Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Qword search engine won't delete and Server not found


  • Please log in to reply

#1
VoxBox

VoxBox

    New Member

  • Member
  • Pip
  • 3 posts
I've pasted all of the reports from the 5 suggested steps on your website. Any help would be much appreciated.

Thank you



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4167

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/06/2010 12:44:08
mbam-log-2010-06-11 (12-44-08).txt

Scan type: Quick scan
Objects scanned: 116966
Time elapsed: 5 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)








GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-11 13:35:53
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Dan\LOCALS~1\Temp\kxtdapoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEE349C7A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEE349B36]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xEE34A0EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEE34A014]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEE34970C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEE349C10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEE34964C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEE3496B0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEE349D30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xEE34A1B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEE349CF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEE349E70]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xEE356AC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xEE3568EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xEE356A24]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CCC 80504568 4 Bytes JMP 54EE34A0
PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP EE356A28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP EE3568EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP EE352536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP EE353EC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP EE356ACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[1220] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3580] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----








OTL logfile created on: 11/06/2010 14:06:14 - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Dan\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 609.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 155.97 Gb Free Space | 66.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANS-PC
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/11 13:37:33 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\My Documents\Downloads\OTL.exe
PRC - [2010/05/06 21:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 19:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/06/11 13:37:33 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\My Documents\Downloads\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/09/05 22:25:04 | 000,204,800 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - [2010/05/06 21:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 21:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 21:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 21:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 21:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 21:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/11/17 10:48:02 | 000,022,304 | ---- | M] (Doug Fetter Software Wizardry) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbkt1x1.sys -- (USBKT1X1)
DRV - [2009/11/17 10:48:02 | 000,013,504 | ---- | M] (MIDIMAN) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uks11ldr.sys -- (UKS11LDR)
DRV - [2009/10/25 19:25:52 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/05/09 02:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/11/07 00:59:52 | 000,029,312 | ---- | M] (Line 6) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l6dp.sys -- (L6DP)
DRV - [2008/11/07 00:59:42 | 000,530,560 | ---- | M] (Line 6) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L6TPortA.sys -- (L6TPortA)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/05 22:25:30 | 001,246,456 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/03/31 18:04:52 | 000,180,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.qword.com/?s=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/02 12:19:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/02 16:11:47 | 000,000,000 | ---D | M]

[2010/06/02 12:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Mozilla\Extensions
[2010/06/11 11:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\fd8xuabc.default\extensions
[2010/06/04 11:59:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\fd8xuabc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/11 11:44:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/16 11:47:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/08/16 18:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2008/08/16 18:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2008/08/16 18:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2008/05/21 09:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
[2008/05/21 09:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
[2008/05/21 09:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/08/16 18:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2008/08/16 18:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
[2010/04/01 17:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 17:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 17:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 17:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [IDTSysTrayApp] C:\WINDOWS\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [Workflow] E:\Workflow.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: qword.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/25 18:48:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/10/25 19:00:02 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: midi1 - C:\WINDOWS\System32\usbkt1x1.dll (Doug Fetter Software Wizardry)
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/08 11:31:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Windows Search
[2010/06/05 11:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Tracing
[2010/06/05 11:37:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2010/06/05 11:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/06/05 11:34:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/06/05 11:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/06/05 11:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/06/05 11:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/06/05 11:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/06/05 11:30:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/06/04 14:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\FLAC
[2010/06/03 18:18:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/03 18:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/03 18:17:22 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Dan\Desktop\erunt_setup.exe
[2010/06/03 18:09:42 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\TFC.exe
[2010/06/03 12:15:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/06/03 12:15:18 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/06/03 12:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/06/03 12:14:38 | 000,000,000 | ---D | C] -- C:\6602246ab05bcd683ce93ec01ef664
[2010/06/03 11:56:04 | 000,000,000 | ---D | C] -- C:\NBget
[2010/06/02 17:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\NBget
[2010/06/02 17:42:41 | 000,000,000 | ---D | C] -- C:\Versalsoft
[2010/06/02 17:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\Versalsoft
[2010/06/02 17:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\Universal
[2010/06/02 17:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\Smith Micro
[2010/06/02 17:08:37 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/06/02 17:08:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/06/02 13:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2010/06/02 12:31:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\WinRAR
[2010/06/02 12:31:48 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/06/02 12:19:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Mozilla
[2010/06/02 12:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/05/28 11:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/05/28 11:16:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Identities
[2010/05/28 11:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Windows Desktop Search
[2010/05/28 11:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2010/05/28 11:16:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/05/25 12:17:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Malwarebytes
[2010/05/25 12:17:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/25 12:17:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/25 12:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/25 12:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/20 22:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\gtk-2.0
[2010/05/20 22:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\.thumbnails
[2010/05/20 22:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\.gimp-2.6
[2010/05/20 22:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\gegl-0.0
[2010/05/20 22:42:50 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2010/05/20 22:39:14 | 018,234,256 | ---- | C] ( ) -- C:\Documents and Settings\Dan\Desktop\gimp-2.6.8-i686-setup.exe
[2010/05/11 16:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/11 16:48:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/11 16:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\new CC bill_files
[2010/05/11 12:17:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/05/09 19:24:26 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/09 19:24:25 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/09 19:24:24 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/09 19:24:23 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/09 19:24:22 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/09 19:24:22 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/09 19:24:21 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/09 19:24:05 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/09 19:24:05 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/09 19:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/09 19:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/09 19:21:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/05/09 19:21:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/04/12 14:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/12 14:43:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Temp
[2010/04/12 14:43:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Google
[2010/03/30 18:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/30 18:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/18 20:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Facebook
[2010/03/18 20:42:07 | 002,114,184 | ---- | C] (Facebook, Inc.) -- C:\Install_Facebook_Plug-In_1.0.3.exe

========== Files - Modified Within 90 Days ==========

[2010/06/11 14:04:19 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\Dan\NTUSER.DAT
[2010/06/11 13:59:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/11 13:59:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/11 12:32:24 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Dan\ntuser.ini
[2010/06/11 12:20:09 | 000,196,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 11:59:33 | 000,539,460 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/11 11:59:33 | 000,456,618 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/11 11:59:33 | 000,075,524 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/11 11:59:01 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/11 11:57:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/09 09:45:56 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/08 10:28:40 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/07 23:06:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/05 11:38:17 | 000,043,920 | ---- | M] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/05 11:33:23 | 000,001,839 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Windows Live Messenger .lnk
[2010/06/04 14:30:39 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FLAC Frontend.lnk
[2010/06/03 18:18:01 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\NTREGOPT.lnk
[2010/06/03 18:18:01 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\ERUNT.lnk
[2010/06/03 18:17:25 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Dan\Desktop\erunt_setup.exe
[2010/06/03 18:09:44 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\TFC.exe
[2010/06/03 11:52:52 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\pdfxls2.dll
[2010/06/02 17:42:55 | 000,000,049 | ---- | M] () -- C:\WINDOWS\drprofile.dat
[2010/06/02 12:19:27 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/28 11:16:38 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/05/28 10:56:38 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\housecall.guid.cache
[2010/05/25 12:17:23 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/20 22:46:42 | 000,000,898 | ---- | M] () -- C:\Documents and Settings\Dan\.recently-used.xbel
[2010/05/20 22:43:13 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2010/05/20 22:39:53 | 018,234,256 | ---- | M] ( ) -- C:\Documents and Settings\Dan\Desktop\gimp-2.6.8-i686-setup.exe
[2010/05/11 16:30:17 | 000,032,653 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\new CC bill.htm
[2010/05/11 12:51:58 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/11 12:51:58 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/05/09 19:24:26 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/09 19:24:22 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/09 19:19:27 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\prvlcl.dat
[2010/05/06 21:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/06 21:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 21:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 21:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 21:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 21:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 21:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 21:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 21:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/04 20:03:05 | 005,738,481 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\E300_camera manual.pdf
[2010/05/04 18:09:27 | 000,831,553 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\20100504 180744.m4a
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 20:20:49 | 000,559,104 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\McCormack House Directions.pdf.doc
[2010/04/27 14:27:00 | 000,080,896 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Technical Operator - Sound.doc
[2010/04/16 09:10:46 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/18 20:42:08 | 002,114,184 | ---- | M] (Facebook, Inc.) -- C:\Install_Facebook_Plug-In_1.0.3.exe

========== Files Created - No Company Name ==========

[2010/06/05 11:33:23 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Windows Live Messenger .lnk
[2010/06/04 14:30:39 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FLAC Frontend.lnk
[2010/06/03 18:18:01 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\NTREGOPT.lnk
[2010/06/03 18:18:01 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\ERUNT.lnk
[2010/06/02 17:42:55 | 000,000,049 | ---- | C] () -- C:\WINDOWS\drprofile.dat
[2010/06/02 12:19:27 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/28 11:16:38 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/05/28 10:56:38 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\housecall.guid.cache
[2010/05/25 12:17:23 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/20 22:46:42 | 000,000,898 | ---- | C] () -- C:\Documents and Settings\Dan\.recently-used.xbel
[2010/05/20 22:43:13 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2010/05/11 16:49:22 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/11 16:30:16 | 000,032,653 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\new CC bill.htm
[2010/05/09 19:24:26 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/04 22:36:24 | 000,831,553 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\20100504 180744.m4a
[2010/05/04 20:03:04 | 005,738,481 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\E300_camera manual.pdf
[2010/04/27 20:20:49 | 000,559,104 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\McCormack House Directions.pdf.doc
[2010/04/20 13:35:20 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Internet Explorer.lnk
[2010/04/01 11:44:01 | 000,080,896 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Technical Operator - Sound.doc
[2009/11/27 15:28:31 | 000,000,369 | ---- | C] () -- C:\WINDOWS\GearBox.ini
[2009/11/03 21:12:15 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/03 21:12:15 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/11/03 18:49:32 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll
[2009/11/03 18:49:30 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini
[2009/10/30 16:43:24 | 000,020,886 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2009/10/25 21:22:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/05/09 19:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/11/17 15:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2009/11/27 15:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Line 6
[2009/11/17 10:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2009/11/03 20:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/15 11:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/06/02 12:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/12 15:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/26 18:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/11/16 22:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Cakewalk
[2009/10/30 14:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Citrix
[2010/03/18 20:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Facebook
[2010/05/20 22:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\gtk-2.0
[2009/10/28 11:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\ICAClient
[2009/11/17 11:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Line 6
[2009/11/17 10:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Propellerhead Software
[2010/06/11 13:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Spotify
[2010/02/15 11:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Trusteer
[2010/05/28 11:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Windows Desktop Search
[2010/06/08 11:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Windows Search

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/10/25 18:48:24 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/11 12:51:58 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009/10/25 18:48:24 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/03/18 20:42:08 | 002,114,184 | ---- | M] (Facebook, Inc.) -- C:\Install_Facebook_Plug-In_1.0.3.exe
[2009/10/25 18:48:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/10/25 18:48:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2002/01/05 04:38:38 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\msvci70.dll
[2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/10/30 14:54:05 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2004/02/29 16:44:34 | 000,052,576 | ---- | M] () -- C:\orange.bmp
[2010/06/11 13:59:47 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2009/12/03 11:33:16 | 000,000,189 | ---- | M] () -- C:\Setup.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/10/25 20:36:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/10/25 20:36:31 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/10/25 20:36:31 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 01:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 01:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
< End of report >








OTL Extras logfile created on: 11/06/2010 13:41:04 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Dan\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 461.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 155.99 Gb Free Space | 67.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANS-PC
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8006:TCP" = 8006:TCP:*:Enabled:BitComet 8006 TCP
"8006:UDP" = 8006:UDP:*:Enabled:BitComet 8006 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com)
"C:\WINDOWS\LMIB.tmp\lmi_rescue.exe" = C:\WINDOWS\LMIB.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue -- File not found
"E:\D-Link.exe" = E:\D-Link.exe:*:Enabled:Setup Wizard Template -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AC3Filter\ac3config.exe" = C:\Program Files\AC3Filter\ac3config.exe:*:Enabled:AC3Filter Config -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE55714B-B67C-4D08-97AE-0CF4AC5A3A77}" = StuffIt Expander 2010
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"AC3File_is1" = AC3File 0.7b
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"BitComet" = BitComet 1.15
"Cakewalk VST Adapter 4.4.4.0" = Cakewalk VST Adapter 4.4.4.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DreamStation DXi2" = DreamStation DXi2
"ERUNT_is1" = ERUNT 1.1j
"Excel to PDF Converter_is1" = Excel to PDF Converter 3.00
"FLAC" = FLAC 1.2.1b (remove only)
"Free PS Convert driver_is1" = Free PS Convert driver 8.15
"GPL Ghostscript_is1" = Docudesk GPL Ghostscript 8.15
"ie8" = Windows Internet Explorer 8
"KeyStation1x1" = USB Keyboard Device 1.0.1.0
"Line 6 Uninstaller" = Line 6 Uninstaller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROSet" = Intel® PRO Network Connections Drivers
"Sonar Producer Edition v4.0.3" = Sonar Producer Edition v4.0.3
"Spotify" = Spotify
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/06/2010 07:16:20 | Computer Name = DANS-PC | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....028F20EEE4.crt>
with error: The specified server cannot perform the requested operation.

Error - 02/06/2010 09:50:41 | Computer Name = DANS-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\DAN\MY DOCUMENTS\MY MUSIC\ITUNES\ITUNES
LIBRARY.ITL> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 02/06/2010 11:53:04 | Computer Name = DANS-PC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 02/06/2010 11:53:06 | Computer Name = DANS-PC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 02/06/2010 12:46:20 | Computer Name = DANS-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x02c35346.

Error - 02/06/2010 12:46:30 | Computer Name = DANS-PC | Source = Application Error | ID = 1001
Description = Fault bucket 1161067261.

Error - 04/06/2010 09:39:46 | Computer Name = DANS-PC | Source = Windows Search Service | ID = 3013
Description = The entry <MAPI://{S-1-5-21-583907252-2077806209-1801674531-1004}/PERSONAL
FOLDERS($65AFAB9E)/X/OUTBOX/????????????????????????> in the hash map cannot be
updated. Context: Application, SystemIndex Catalog Details: A device attached to
the system is not functioning. (0x8007001f)

Error - 04/06/2010 09:39:46 | Computer Name = DANS-PC | Source = Windows Search Service | ID = 3013
Description = The entry <MAPI://{S-1-5-21-583907252-2077806209-1801674531-1004}/PERSONAL
FOLDERS($65AFAB9E)/X/OUTBOX/????????????????????????> in the hash map cannot be
updated. Context: Application, SystemIndex Catalog Details: A device attached to
the system is not functioning. (0x8007001f)

Error - 07/06/2010 06:33:45 | Computer Name = DANS-PC | Source = Windows Search Service | ID = 3013
Description = The entry <MAPI://{S-1-5-21-583907252-2077806209-1801674531-1004}/PERSONAL
FOLDERS($65AFAB9E)/X/OUTBOX/????????????????????????> in the hash map cannot be
updated. Context: Application, SystemIndex Catalog Details: A device attached to
the system is not functioning. (0x8007001f)

Error - 07/06/2010 06:33:45 | Computer Name = DANS-PC | Source = Windows Search Service | ID = 3013
Description = The entry <MAPI://{S-1-5-21-583907252-2077806209-1801674531-1004}/PERSONAL
FOLDERS($65AFAB9E)/X/OUTBOX/????????????????????????> in the hash map cannot be
updated. Context: Application, SystemIndex Catalog Details: A device attached to
the system is not functioning. (0x8007001f)

[ System Events ]
Error - 05/06/2010 08:08:35 | Computer Name = DANS-PC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 05/06/2010 08:23:35 | Computer Name = DANS-PC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 05/06/2010 08:23:35 | Computer Name = DANS-PC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 11/06/2010 06:23:23 | Computer Name = DANS-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 77.99.186.175 for the Network Card with network
address 0013721229A9 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 11/06/2010 06:23:45 | Computer Name = DANS-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.11
on the Network Card with network address 0013721229A9.

Error - 11/06/2010 07:32:01 | Computer Name = DANS-PC | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).

Error - 11/06/2010 07:32:02 | Computer Name = DANS-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 11/06/2010 07:32:02 | Computer Name = DANS-PC | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 11/06/2010 07:32:02 | Computer Name = DANS-PC | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 11/06/2010 07:32:02 | Computer Name = DANS-PC | Source = Service Control Manager | ID = 7034
Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s).


< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,178 posts
  • MVP
From what I've read on the thing it comes from versalsoft and you have two of their folders:

C:\Versalsoft
C:\Program Files\Versalsoft

Some people claim there is an uninstall file in the versalsoft folder but I'm not sure we should trust it. I think we will let OTL delete the folders then run Combofix. If it is still run we will search the registry with RegSeeker.


Copy the text between the lines of stars by highlighting and Ctrl + c
********************************************************************************

:OTL
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Workflow] E:\Workflow.exe File not found

:Files
C:\Versalsoft
C:\Program Files\Versalsoft

:Commands
[RESETHOSTS]
[purity]
[emptytemp]
[Reboot]

*******************************************************************

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:


Get RegSeeker.
http://www.hoverdesk.net/freeware.htm
The download is where it says:
DOWNLOAD RegSeeker 1.55 (>20 languages included !)
It's a zip file so you have to save it then right click on it and Extract All then Close all browsers and run regseeker.exe.

Select Find in Registry, check all of the HKEY boxes then have it look for qword. You can then select all and then right click and delete selected. It puts a copy of the stuff it removes in the backups folder which it creates below the folder it is in so if it doesn't work you can go back and replace it. Repeat for versalsoft. Reboot when done.

RegSeeker also has a registry cleaner but I don't really trust registry cleaners so I'd rather you didn't use it.

Ron

Edited by RKinner, 11 June 2010 - 09:24 AM.

  • 0

#3
VoxBox

VoxBox

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
These are the log reports from the otl scan and and combofix. Qword seems to have disappeared though.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Workflow deleted successfully.
========== FILES ==========
C:\Versalsoft\DownloadCache folder moved successfully.
C:\Versalsoft folder moved successfully.
C:\Program Files\Versalsoft\InternetDownload\skins\default folder moved successfully.
C:\Program Files\Versalsoft\InternetDownload\skins folder moved successfully.
C:\Program Files\Versalsoft\InternetDownload\lang folder moved successfully.
C:\Program Files\Versalsoft\InternetDownload\image folder moved successfully.
C:\Program Files\Versalsoft\InternetDownload folder moved successfully.
C:\Program Files\Versalsoft folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Dan
->Temp folder emptied: 589237 bytes
->Temporary Internet Files folder emptied: 348944 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 77381263 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1495 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 16238269 bytes

Total Files Cleaned = 90.00 mb


OTL by OldTimer - Version 3.2.6.0 log created on 06142010_103018

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...




OTL logfile created on: 14/06/2010 10:34:42 - Run 3
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Dan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 522.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 155.96 Gb Free Space | 66.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANS-PC
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/11 13:37:33 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
PRC - [2010/05/06 21:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/16 08:06:26 | 000,019,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2010/04/01 19:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/03 16:32:48 | 000,013,088 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/06/11 13:37:33 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/09/05 22:25:04 | 000,204,800 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - [2010/05/06 21:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 21:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 21:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 21:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 21:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 21:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/11/17 10:48:02 | 000,022,304 | ---- | M] (Doug Fetter Software Wizardry) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbkt1x1.sys -- (USBKT1X1)
DRV - [2009/11/17 10:48:02 | 000,013,504 | ---- | M] (MIDIMAN) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uks11ldr.sys -- (UKS11LDR)
DRV - [2009/10/25 19:25:52 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/05/09 02:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/11/07 00:59:52 | 000,029,312 | ---- | M] (Line 6) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l6dp.sys -- (L6DP)
DRV - [2008/11/07 00:59:42 | 000,530,560 | ---- | M] (Line 6) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L6TPortA.sys -- (L6TPortA)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/05 22:25:30 | 001,246,456 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/03/31 18:04:52 | 000,180,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.qword.com/?s=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/02 12:19:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/02 16:11:47 | 000,000,000 | ---D | M]

[2010/06/02 12:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Mozilla\Extensions
[2010/06/14 10:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\fd8xuabc.default\extensions
[2010/06/04 11:59:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\fd8xuabc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/14 10:18:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/16 11:47:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/08/16 18:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2008/08/16 18:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2008/08/16 18:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2008/05/21 09:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
[2008/05/21 09:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
[2008/05/21 09:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/08/16 18:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2008/08/16 18:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
[2010/04/01 17:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 17:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 17:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 17:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/06/14 10:30:23 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [IDTSysTrayApp] C:\WINDOWS\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: qword.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/25 18:48:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/14 10:30:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/11 13:37:31 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2010/06/08 11:31:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Windows Search
[2010/06/05 11:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Tracing
[2010/06/05 11:37:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2010/06/05 11:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/06/05 11:34:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/06/05 11:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/06/05 11:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/06/05 11:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/06/05 11:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/06/05 11:30:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/06/04 14:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\FLAC
[2010/06/03 18:18:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/03 18:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/03 18:17:22 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Dan\Desktop\erunt_setup.exe
[2010/06/03 18:09:42 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\TFC.exe
[2010/06/03 12:15:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/06/03 12:15:18 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/06/03 12:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/06/03 12:14:38 | 000,000,000 | ---D | C] -- C:\6602246ab05bcd683ce93ec01ef664
[2010/06/03 11:56:04 | 000,000,000 | ---D | C] -- C:\NBget
[2010/06/02 17:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\NBget
[2010/06/02 17:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\Universal
[2010/06/02 17:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\Smith Micro
[2010/06/02 17:08:37 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/06/02 17:08:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/06/02 13:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2010/06/02 12:31:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\WinRAR
[2010/06/02 12:31:48 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/06/02 12:19:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Mozilla
[2010/06/02 12:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/05/28 11:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/05/28 11:16:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Identities
[2010/05/28 11:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Windows Desktop Search
[2010/05/28 11:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2010/05/28 11:16:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/05/25 12:17:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Malwarebytes
[2010/05/25 12:17:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/25 12:17:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/25 12:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/25 12:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/20 22:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\gtk-2.0
[2010/05/20 22:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\.thumbnails
[2010/05/20 22:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\.gimp-2.6
[2010/05/20 22:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\gegl-0.0
[2010/05/20 22:42:50 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2010/05/20 22:39:14 | 018,234,256 | ---- | C] ( ) -- C:\Documents and Settings\Dan\Desktop\gimp-2.6.8-i686-setup.exe
[2010/05/11 16:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/11 16:48:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/11 16:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\new CC bill_files
[2010/05/11 12:17:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/05/09 19:24:26 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/09 19:24:25 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/09 19:24:24 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/09 19:24:23 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/09 19:24:22 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/09 19:24:22 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/09 19:24:21 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/09 19:24:05 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/09 19:24:05 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/09 19:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/09 19:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/09 19:21:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/05/09 19:21:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/04/12 14:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/12 14:43:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Temp
[2010/04/12 14:43:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Google
[2010/03/30 18:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/30 18:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/18 20:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Facebook
[2010/03/18 20:42:07 | 002,114,184 | ---- | C] (Facebook, Inc.) -- C:\Install_Facebook_Plug-In_1.0.3.exe

========== Files - Modified Within 90 Days ==========

[2010/06/14 10:31:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/14 10:31:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/14 10:30:46 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\Dan\NTUSER.DAT
[2010/06/14 10:30:46 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Dan\ntuser.ini
[2010/06/14 10:30:23 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/06/14 09:42:48 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/11 13:37:33 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2010/06/11 12:20:09 | 000,196,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 11:59:33 | 000,539,460 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/11 11:59:33 | 000,456,618 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/11 11:59:33 | 000,075,524 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/11 11:59:01 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/11 11:57:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/08 10:28:40 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/07 23:06:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/05 11:38:17 | 000,043,920 | ---- | M] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/05 11:33:23 | 000,001,839 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Windows Live Messenger .lnk
[2010/06/04 14:30:39 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FLAC Frontend.lnk
[2010/06/03 18:18:01 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\NTREGOPT.lnk
[2010/06/03 18:18:01 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\ERUNT.lnk
[2010/06/03 18:17:25 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Dan\Desktop\erunt_setup.exe
[2010/06/03 18:09:44 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\TFC.exe
[2010/06/03 11:52:52 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\pdfxls2.dll
[2010/06/02 17:42:55 | 000,000,049 | ---- | M] () -- C:\WINDOWS\drprofile.dat
[2010/06/02 12:19:27 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/28 11:16:38 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/05/28 10:56:38 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\housecall.guid.cache
[2010/05/25 12:17:23 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/20 22:46:42 | 000,000,898 | ---- | M] () -- C:\Documents and Settings\Dan\.recently-used.xbel
[2010/05/20 22:43:13 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2010/05/20 22:39:53 | 018,234,256 | ---- | M] ( ) -- C:\Documents and Settings\Dan\Desktop\gimp-2.6.8-i686-setup.exe
[2010/05/11 16:30:17 | 000,032,653 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\new CC bill.htm
[2010/05/11 12:51:58 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/11 12:51:58 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/05/09 19:24:26 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/09 19:24:22 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/09 19:19:27 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\prvlcl.dat
[2010/05/06 21:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/06 21:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 21:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 21:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 21:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 21:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 21:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 21:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 21:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/04 20:03:05 | 005,738,481 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\E300_camera manual.pdf
[2010/05/04 18:09:27 | 000,831,553 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\20100504 180744.m4a
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 20:20:49 | 000,559,104 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\McCormack House Directions.pdf.doc
[2010/04/27 14:27:00 | 000,080,896 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Technical Operator - Sound.doc
[2010/04/16 09:10:46 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/18 20:42:08 | 002,114,184 | ---- | M] (Facebook, Inc.) -- C:\Install_Facebook_Plug-In_1.0.3.exe

========== Files Created - No Company Name ==========

[2010/06/05 11:33:23 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Windows Live Messenger .lnk
[2010/06/04 14:30:39 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FLAC Frontend.lnk
[2010/06/03 18:18:01 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\NTREGOPT.lnk
[2010/06/03 18:18:01 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\ERUNT.lnk
[2010/06/02 17:42:55 | 000,000,049 | ---- | C] () -- C:\WINDOWS\drprofile.dat
[2010/06/02 12:19:27 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/28 11:16:38 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/05/28 10:56:38 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\housecall.guid.cache
[2010/05/25 12:17:23 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/20 22:46:42 | 000,000,898 | ---- | C] () -- C:\Documents and Settings\Dan\.recently-used.xbel
[2010/05/20 22:43:13 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2010/05/11 16:49:22 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/11 16:30:16 | 000,032,653 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\new CC bill.htm
[2010/05/09 19:24:26 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/04 22:36:24 | 000,831,553 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\20100504 180744.m4a
[2010/05/04 20:03:04 | 005,738,481 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\E300_camera manual.pdf
[2010/04/27 20:20:49 | 000,559,104 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\McCormack House Directions.pdf.doc
[2010/04/20 13:35:20 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Internet Explorer.lnk
[2010/04/01 11:44:01 | 000,080,896 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Technical Operator - Sound.doc
[2009/11/27 15:28:31 | 000,000,369 | ---- | C] () -- C:\WINDOWS\GearBox.ini
[2009/11/03 21:12:15 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/03 21:12:15 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/11/03 18:49:32 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll
[2009/11/03 18:49:30 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini
[2009/10/30 16:43:24 | 000,020,886 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2009/10/25 21:22:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/05/09 19:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/11/17 15:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2009/11/27 15:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Line 6
[2009/11/17 10:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2009/11/03 20:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/15 11:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/06/02 12:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/12 15:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/26 18:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/11/16 22:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Cakewalk
[2009/10/30 14:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Citrix
[2010/03/18 20:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Facebook
[2010/05/20 22:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\gtk-2.0
[2009/10/28 11:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\ICAClient
[2009/11/17 11:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Line 6
[2009/11/17 10:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Propellerhead Software
[2010/06/11 14:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Spotify
[2010/02/15 11:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Trusteer
[2010/05/28 11:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Windows Desktop Search
[2010/06/08 11:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Windows Search

========== Purity Check ==========


< End of report >



This is the ComboFix log:


ComboFix 10-06-13.04 - Dan 14/06/2010 10:50:27.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.476 [GMT 1:00]
Running from: c:\documents and settings\Dan\Desktop\george.exe.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-05-14 to 2010-06-14 )))))))))))))))))))))))))))))))
.

2010-06-14 09:30 . 2010-06-14 09:30 -------- d-----w- C:\_OTL
2010-06-11 10:27 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-08 10:31 . 2010-06-08 10:31 -------- d-----w- c:\documents and settings\Dan\Application Data\Windows Search
2010-06-05 10:38 . 2010-06-14 09:33 -------- d-----w- c:\documents and settings\Dan\Tracing
2010-06-05 10:37 . 2010-06-05 10:37 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2010-06-05 10:36 . 2010-04-28 06:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-06-05 10:35 . 2010-06-05 10:35 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-06-05 10:35 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-06-05 10:34 . 2010-06-05 10:34 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-06-05 10:33 . 2010-06-05 10:33 -------- d-----w- c:\program files\Microsoft
2010-06-05 10:32 . 2010-06-05 10:32 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-06-05 10:32 . 2010-06-05 10:36 -------- d-----w- c:\program files\Windows Live
2010-06-05 10:30 . 2010-06-05 10:30 -------- d-----w- c:\program files\Common Files\Windows Live
2010-06-04 13:30 . 2010-06-04 13:30 -------- d-----w- c:\program files\FLAC
2010-06-03 17:18 . 2010-06-03 17:18 -------- d-----w- c:\program files\ERUNT
2010-06-03 11:15 . 2010-06-03 11:15 -------- d-----w- c:\windows\system32\XPSViewer
2010-06-03 11:15 . 2010-06-03 11:15 -------- d-----w- c:\program files\MSBuild
2010-06-03 11:15 . 2010-06-03 11:15 -------- d-----w- c:\program files\Reference Assemblies
2010-06-03 11:14 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-06-03 11:14 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-06-03 11:14 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-06-03 11:14 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-06-03 11:14 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-06-03 11:14 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-06-03 11:14 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-06-03 11:14 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-06-03 11:14 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-06-03 11:14 . 2010-06-03 11:14 -------- d-----w- C:\6602246ab05bcd683ce93ec01ef664
2010-06-03 10:56 . 2010-06-03 10:56 -------- d-----w- C:\NBget
2010-06-02 16:42 . 2010-06-02 16:42 -------- d-----w- c:\program files\NBget
2010-06-02 16:42 . 2010-06-02 16:42 49 ----a-w- c:\windows\drprofile.dat
2010-06-02 16:42 . 2010-06-02 16:42 -------- d-----w- c:\program files\Universal
2010-06-02 16:09 . 2010-06-02 16:09 -------- d-----w- c:\program files\Smith Micro
2010-06-02 12:17 . 2010-06-02 16:17 -------- d-----w- c:\program files\MagicISO
2010-06-02 11:28 . 2010-06-02 11:28 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-05-28 10:17 . 2010-05-28 10:17 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-28 10:17 . 2010-05-28 10:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-05-28 10:16 . 2010-05-28 10:16 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Identities
2010-05-28 10:16 . 2010-05-28 10:16 -------- d-----w- c:\documents and settings\Dan\Application Data\Windows Desktop Search
2010-05-28 10:16 . 2010-05-28 10:19 -------- d-----w- c:\program files\Windows Desktop Search
2010-05-28 10:16 . 2010-05-28 10:16 -------- d-----w- c:\windows\system32\GroupPolicy
2010-05-28 10:15 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2010-05-28 10:15 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2010-05-28 10:15 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2010-05-25 11:17 . 2010-05-25 11:17 -------- d-----w- c:\documents and settings\Dan\Application Data\Malwarebytes
2010-05-25 11:17 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-25 11:17 . 2010-05-25 11:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-25 11:17 . 2010-05-25 11:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-25 11:17 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-24 16:28 . 2010-05-24 16:28 61440 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3387e9f1-n\decora-sse.dll
2010-05-24 16:28 . 2010-05-24 16:28 503808 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-138986da-n\msvcp71.dll
2010-05-24 16:28 . 2010-05-24 16:28 499712 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-138986da-n\jmc.dll
2010-05-24 16:28 . 2010-05-24 16:28 348160 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-138986da-n\msvcr71.dll
2010-05-24 16:28 . 2010-05-24 16:28 12800 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3387e9f1-n\decora-d3d.dll
2010-05-20 21:46 . 2010-05-20 21:46 -------- d-----w- c:\documents and settings\Dan\Application Data\gtk-2.0
2010-05-20 21:46 . 2010-05-20 21:46 -------- d-----w- c:\documents and settings\Dan\.thumbnails
2010-05-20 21:43 . 2010-06-03 19:30 -------- d-----w- c:\documents and settings\Dan\.gimp-2.6
2010-05-20 21:42 . 2010-05-20 21:42 -------- d-----w- c:\program files\GIMP-2.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-14 09:31 . 2009-10-30 18:02 117648 ----a-w- c:\windows\system32\drivers\sthdae.log
2010-06-11 13:58 . 2010-01-19 16:48 -------- d-----w- c:\documents and settings\Dan\Application Data\Spotify
2010-06-05 10:38 . 2009-10-25 21:00 43920 ----a-w- c:\documents and settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-04 10:36 . 2009-11-03 18:07 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 10:52 . 2009-11-06 10:54 1024 ----a-w- c:\documents and settings\All Users\Application Data\pdfxls2.dll
2010-06-03 10:52 . 2009-11-06 10:54 1024 ----a-w- c:\documents and settings\All Users\Application Data\pdfxls2.dll
2010-06-02 15:11 . 2009-10-26 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-02 11:10 . 2009-11-09 09:52 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-05-29 15:55 . 2009-11-03 20:04 -------- d-----w- c:\program files\BitComet
2010-05-11 15:49 . 2010-05-11 15:48 -------- d-----w- c:\program files\iTunes
2010-05-11 15:48 . 2010-05-11 15:48 -------- d-----w- c:\program files\iPod
2010-05-11 15:48 . 2009-10-26 17:24 -------- d-----w- c:\program files\Common Files\Apple
2010-05-11 15:41 . 2010-05-11 15:41 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-10 17:30 . 2010-05-10 17:30 655360 ----a-w- c:\documents and settings\Dan\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-05-10 17:30 . 2010-05-10 17:30 282624 ----a-w- c:\documents and settings\Dan\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-05-10 17:30 . 2010-05-10 17:30 208896 ----a-w- c:\documents and settings\Dan\Application Data\Spotify\Gracenote\gnsdk_dsp.dll
2010-05-09 18:24 . 2010-05-09 18:24 -------- d-----w- c:\program files\Alwil Software
2010-05-09 18:24 . 2010-05-09 18:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-09 18:19 . 2009-12-11 17:07 0 ----a-w- c:\documents and settings\Dan\Local Settings\Application Data\prvlcl.dat
2010-05-06 20:59 . 2010-05-09 18:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-06 20:59 . 2010-05-09 18:24 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-05-09 18:24 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-05-09 18:24 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-05-09 18:24 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2010-05-09 18:24 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2010-05-09 18:24 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2010-05-09 18:24 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2010-05-09 18:24 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 23:04 . 2010-04-16 23:04 306032 ----a-w- c:\windows\WLXPGSS.SCR
2010-04-16 21:12 . 2010-04-16 21:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-04-16 10:47 . 2009-11-01 21:16 -------- d-----w- c:\program files\Java
2010-04-12 16:29 . 2010-04-16 10:47 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-03-30 17:32 . 2010-03-30 17:32 61440 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-30486e29-n\decora-sse.dll
2010-03-30 17:32 . 2010-03-30 17:32 503808 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-67083a2c-n\msvcp71.dll
2010-03-30 17:32 . 2010-03-30 17:32 499712 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-67083a2c-n\jmc.dll
2010-03-30 17:32 . 2010-03-30 17:32 348160 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-67083a2c-n\msvcr71.dll
2010-03-30 17:32 . 2010-03-30 17:32 12800 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-30486e29-n\decora-d3d.dll
2010-03-18 19:53 . 2010-03-18 19:53 50354 ----a-w- c:\documents and settings\Dan\Application Data\Facebook\uninstall.exe
2010-03-18 19:42 . 2010-03-18 19:42 2114184 ----a-w- C:\Install_Facebook_Plug-In_1.0.3.exe
2008-08-16 17:42 . 2008-08-16 17:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 17:42 . 2008-08-16 17:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 17:42 . 2008-08-16 17:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 17:42 . 2008-08-16 17:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 17:43 . 2008-08-16 17:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 17:42 . 2008-08-16 17:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 17:42 . 2008-08-16 17:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 08:41 . 2008-05-21 08:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 08:41 . 2008-05-21 08:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 08:41 . 2008-05-21 08:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 13:58 . 2008-06-05 13:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 17:42 . 2008-08-16 17:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDTSysTrayApp"="sttray.exe" [2007-09-05 405504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-09 344064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AC3Filter\\ac3config.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8006:TCP"= 8006:TCP:BitComet 8006 TCP
"8006:UDP"= 8006:UDP:BitComet 8006 UDP

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [09/05/2010 19:24 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09/05/2010 19:24 19024]
R3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys [28/09/2005 19:38 29312]
R3 L6TPortA;Service - Line 6 TonePort UX1;c:\windows\system32\drivers\L6TPortA.sys [28/09/2005 19:36 530560]
S1 RapportBuka;RapportBuka;\??\c:\windows\system32\drivers\RapportBuka.sys --> c:\windows\system32\drivers\RapportBuka.sys [?]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [17/11/2009 10:48 13504]
S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [17/11/2009 10:48 22304]
.
Contents of the 'Scheduled Tasks' folder

2010-06-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: line6.net
Trusted Zone: qword.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\fd8xuabc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\documents and settings\Dan\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Sonar Producer Edition v4.0.3 - c:\progra~1\Cakewalk\SONAR4~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-14 10:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3844)
c:\windows\system32\WININET.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-06-14 10:56:06
ComboFix-quarantined-files.txt 2010-06-14 09:55

Pre-Run: 167,362,879,488 bytes free
Post-Run: 167,321,083,904 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - A94077015687D5D57965544D62D2A6AA


Thanks

Edited by VoxBox, 14 June 2010 - 04:22 AM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,178 posts
  • MVP
I did miss one when we ran OTL but you can fix it in IE. Open IE, Tools, Internet Options, Security, Trusted Sites, Sites. Click on

qword.com

and REMOVE, OK.

If there are no other problems then I guess we are done.

I usually recommend a free BitDefender online scan as a final check to see if we missed anything. http://www.bitdefend...nline/free.html


We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

To hide hidden files again:

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

Make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.4.
http://oldmcdonald.w...orun-eater-v24/
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox

If your current antivirus is not a paid up subscription you should dump it and install the free Avast
http://www.avast.com...avast-home.html

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP