\html.iec
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-11-02 1862456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\windows\stsystra.exe" [2006-09-22 282624]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 73728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 23:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2007-02-06 17:20 478800 ----a-w- c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-04-03 22:29 165784 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-08-28 21:57 395776 ----a-w- c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcxmon.exe]
2006-06-14 00:51 286720 ----a-w- c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-09 20:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2006-06-14 22:03 307200 ----a-w- c:\program files\Dell PC Fax\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 16:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-28 20:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
2005-07-21 00:16 192512 ----a-w- c:\program files\Lexmark 3300 Series\LXCCmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2006-06-26 23:34 299008 ----a-w- c:\program files\Dell Photo AIO Printer 926\memcard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 02:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 00:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-16 16:52 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-06-28 21:18 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wltrysvc"=2 (0x2)
"NICCONFIGSVC"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Magnet Entertainment\\Magnet PCTV\\Magnet PCTV.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/11/2007 03:12 685816]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [09/08/2008 13:42 29808]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [23/11/2010 19:01 102448]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [29/05/2007 13:55 23888]
.
Contents of the 'Scheduled Tasks' folder

2010-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2011-02-01 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2011-02-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2314272217-1156916750-3517222459-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-12-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2314272217-1156916750-3517222459-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2011-02-01 c:\windows\Tasks\User_Feed_Synchronization-{C59F053A-A0CF-4032-8437-BEE3507BB877}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ie/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = proxy.dcu.ie:8080
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} - hxxp://www.tvlution.com/KooPlayer.ocx
FF - ProfilePath - c:\documents and settings\Joe Bish\Application Data\Mozilla\Firefox\Profiles\xld9zehg.default\
FF - prefs.js: network.proxy.ftp - proxy.dcu.ie
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy.dcu.ie
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy.dcu.ie
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.dcu.ie
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.dcu.ie
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-01 01:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1228)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(4500)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PSIService.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2011-02-01 01:14:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-01 01:14
ComboFix2.txt 2011-01-31 15:48

Pre-Run: 27,463,692,288 bytes free
Post-Run: 27,457,703,936 bytes free

- - End Of File - - 463D0B1B15BE0A435646516729FBD7CE



ESETScan Log:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=70363822601e074287b36b130202b9ff
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-01 03:11:02
# local_time=2011-02-01 03:11:02 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 472425 472425 0 0
# compatibility_mode=8192 67108863 100 0 4355 4355 0 0
# scanned=93980
# found=0
# cleaned=0
# scan_time=6043
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=70363822601e074287b36b130202b9ff
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-01 04:57:57
# local_time=2011-02-01 04:57:57 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 478713 478713 0 0
# compatibility_mode=8192 67108863 100 0 10643 10643 0 0
# scanned=94000
# found=0
# cleaned=0
# scan_time=6170

#12 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:08:57 AM

Posted 01 February 2011 - 05:30 AM

Hi Bish,

That proxy is from when i was staying on campus at University. The IT department in university most likely installed it when I lived there. That can be removed, I dont need it anymore.

Ok, thanks. I could see it was a legit proxy, that's why i wanted to check with you.

I tried all the methods on the microsoft site for the USB fixes including the workaround & none of them worked.

Do you have the XP Installation disc?
This being a Dell m/c .... probably not.
But this is still worth trying.

Try running the System File Checker (SFC) to scan all protected files to verify their versions. If SFC discovers that a critical system file has been damaged, altered or missing, it restores the correct version of the file from the cache folder.
You must be logged on as an administrator or as a member of the Administrators group to run sfc and it may ask you to insert your XP Installation CD ..so have it available.

Use Task Manager ... New Task... and type: sfc /scannow

Make sure that you include a space between the c and /.
This command will initiate the Windows File Protection service to scan all protected files, verify their integrity, and replace any problem files.

Also:

Double click on OTL.exe to run it.
  • Under Extra Registry section, select Use SafeList.
  • Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

Thanks

Edited by Starbuck, 01 February 2011 - 05:35 AM.

BBPP6nz.png


#13 Bish

Bish
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 01 February 2011 - 06:45 AM

Hi,
I don't have the XP installation disc. Can I still run the System File Checker? I see in your post that the sfc may ask for the disc so I was afraid to run it. Can I run it without the installation disc?
I ran the OTL as requested and the two logs are posted below. Thanks very much!

OTL.txt:
OTL logfile created on: 01/02/2011 11:32:55 - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Joe Bish\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

894.00 Mb Total Physical Memory | 434.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.80 Gb Total Space | 25.45 Gb Free Space | 48.20% Space Free | Partition Type: NTFS

Computer Name: JOE | User Name: Joe Bish | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Joe Bish\Desktop\OTL.scr (OldTimer Tools)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\PSIService.exe ()
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Joe Bish\Desktop\OTL.scr (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (dlcx_device) -- C:\WINDOWS\System32\dlcxcoms.exe ( )
SRV - (lxcc_device) -- C:\WINDOWS\System32\lxcccoms.exe (Lexmark International, Inc.)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110131.019\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110131.019\NAVENG.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WpsHelper) -- C:\WINDOWS\system32\drivers\WpsHelper.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (ssidrv) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (SysPlant) -- C:\WINDOWS\system32\drivers\SysPlant.sys (Symantec Corporation)
DRV - (WPS) -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (Teefer2) -- C:\WINDOWS\system32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SDDMI2) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=1061125
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=1061125

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.dcu.ie:8080

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.ftp: "proxy.dcu.ie"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy.dcu.ie"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy.dcu.ie"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.dcu.ie"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy.dcu.ie"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/21 19:34:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/26 15:21:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/11/24 22:19:25 | 000,000,000 | ---D | M]

[2010/11/24 18:14:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joe Bish\Application Data\Mozilla\Extensions
[2010/06/18 19:05:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joe Bish\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/11/24 18:14:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joe Bish\Application Data\Mozilla\Firefox\Profiles\xld9zehg.default\extensions
[2011/02/01 00:46:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/12 18:04:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/06/18 15:38:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/10 12:02:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/28 20:04:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/28 20:04:09 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/28 20:04:07 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/25 00:32:17 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009/11/25 00:32:17 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml

O1 HOSTS File: ([2011/02/01 01:05:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LXCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.DLL ()
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (StagingUI Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw_promo.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab (ZonePAChat Object)
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} http://www.tvlution.com/KooPlayer.ocx (KooPlayer Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79344.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (MSN Games – Game Communicator)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Joe Bish\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Joe Bish\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/01 11:11:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/02/01 01:17:46 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/02/01 00:51:57 | 000,000,000 | ---D | C] -- C:\Combo-Fix16343C
[2011/01/31 15:10:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/01/31 15:05:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/31 15:05:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/31 15:05:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/31 15:05:58 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/31 15:05:38 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2011/01/31 15:03:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/28 22:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe Bish\Desktop\Scans
[2011/01/28 20:04:30 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/28 20:04:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/28 20:04:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/28 20:04:30 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/01/28 19:30:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/26 15:04:01 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joe Bish\Desktop\OTL.scr
[2011/01/19 14:04:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Michael Jackson - Michael (2010)
[2011/01/19 13:55:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Rihanna - Loud CDRip -2010- [MJN]
[2011/01/19 13:39:21 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2006/11/25 14:06:44 | 001,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2006/11/25 14:06:44 | 000,983,040 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2006/11/25 14:06:44 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll
[2006/11/25 14:06:44 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2006/11/25 14:06:44 | 000,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2006/11/25 14:06:44 | 000,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxlmpm.dll
[2006/11/25 14:06:44 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[2006/11/25 14:06:44 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxinpa.dll
[2006/11/25 14:06:44 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxiesc.dll
[2006/11/25 14:06:44 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2006/11/25 14:06:44 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll

========== Files - Modified Within 30 Days ==========

[2011/02/01 11:35:03 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/02/01 11:14:11 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C59F053A-A0CF-4032-8437-BEE3507BB877}.job
[2011/02/01 11:10:55 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2314272217-1156916750-3517222459-1006.job
[2011/02/01 11:10:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/01 11:10:15 | 937,537,536 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/01 01:16:51 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Joe Bish\Desktop\esetsmartinstaller_enu.exe
[2011/02/01 01:07:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/01 01:05:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/31 15:10:45 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/01/31 15:02:35 | 004,262,903 | R--- | M] () -- C:\Documents and Settings\Joe Bish\Desktop\Combo-Fix.exe
[2011/01/28 20:38:19 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/28 20:04:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/01/28 20:04:06 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/28 20:04:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/28 20:04:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/28 20:04:06 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/01/27 21:19:53 | 000,005,642 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/01/27 21:19:50 | 000,000,168 | RHS- | M] () -- C:\WINDOWS\System32\6A5308F84B.sys
[2011/01/26 15:13:29 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/26 15:04:33 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe Bish\Desktop\OTL.scr
[2011/01/25 21:37:33 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Joe Bish\defogger_reenable
[2011/01/19 16:03:10 | 000,014,690 | ---- | M] () -- C:\Documents and Settings\Joe Bish\My Documents\cc_20110119_160254.reg

========== Files Created - No Company Name ==========

[2011/02/01 01:15:56 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Joe Bish\Desktop\esetsmartinstaller_enu.exe
[2011/01/31 15:10:45 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/01/31 15:10:41 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/01/31 15:05:58 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/31 15:05:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/31 15:05:58 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/31 15:05:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/31 15:05:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/31 15:00:55 | 004,262,903 | R--- | C] () -- C:\Documents and Settings\Joe Bish\Desktop\Combo-Fix.exe
[2011/01/28 20:38:19 | 000,002,341 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/25 21:37:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Joe Bish\defogger_reenable
[2011/01/19 16:03:02 | 000,014,690 | ---- | C] () -- C:\Documents and Settings\Joe Bish\My Documents\cc_20110119_160254.reg
[2009/12/17 20:17:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/09/07 18:03:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
[2009/09/07 18:03:06 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
[2009/09/07 18:00:54 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\dlcxinst.dll
[2008/08/21 17:13:54 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Installer.log
[2008/06/26 11:21:47 | 000,000,246 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/12 09:21:12 | 000,000,066 | ---- | C] () -- C:\WINDOWS\custvoic.ini
[2007/12/11 22:34:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/12/11 22:32:28 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/11/14 03:12:46 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/10/22 19:59:14 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/08 12:03:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2007/03/06 00:26:15 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/02/28 23:37:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/21 17:11:29 | 000,116,736 | ---- | C] () -- C:\Documents and Settings\Joe Bish\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/31 14:56:55 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2006/12/31 14:56:55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2006/12/31 14:54:15 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxccvs.dll
[2006/12/25 13:54:25 | 000,005,642 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/25 13:54:25 | 000,000,168 | RHS- | C] () -- C:\WINDOWS\System32\6A5308F84B.sys
[2006/12/25 10:09:02 | 000,005,772 | ---- | C] () -- C:\Documents and Settings\Joe Bish\Application Data\wklnhst.dat
[2006/12/25 10:01:35 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Joe Bish\Local Settings\Application Data\fusioncache.dat
[2006/11/25 14:44:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/25 14:38:01 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/25 14:30:34 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/11/25 14:06:44 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\dlcxdrs.dll
[2006/11/25 14:06:44 | 000,450,560 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2006/11/25 14:06:44 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\dlcxcoin.dll
[2006/11/25 14:06:44 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2006/11/25 14:06:44 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2006/11/25 14:06:44 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2006/11/25 14:06:44 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2006/11/25 14:06:44 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2006/11/25 14:06:44 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2006/11/25 14:06:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2006/11/25 14:06:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcxvs.dll
[2006/11/25 14:06:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2006/11/25 14:06:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcfg.dll
[2006/11/25 14:06:42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcxcaps.dll
[2006/11/25 14:06:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcxcnv4.dll
[2006/11/25 14:06:24 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/11/25 14:06:20 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/11/25 14:05:46 | 000,000,473 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/02/13 08:56:04 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\dlcxplc.ini
[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1999/01/27 12:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999/01/22 18:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 08:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1997/06/13 06:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

< End of report >


Extras.txt:
OTL Extras logfile created on: 01/02/2011 11:32:55 - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Joe Bish\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

894.00 Mb Total Physical Memory | 434.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.80 Gb Total Space | 25.45 Gb Free Space | 48.20% Space Free | Partition Type: NTFS

Computer Name: JOE | User Name: Joe Bish | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
Directory [FinePixPrint] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" /p "%1" (FUJI PHOTO FILM CO.,LTD.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009 -- (Sports Interactive)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Magnet Entertainment\Magnet PCTV\Magnet PCTV.exe" = C:\Program Files\Magnet Entertainment\Magnet PCTV\Magnet PCTV.exe:*:Enabled:Magnet PCTV -- (Magnet Entertainment)
"C:\WINDOWS\system32\dlcxcoms.exe" = C:\WINDOWS\system32\dlcxcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{12665B01-3F3A-4433-B179-9D8E352D7547}" = Try Corel Snapfire muvee autoProducer add on
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.4.3
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{2E2966EA-2169-4E42-8A8A-CC1749D80088}" = Symantec Endpoint Protection
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1" = AML Free Registry Cleaner 4.21
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{6094AB91-4CC8-498E-9DFF-134CC0B159DE}" = PC Connectivity Solution
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC6AE077-1566-4655-BE73-38A869C150DC}" = ATI Catalyst Control Center
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B33E4C22-23EA-465F-BDFF-F9AE0FF364E0}" = 926plc32
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3BBF72B-67F9-40A9-B7B5-8B53260B1CB2}" = Magnet PCTV
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ESET Online Scanner" = ESET Online Scanner v3
"F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
"Football Manager 2009" = Football Manager 2009
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{F3BBF72B-67F9-40A9-B7B5-8B53260B1CB2}" = Magnet PCTV
"Lexmark 3300 Series" = Lexmark 3300 Series
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 12.0" = RealPlayer
"Veetle TV" = Veetle TV 0.9.14
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 31/01/2011 21:17:41 | Computer Name = JOE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 31/01/2011 22:50:12 | Computer Name = JOE | Source = Application Hang | ID = 1002
Description = Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 31/01/2011 22:50:21 | Computer Name = JOE | Source = Application Hang | ID = 1001
Description = Fault bucket 502380885.

Error - 31/01/2011 22:56:30 | Computer Name = JOE | Source = Application Hang | ID = 1002
Description = Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 31/01/2011 22:56:37 | Computer Name = JOE | Source = Application Hang | ID = 1001
Description = Fault bucket 502380885.

Error - 01/02/2011 00:26:02 | Computer Name = JOE | Source = Application Hang | ID = 1002
Description = Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 01/02/2011 00:26:21 | Computer Name = JOE | Source = Application Hang | ID = 1001
Description = Fault bucket 502380885.

Error - 01/02/2011 07:22:16 | Computer Name = JOE | Source = Application Hang | ID = 1002
Description = Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 01/02/2011 07:22:22 | Computer Name = JOE | Source = Application Hang | ID = 1001
Description = Fault bucket 502380885.

Error - 01/02/2011 07:29:17 | Computer Name = JOE | Source = Application Hang | ID = 1002
Description = Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 01/02/2011 00:34:53 | Computer Name = JOE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the SENS service.

Error - 01/02/2011 00:37:26 | Computer Name = JOE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the SENS service.

Error - 01/02/2011 01:00:34 | Computer Name = JOE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the SENS service.

Error - 01/02/2011 01:01:32 | Computer Name = JOE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the SENS service.

Error - 01/02/2011 01:02:02 | Computer Name = JOE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the w32time service.

Error - 01/02/2011 01:07:07 | Computer Name = JOE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the SENS service.

Error - 01/02/2011 01:09:01 | Computer Name = JOE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Schedule service.

Error - 01/02/2011 01:12:05 | Computer Name = JOE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the SENS service.

Error - 01/02/2011 07:13:40 | Computer Name = JOE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Webroot Spy Sweeper Engine
service to connect.

Error - 01/02/2011 07:13:40 | Computer Name = JOE | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%1053


< End of report >

#14 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:08:57 AM

Posted 01 February 2011 - 07:09 AM

I don't have the XP installation disc. Can I still run the System File Checker?

Sometimes if a file is needed it'll be replaced from a cache folder.
So basically, yes you can still try and run SFC.
What model and how old is the system?

BBPP6nz.png


#15 Bish

Bish
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 01 February 2011 - 08:03 AM

I ran the sfc and it went through fine. There's an improvement with the USB ports, there is now power going to them, it charges my iPhone and the power light comes on on my usb stick but unfortunately the computer does not load them up so I can explore the drives.
The laptop is 4 years old, Its a Dell Inspiron 1501.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users