[Elliexer]

Hello, just noticed today that my anti-virus software I was using (Microsoft Security Essentials) wasn't in gear, the protection was turned off for some reason.
I clicked to turn protection back on and did a quick scan, though nothing was found, then did two full scans but the system kept crashing at a certain point.

I then decided to try another program so uninstalled MSE and downloaded AVG but it would not install properly.
The same happened with Avast too. That's pretty much it, so now I have no anti-virus software installed. Any help is appreciated, thank you.

[Advertisements]

Hi lets have a look

GMER Rootkit Scanner - Download - Homepage
[*] Download GMER
[*] Extract the contents of the zipped file to desktop.
[*] Double click GMER.exe.

[*] If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
[*] In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...

• IAT/EAT
• Drives/Partition other than Systemdrive (typically C:\)
• Show All (don't miss this one)
  
  Click the image to enlarge it

• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

THEN

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select Scan all users
• Under the Custom Scan box paste this in
  
  
  netsvcs
  drivers32 /all
  %SYSTEMDRIVE%\*.*
  %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
  %systemroot%\system32\*.wt
  %systemroot%\system32\*.ruy
  %systemroot%\Fonts\*.com
  %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\user32.dll /md5
  %systemroot%\system32\ws2_32.dll /md5
  %systemroot%\system32\ws2help.dll /md5
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

[Essexboy]

Hi lets have a look

GMER Rootkit Scanner - Download - Homepage
[*] Download GMER
[*] Extract the contents of the zipped file to desktop.
[*] Double click GMER.exe.

[*] If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
[*] In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...

• IAT/EAT
• Drives/Partition other than Systemdrive (typically C:\)
• Show All (don't miss this one)
  
  Click the image to enlarge it

• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

THEN

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select Scan all users
• Under the Custom Scan box paste this in
  
  
  netsvcs
  drivers32 /all
  %SYSTEMDRIVE%\*.*
  %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
  %systemroot%\system32\*.wt
  %systemroot%\system32\*.ruy
  %systemroot%\Fonts\*.com
  %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\user32.dll /md5
  %systemroot%\system32\ws2_32.dll /md5
  %systemroot%\system32\ws2help.dll /md5
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

[Elliexer]

Hey thanks for the reply, here are the reports.


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-06 23:46:47
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Ellen\LOCALS~1\Temp\pxtdapow.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Ellen\Desktop\gmer.exe[2408] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\Documents and Settings\Ellen\Desktop\gmer.exe[2408] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\Documents and Settings\Ellen\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe[2288] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\Documents and Settings\Ellen\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe[2288] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\Documents and Settings\Ellen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[2228] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\Documents and Settings\Ellen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[2228] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[988] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[988] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1584] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1584] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1568] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1644] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1644] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe[2020] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe[2020] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\Program Files\iPod\bin\iPodService.exe[3792] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\Program Files\iTunes\iTunesHelper.exe[1368] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\Program Files\iTunes\iTunesHelper.exe[1368] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1684] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1684] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\Program Files\LG Electronics\LG PC Suite III\Launcher.exe[2256] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\Program Files\LG Electronics\LG PC Suite III\Launcher.exe[2256] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2448] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2448] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2428] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2428] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[2492] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\Program Files\Skype\Phone\Skype.exe[2108] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\Program Files\Skype\Phone\Skype.exe[2108] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2072] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2072] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3072] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3072] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1928] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1928] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\WINDOWS\Explorer.EXE[1916] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\WINDOWS\Explorer.EXE[1916] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\WINDOWS\RTHDCPL.EXE[1208] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\WINDOWS\RTHDCPL.EXE[1208] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\WINDOWS\System32\alg.exe[636] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\WINDOWS\System32\alg.exe[636] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\WINDOWS\system32\csrss.exe[648] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\WINDOWS\system32\ctfmon.exe[1844] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\WINDOWS\system32\ctfmon.exe[1844] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF69D5360, 0x32DEFD, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\lsass.exe[740] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\WINDOWS\system32\lsass.exe[740] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\WINDOWS\system32\nvsvc32.exe[1764] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\WINDOWS\system32\nvsvc32.exe[1764] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\WINDOWS\system32\RUNDLL32.EXE[784] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\WINDOWS\system32\RUNDLL32.EXE[784] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\WINDOWS\system32\savedump.exe[732] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\WINDOWS\system32\savedump.exe[732] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\WINDOWS\system32\spoolsv.exe[1444] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\WINDOWS\system32\spoolsv.exe[1444] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\WINDOWS\System32\svchost.exe[1040] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\WINDOWS\System32\svchost.exe[1040] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\WINDOWS\system32\svchost.exe[1080] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\WINDOWS\system32\svchost.exe[1188] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\WINDOWS\system32\svchost.exe[1312] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\WINDOWS\system32\svchost.exe[1524] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\WINDOWS\system32\svchost.exe[1868] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\WINDOWS\system32\svchost.exe[1868] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\WINDOWS\system32\svchost.exe[888] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\WINDOWS\system32\svchost.exe[948] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3508] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3508] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\WINDOWS\system32\winlogon.exe[672] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\WINDOWS\system32\winlogon.exe[672] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\WINDOWS\system32\wuauclt.exe[188] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]
.text C:\WINDOWS\system32\wuauclt.exe[188] SHLWAPI.dll!AssocCreate + 13B 77F69FB4 1 Byte [C4]
.text C:\WINDOWS\vsnpstd3.exe[1340] ADVAPI32.dll!GetSidIdentifierAuthority + 1D79 77DE0FB4 1 Byte [06]

---- Kernel code sections - GMER 1.0.15 ----

.text win32k.sys!EngDeleteClip + 50B8 BF97CFB4 1 Byte [A4]

---- EOF - GMER 1.0.15 ----



OTL logfile created on: 06/07/2010 23:52:22 - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = D:\Documents and Settings\Ellen\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

959.00 Mb Total Physical Memory | 473.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 56.34 Gb Free Space | 75.61% Space Free | Partition Type: NTFS
Drive D: | 74.52 Gb Total Space | 21.55 Gb Free Space | 28.92% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC1
Current User Name: Ellen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/06 23:51:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Ellen\My Documents\Downloads\OTL (1).exe
PRC - [2010/07/06 13:30:19 | 000,249,856 | ---- | M] (LG Electronics Inc.) -- C:\Program Files\LG Electronics\LG PC Suite III\Launcher.exe
PRC - [2010/06/29 03:27:23 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Ellen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/06/16 04:27:19 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/06 15:29:50 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/04/28 19:15:02 | 002,633,976 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/18 13:22:26 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Ellen\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2009/09/30 20:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/08/19 11:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 11:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe
PRC - [2006/09/19 10:07:28 | 000,827,392 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe


========== Modules (SafeList) ==========

MOD - [2010/07/06 23:51:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Ellen\My Documents\Downloads\OTL (1).exe
MOD - [2010/06/06 15:31:26 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/06/06 15:29:54 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll
MOD - [2010/06/06 15:29:53 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll
MOD - [2008/04/14 13:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/05/03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/01/26 19:35:35 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV - [2010/03/12 01:57:17 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/01/21 01:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010/01/21 01:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010/01/21 01:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009/09/29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgbtport.sys -- (LgBttPort)
DRV - [2009/09/29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgvmodem.sys -- (LGVMODEM)
DRV - [2009/09/29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2009/03/25 07:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/09/18 00:55:00 | 006,132,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/14 13:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2007/08/10 03:11:00 | 000,102,400 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2007/05/02 12:12:36 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2007/05/02 12:12:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2007/05/02 12:12:34 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/03/27 19:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006/08/01 20:07:00 | 004,356,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/07/11 22:38:00 | 000,057,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/07/11 22:38:00 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1220945662-2077806209-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1220945662-2077806209-1801674531-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1220945662-2077806209-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1220945662-2077806209-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.2.119
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.4
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.63
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.4
FF - prefs.js..keyword.URL: "http://websearch.ask...ocale=en_UK&q="

FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/14 01:17:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/06/06 15:31:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/30 07:03:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/30 07:03:51 | 000,000,000 | ---D | M]

[2010/01/18 18:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\Mozilla\Extensions
[2010/06/29 11:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\Mozilla\Firefox\Profiles\ur03mb0p.default\extensions
[2010/01/19 05:26:40 | 000,000,000 | ---D | M] (iFox Metal) -- C:\Documents and Settings\Ellen\Application Data\Mozilla\Firefox\Profiles\ur03mb0p.default\extensions\{08c834b4-e025-44a3-9b95-e9885adc4be0}
[2010/01/19 05:27:20 | 000,000,000 | ---D | M] (iFox Graphite) -- C:\Documents and Settings\Ellen\Application Data\Mozilla\Firefox\Profiles\ur03mb0p.default\extensions\{74b288e6-77b6-41c7-8138-bb81f4539689}
[2010/02/20 13:56:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ellen\Application Data\Mozilla\Firefox\Profiles\ur03mb0p.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/01/19 05:27:48 | 000,000,000 | ---D | M] (iFox Smooth) -- C:\Documents and Settings\Ellen\Application Data\Mozilla\Firefox\Profiles\ur03mb0p.default\extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688}
[2010/04/03 21:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\Mozilla\Firefox\Profiles\ur03mb0p.default\extensions\[email protected]
[2010/04/29 02:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\Mozilla\Firefox\Profiles\ur03mb0p.default\extensions\[email protected]
[2010/04/03 21:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\Mozilla\Firefox\Profiles\ur03mb0p.default\extensions\[email protected]
[2010/04/03 21:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\Mozilla\Firefox\Profiles\ur03mb0p.default\extensions\[email protected]
[2010/06/29 20:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\Mozilla\Firefox\Profiles\ur03mb0p.default\extensions\[email protected]
[2010/05/26 15:18:50 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Ellen\Application Data\Mozilla\Firefox\Profiles\ur03mb0p.default\searchplugins\askcom.xml
[2010/07/05 15:42:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/22 23:17:40 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/30 07:03:45 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/06/30 07:03:45 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/06/30 07:03:45 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/06/30 07:03:46 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Club Bing Toolbar Helper) - {B771FEA3-2A05-4c21-B1E2-55551A97D520} - C:\Program Files\Club Bing Toolbar Helper\Bmbho.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Club Bing Toolbar) - {719D74AB-1AF9-43A1-8C62-D8750628D93E} - C:\Program Files\Club Bing Toolbar\Toolbar.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Club Bing Toolbar Helper) - {B771FEA3-2A05-4c21-B1E2-55551A97D520} - C:\Program Files\Club Bing Toolbar Helper\Bmbho.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-1220945662-2077806209-1801674531-1004\..\Toolbar\WebBrowser: (Club Bing Toolbar) - {719D74AB-1AF9-43A1-8C62-D8750628D93E} - C:\Program Files\Club Bing Toolbar\Toolbar.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1220945662-2077806209-1801674531-1004\..\Toolbar\WebBrowser: (Club Bing Toolbar Helper) - {B771FEA3-2A05-4C21-B1E2-55551A97D520} - C:\Program Files\Club Bing Toolbar Helper\Bmbho.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1220945662-2077806209-1801674531-1004\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1220945662-2077806209-1801674531-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [EPSON Stylus D78 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1220945662-2077806209-1801674531-1004..\Run: [LG PC Suite III] C:\Program Files\LG Electronics\LG PC Suite III\Launcher.exe (LG Electronics Inc.)
O4 - HKU\S-1-5-21-1220945662-2077806209-1801674531-1004..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\Ellen\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Felix\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Lesley\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1220945662-2077806209-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1263655557279 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Ellen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ellen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/16 15:26:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{45868640-442f-11df-adf4-00138fd39cd2}\Shell - "" = AutoRun
O33 - MountPoints2\{45868640-442f-11df-adf4-00138fd39cd2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45868640-442f-11df-adf4-00138fd39cd2}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe -- File not found
O33 - MountPoints2\{b946e266-02bf-11df-ac0c-00064f018fad}\Shell - "" = AutoRun
O33 - MountPoints2\{b946e266-02bf-11df-ac0c-00064f018fad}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b946e266-02bf-11df-ac0c-00064f018fad}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b946e267-02bf-11df-ac0c-00064f018fad}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/06 13:23:39 | 000,000,000 | ---D | C] -- C:\Temp
[2010/07/06 13:22:58 | 000,258,048 | ---- | C] (LG Electronics Inc.) -- C:\Documents and Settings\Ellen\esn.dll
[2010/07/06 13:22:58 | 000,180,224 | ---- | C] (LG Electronics) -- C:\Documents and Settings\Ellen\AuthDll.dll
[2010/07/06 13:22:58 | 000,090,112 | ---- | C] (LG Electronics) -- C:\Documents and Settings\Ellen\LGMobileDL.dll
[2010/07/05 23:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ellen\Application Data\Malwarebytes
[2010/07/05 23:49:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/05 23:49:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/05 23:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/05 23:49:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/05 23:42:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/05 23:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/05 23:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/07/05 23:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/05 22:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ellen\Local Settings\Application Data\PCHealth
[2010/07/05 19:27:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Backup
[2010/06/20 01:27:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Ellen\My Documents\GAMEBOY GAMES
[2010/06/20 01:23:18 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Ellen\My Documents\GAMEBOY
[2010/06/12 01:16:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Ellen\My Documents\Stuff For Helen
[2010/06/12 01:15:35 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Ellen\My Documents\New Folder
[2010/06/12 00:02:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/06/09 03:09:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Ellen\My Documents\Smart PC Recorder Records
[2010/06/09 03:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\freebird
[2010/06/06 15:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/06/06 15:29:53 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/06/06 15:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/06/06 15:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/06/06 15:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/06/06 15:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ellen\Application Data\Real
[2010/06/06 15:27:33 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Ellen\My Documents\FemmlayoutJune
[2010/05/27 01:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ellen\Application Data\Facebook
[2010/05/26 15:04:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ellen\Application Data\EPSON
[2010/05/25 23:43:41 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Ellen\My Documents\LG Electronics
[2010/05/25 23:38:04 | 001,164,728 | ---- | C] (NuMedia Soft, Inc.) -- C:\WINDOWS\System32\NMSDVDXU.dll
[2010/05/25 23:38:04 | 000,630,784 | ---- | C] (ComponentOne) -- C:\WINDOWS\System32\vsflex8u.ocx
[2010/05/25 23:38:04 | 000,419,240 | ---- | C] (VideoSoft) -- C:\WINDOWS\System32\Vsflex7L.ocx
[2010/05/25 23:37:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Ellen\Application Data\{D94BA408-F110-488B-A65E-3AE7945F79E6}
[2010/05/25 23:37:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ellen\Application Data\LG Electronics
[2010/05/25 23:37:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\LG Electronics
[2010/05/08 12:07:48 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Ellen\My Documents\Awesome [bleep]ing poetry
[2010/05/04 22:13:41 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Ellen\My Documents\Beatific Summer Layout
[2010/04/26 00:18:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Ellen\My Documents\French thing
[2010/04/14 05:17:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/11 01:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\LGInternetKit
[2010/04/11 01:09:35 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2007/03/12 12:41:52 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2005/11/23 13:55:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll

========== Files - Modified Within 90 Days ==========

[2010/07/06 23:47:55 | 000,200,712 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/06 23:47:54 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/06 23:47:54 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-2077806209-1801674531-1004.job
[2010/07/06 23:47:53 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-2077806209-1801674531-1008.job
[2010/07/06 23:47:53 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-2077806209-1801674531-1007.job
[2010/07/06 23:47:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/06 23:47:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/06 23:36:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-2077806209-1801674531-1004UA.job
[2010/07/06 23:32:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/06 23:01:02 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/07/06 22:36:09 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-2077806209-1801674531-1004.job
[2010/07/06 18:37:11 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Ellen\NTUSER.DAT
[2010/07/06 15:36:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-2077806209-1801674531-1004Core.job
[2010/07/06 15:11:29 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-2077806209-1801674531-1007.job
[2010/07/06 13:26:04 | 000,010,948 | ---- | M] () -- D:\Documents and Settings\Ellen\My Documents\Drawing Panel_0.png
[2010/07/06 13:25:58 | 000,003,174 | ---- | M] () -- D:\Documents and Settings\Ellen\My Documents\A26-06-10_01.35.amr
[2010/07/06 13:25:52 | 000,243,174 | ---- | M] () -- D:\Documents and Settings\Ellen\My Documents\A19-06-10_18.43.amr
[2010/07/06 13:25:41 | 000,045,465 | ---- | M] () -- D:\Documents and Settings\Ellen\My Documents\27694_1435204327516_1455192757_1380389_8329278_n.jpg
[2010/07/06 13:24:55 | 000,041,382 | ---- | M] () -- D:\Documents and Settings\Ellen\My Documents\A05-07-10_21.51.amr
[2010/07/06 13:24:01 | 000,721,205 | ---- | M] () -- D:\Documents and Settings\Ellen\My Documents\P250510_17.07.jpg
[2010/07/06 13:23:43 | 000,334,926 | ---- | M] () -- D:\Documents and Settings\Ellen\My Documents\P260610_04.19.jpg
[2010/07/06 09:52:56 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-2077806209-1801674531-1008.job
[2010/07/05 23:49:35 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/05 23:41:04 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\NTREGOPT.lnk
[2010/07/05 23:41:04 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\ERUNT.lnk
[2010/07/05 23:37:04 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Ellen\ntuser.ini
[2010/07/05 12:37:13 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Ellen\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/05 12:37:11 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\Google Chrome.lnk
[2010/07/04 23:29:02 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Ellen\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/07/02 03:51:39 | 005,364,170 | -H-- | M] () -- C:\Documents and Settings\Ellen\Local Settings\Application Data\IconCache.db
[2010/06/30 05:23:23 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/29 12:11:17 | 000,015,677 | ---- | M] () -- D:\Documents and Settings\Ellen\My Documents\CurricV.odt
[2010/06/23 08:02:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/19 17:58:13 | 000,000,504 | ---- | M] () -- C:\WINDOWS\tasks\Install.job
[2010/06/19 16:14:33 | 000,001,728 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\Install.lnk
[2010/06/10 06:11:13 | 001,536,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/10 05:37:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/09 03:09:28 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\Smart PC Recorder.lnk
[2010/06/06 15:31:27 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/06/06 15:29:53 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/05/27 23:26:55 | 000,028,772 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/25 23:39:50 | 000,439,552 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/25 23:39:50 | 000,381,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/25 23:39:50 | 000,053,220 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/25 23:38:21 | 000,000,907 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\LG PC Suite III.lnk
[2010/05/19 13:01:00 | 000,038,792 | ---- | M] () -- C:\Documents and Settings\Ellen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/10 03:17:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010/05/05 23:21:02 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Ellen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/12 12:49:30 | 000,001,829 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ESC79_D78 User's Guide.lnk
[2010/04/10 00:27:23 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf

========== Files Created - No Company Name ==========

[2010/07/06 22:37:13 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Ellen\Desktop\gmer.exe
[2010/07/06 13:26:04 | 000,010,948 | ---- | C] () -- D:\Documents and Settings\Ellen\My Documents\Drawing Panel_0.png
[2010/07/06 13:25:57 | 000,003,174 | ---- | C] () -- D:\Documents and Settings\Ellen\My Documents\A26-06-10_01.35.amr
[2010/07/06 13:25:48 | 000,243,174 | ---- | C] () -- D:\Documents and Settings\Ellen\My Documents\A19-06-10_18.43.amr
[2010/07/06 13:25:40 | 000,045,465 | ---- | C] () -- D:\Documents and Settings\Ellen\My Documents\27694_1435204327516_1455192757_1380389_8329278_n.jpg
[2010/07/06 13:24:54 | 000,041,382 | ---- | C] () -- D:\Documents and Settings\Ellen\My Documents\A05-07-10_21.51.amr
[2010/07/06 13:23:52 | 000,721,205 | ---- | C] () -- D:\Documents and Settings\Ellen\My Documents\P250510_17.07.jpg
[2010/07/06 13:23:39 | 000,334,926 | ---- | C] () -- D:\Documents and Settings\Ellen\My Documents\P260610_04.19.jpg
[2010/07/06 13:22:58 | 000,221,291 | ---- | C] () -- C:\Documents and Settings\Ellen\Imei_dll.dll
[2010/07/06 13:22:58 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Ellen\Sublock.dll
[2010/07/05 23:49:35 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/05 23:41:04 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Ellen\Desktop\NTREGOPT.lnk
[2010/07/05 23:41:04 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Ellen\Desktop\ERUNT.lnk
[2010/06/27 02:52:17 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-2077806209-1801674531-1004.job
[2010/06/19 16:14:35 | 000,000,504 | ---- | C] () -- C:\WINDOWS\tasks\Install.job
[2010/06/19 16:14:30 | 000,001,728 | ---- | C] () -- C:\Documents and Settings\Ellen\Desktop\Install.lnk
[2010/06/09 03:09:28 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\Ellen\Desktop\Smart PC Recorder.lnk
[2010/06/08 09:44:26 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-2077806209-1801674531-1008.job
[2010/06/08 09:44:26 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-2077806209-1801674531-1008.job
[2010/06/06 18:36:17 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-2077806209-1801674531-1007.job
[2010/06/06 18:36:17 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-2077806209-1801674531-1007.job
[2010/06/06 15:31:28 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-2077806209-1801674531-1004.job
[2010/06/06 15:31:27 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/05/25 23:38:20 | 000,000,907 | ---- | C] () -- C:\Documents and Settings\Ellen\Desktop\LG PC Suite III.lnk
[2010/05/08 11:13:05 | 000,003,788 | ---- | C] () -- C:\Documents and Settings\Ellen\_GEAREXT.WO_IDENT.TXT
[2010/02/10 02:54:16 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/10 02:54:14 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/07 15:46:48 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/02/07 15:45:56 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE D78DEFGIPS.ini
[2010/01/26 23:49:47 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/01/16 20:51:27 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/03/03 13:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/09/18 00:55:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/09/18 00:55:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/09/18 00:55:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/09/18 00:55:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/09/18 00:55:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/02/27 17:36:18 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini

========== LOP Check ==========

[2010/07/05 23:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/01/22 19:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2010/02/07 15:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/03/31 16:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/19 22:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/07/02 03:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\BitTorrent
[2010/05/26 15:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\EPSON
[2010/05/27 01:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\Facebook
[2010/05/25 23:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\LG Electronics
[2010/01/23 02:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\OpenOffice.org
[2010/01/27 00:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\Samsung
[2010/06/12 01:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\Spotify
[2010/05/25 23:37:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Ellen\Application Data\{D94BA408-F110-488B-A65E-3AE7945F79E6}
[2010/01/18 23:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Felix\Application Data\OpenOffice.org
[2010/02/11 11:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lesley\Application Data\EPSON
[2010/01/25 13:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lesley\Application Data\OpenOffice.org
[2010/06/19 17:58:13 | 000,000,504 | ---- | M] () -- C:\WINDOWS\Tasks\Install.job
[2010/07/06 23:01:02 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/01/16 15:26:12 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/16 15:20:50 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/01/16 15:26:12 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/01/16 15:26:12 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/01/16 15:26:12 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 13:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/06 23:47:45 | 1509,949,440 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/01/16 15:02:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/01/16 15:02:09 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/01/16 15:02:09 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 13:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/14 13:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-10 04:38:03
< End of report >




OTL Extras logfile created on: 06/07/2010 23:52:22 - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = D:\Documents and Settings\Ellen\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

959.00 Mb Total Physical Memory | 473.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 56.34 Gb Free Space | 75.61% Space Free | Partition Type: NTFS
Drive D: | 74.52 Gb Total Space | 21.55 Gb Free Space | 28.92% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC1
Current User Name: Ellen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1220945662-2077806209-1801674531-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Documents and Settings\Ellen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Ellen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B0098FF-1816-4F42-8203-FA29F5735596}" = Samsung PC Studio 3
"{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java™ 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers
"{40034B11-149E-4310-AE89-BB575B02525B}" = LG Internet Kit
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4D777040-B426-44F8-8AA5-4EA26C38ECAE}" = Club Bing Toolbar Helper
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A35B36EA-39FE-4AA8-8119-D66B060C9E72}" = Club Bing Toolbar
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = Uninstall LG PC Suite III
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"BitTorrent" = BitTorrent
"ClubBingToolbar" = Club Bing Toolbar
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"ESC79_D78 User's Guide" = ESC79_D78 User's Guide
"ie8" = Windows Internet Explorer 8
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 12.0" = RealPlayer
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SmartPCRecorder" = Smart PC Recorder - by freebird
"Spotify" = Spotify
"Veoh Web Player Beta" = Veoh Web Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1220945662-2077806209-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/07/2010 13:32:03 | Computer Name = PC1 | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.183.9, faulting
module goopdate.dll, version 1.2.183.29, fault address 0x0001f7a5.

Error - 06/07/2010 13:36:43 | Computer Name = PC1 | Source = Application Error | ID = 1000
Description = Faulting application realupgrade.exe, version 1.0.2.110, faulting
module shlwapi.dll, version 6.0.2900.5912, fault address 0x0000437f.

Error - 06/07/2010 17:30:30 | Computer Name = PC1 | Source = Google Update | ID = 1
Description =

Error - 06/07/2010 17:30:34 | Computer Name = PC1 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 06/07/2010 17:33:01 | Computer Name = PC1 | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 06/07/2010 17:33:10 | Computer Name = PC1 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.183.21, faulting
module goopdate.dll, version 1.2.183.23, fault address 0x00060a0f.

Error - 06/07/2010 17:33:18 | Computer Name = PC1 | Source = Application Error | ID = 1001
Description = Fault bucket 07918338.

Error - 06/07/2010 17:33:42 | Computer Name = PC1 | Source = Application Error | ID = 1001
Description = Fault bucket 1779093736.

Error - 06/07/2010 17:36:00 | Computer Name = PC1 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.183.21, faulting
module goopdate.dll, version 1.2.183.23, fault address 0x00060a0f.

Error - 06/07/2010 17:36:02 | Computer Name = PC1 | Source = Application Error | ID = 1001
Description = Fault bucket 1779093736.

[ System Events ]
Error - 05/07/2010 08:42:56 | Computer Name = PC1 | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 000000ee, parameter3
b9661b30, parameter4 00000000.

Error - 05/07/2010 15:13:10 | Computer Name = PC1 | Source = System Error | ID = 1003
Description = Error code 00000050, parameter1 ffffffef, parameter2 00000000, parameter3
00000000, parameter4 00000000.

Error - 05/07/2010 17:39:07 | Computer Name = PC1 | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 05/07/2010 17:42:08 | Computer Name = PC1 | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 05/07/2010 18:29:23 | Computer Name = PC1 | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 f0a03d7c, parameter2 00000000, parameter3
80503696, parameter4 00000000.

Error - 05/07/2010 18:43:02 | Computer Name = PC1 | Source = Service Control Manager | ID = 7031
Description = The Remote Procedure Call (RPC) service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 05/07/2010 22:23:09 | Computer Name = PC1 | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 bf0cefd7, parameter3
ba1c65a8, parameter4 00000000.

Error - 06/07/2010 17:33:20 | Computer Name = PC1 | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 e287e000, parameter2 00000001, parameter3
bffb3d63, parameter4 00000001.

Error - 06/07/2010 17:43:17 | Computer Name = PC1 | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 8575b4a8, parameter3
8575b61c, parameter4 805c8c7c.

Error - 06/07/2010 18:48:11 | Computer Name = PC1 | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 846a1020, parameter3
846a1194, parameter4 805c8c7c.


< End of report >

[Essexboy]

I can see nothing apparent in thoise logs so lets look deeper

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[Elliexer]

Hello, thanks for the reply. I downloaded Combo Fix and it is telling me to disable any antivirus programs, there are none installed on here as far as I am aware so I continued, and it said

'Warning! antivirus: Microsoft Security Essentials - the above real time scanner is still active but ComboFix shall continue to run.
Kindly note that this is at your own risk.'

Microsoft Security Essentials is not installed on this computer so I don't know why it's saying that?
I'm doing a general computer search for it but so far nothing related has come up. So shall I continue with ComboFix anyway or do something else?

Thanks in advance.

[Essexboy]

Yes continue with Combofix and ignore the warning

[Elliexer]

Hey thanks.
Here is the log.


ComboFix 10-07-06.05 - Ellen 07/07/2010 23:24:09.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.959.391 [GMT 1:00]
Running from: c:\documents and settings\Ellen\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ellen\Sublock.dll
c:\windows\system32\ReadMe.txt

.
((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 )))))))))))))))))))))))))))))))
.

2010-07-05 22:41 . 2010-07-05 22:41 -------- d-----w- c:\program files\ERUNT
2010-07-05 22:14 . 2010-07-05 22:14 -------- d-----w- c:\program files\Alwil Software
2010-07-05 22:14 . 2010-07-05 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-07-05 21:45 . 2010-07-05 21:45 -------- d-----w- c:\documents and settings\Ellen\Local Settings\Application Data\PCHealth
2010-07-05 18:27 . 2010-07-05 18:27 -------- d-----w- c:\windows\system32\Backup
2010-06-29 10:30 . 2010-06-29 10:30 2944904 ----a-w- c:\documents and settings\Ellen\Application Data\Mozilla\Firefox\Profiles\ur03mb0p.default\extensions\[email protected]\chrome\temp\askToolbar.exe
2010-06-11 23:02 . 2010-06-12 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-10 05:12 . 2010-06-10 05:13 -------- d-----w- c:\documents and settings\Felix\Local Settings\Application Data\ApplicationHistory
2010-06-10 03:20 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 02:09 . 2010-06-09 02:09 -------- d-----w- c:\program files\freebird

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-07 21:07 . 2010-01-16 16:14 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-07 16:49 . 2010-02-22 22:18 -------- d-----w- c:\documents and settings\Ellen\Application Data\Skype
2010-07-07 10:20 . 2010-04-18 05:35 1 ----a-w- c:\documents and settings\Felix\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-06 12:20 . 2010-03-14 00:17 -------- d-----w- c:\program files\Google
2010-07-05 22:49 . 2010-07-05 22:49 -------- d-----w- c:\documents and settings\Ellen\Application Data\Malwarebytes
2010-07-05 22:49 . 2010-07-05 22:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-05 22:49 . 2010-07-05 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-05 08:06 . 2010-01-25 12:12 1 ----a-w- c:\documents and settings\Lesley\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-02 02:52 . 2010-01-26 16:36 -------- d-----w- c:\documents and settings\Ellen\Application Data\BitTorrent
2010-06-29 19:01 . 2010-01-26 16:36 -------- d-----w- c:\program files\Ask.com
2010-06-29 10:24 . 2010-01-23 01:08 1 ----a-w- c:\documents and settings\Ellen\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-28 16:45 . 2010-01-19 21:29 -------- d-----w- c:\documents and settings\Ellen\Application Data\Apple Computer
2010-06-12 00:20 . 2010-03-15 00:40 -------- d-----w- c:\documents and settings\Ellen\Application Data\Spotify
2010-06-06 14:31 . 2010-06-06 14:31 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-06-06 14:31 . 2010-06-06 14:31 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-06-06 14:31 . 2010-06-06 14:31 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-06-06 14:31 . 2010-06-06 14:31 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-06-06 14:31 . 2010-06-06 14:31 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-06-06 14:31 . 2010-06-06 14:31 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-06-06 14:31 . 2010-06-06 14:31 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-06-06 14:31 . 2010-06-06 14:31 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-06-06 14:31 . 2010-06-06 14:31 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-06-06 14:31 . 2010-06-06 14:29 -------- d-----w- c:\program files\Common Files\Real
2010-06-06 14:30 . 2010-06-06 14:29 -------- d-----w- c:\program files\Real
2010-06-06 14:30 . 2010-06-06 14:30 -------- d-----w- c:\program files\Common Files\xing shared
2010-06-06 14:29 . 2009-10-29 04:48 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-06-06 14:29 . 2009-10-29 04:48 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-06-01 17:37 . 2010-01-16 15:21 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-27 22:26 . 2010-03-10 04:58 28772 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-27 00:39 . 2010-05-27 00:39 50354 ----a-w- c:\documents and settings\Ellen\Application Data\Facebook\uninstall.exe
2010-05-27 00:39 . 2010-05-27 00:39 -------- d-----w- c:\documents and settings\Ellen\Application Data\Facebook
2010-05-26 14:04 . 2010-05-26 14:04 -------- d-----w- c:\documents and settings\Ellen\Application Data\EPSON
2010-05-25 22:39 . 2010-04-11 00:09 -------- d-----w- c:\program files\LG Electronics
2010-05-25 22:39 . 2010-01-16 18:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-25 22:37 . 2010-05-25 22:37 -------- d--h--w- c:\documents and settings\Ellen\Application Data\{D94BA408-F110-488B-A65E-3AE7945F79E6}
2010-05-25 22:37 . 2010-05-25 22:37 -------- d-----w- c:\documents and settings\Ellen\Application Data\LG Electronics
2010-05-20 07:30 . 2010-01-16 20:59 38792 ----a-w- c:\documents and settings\Lesley\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-19 12:01 . 2010-01-16 14:36 38792 ----a-w- c:\documents and settings\Ellen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-18 14:59 . 2010-01-16 20:57 38792 ----a-w- c:\documents and settings\Felix\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-13 13:35 . 2010-05-13 13:35 282624 ----a-w- c:\documents and settings\Ellen\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-05-13 13:35 . 2010-05-13 13:35 655360 ----a-w- c:\documents and settings\Ellen\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-05-13 13:35 . 2010-05-13 13:35 208896 ----a-w- c:\documents and settings\Ellen\Application Data\Spotify\Gracenote\gnsdk_dsp.dll
2010-05-06 10:41 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2008-04-14 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 14:39 . 2010-07-05 22:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2010-07-05 22:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-01-18 16:13 . 2010-01-18 16:13 93234472 ----a-w- c:\program files\iTunesSetup.exe
2010-01-18 16:13 . 2010-01-18 16:13 1146696 ----a-w- c:\program files\wlsetup-custom.exe
2010-01-18 16:11 . 2010-01-18 16:11 7912808 ----a-w- c:\program files\Firefox Setup 3.5.7.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 14:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-04-28 2633976]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"Google Update"="c:\documents and settings\Ellen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]
"LG PC Suite III"="c:\program files\LG Electronics\LG PC Suite III\Launcher.exe" [2010-07-06 249856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="nwiz.exe" [2008-09-17 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 16049664]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-06 202256]

c:\documents and settings\Felix\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\Lesley\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\Ellen\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Documents and Settings\\Ellen\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/09/2009 08:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/09/2009 08:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/09/2009 08:11 12928]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14/03/2010 01:17 135664]
.
Contents of the 'Scheduled Tasks' folder

2010-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 00:17]

2010-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 00:17]

2010-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-2077806209-1801674531-1004Core.job
- c:\documents and settings\Ellen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-03 12:22]

2010-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-2077806209-1801674531-1004UA.job
- c:\documents and settings\Ellen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-03 12:22]

2010-06-19 c:\windows\Tasks\Install.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2010-06-19 15:14]

2010-07-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-2077806209-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-07-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-2077806209-1801674531-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-07-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-2077806209-1801674531-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-07-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-2077806209-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-07-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-2077806209-1801674531-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-07-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-2077806209-1801674531-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-07-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 14:23]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Ellen\Application Data\Mozilla\Firefox\Profiles\ur03mb0p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15435&locale=en_UK&q=
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\Ellen\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Ellen\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-07 23:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-07-07 23:32:09
ComboFix-quarantined-files.txt 2010-07-07 22:32

Pre-Run: 60,164,227,072 bytes free
Post-Run: 60,969,758,720 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - DFB0F20B39B585199AA8CEEBFF096D54

[Essexboy]

OK I would now like you to try and install an antivirus - if it does not work can you tell me what error you get

[Elliexer]

Hey, I have installed AVG with no problems.
Fantastic. Running a scan now. Thank you for your very helpful help.

[Essexboy]

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Commands
  [resethosts]
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [CLEARALLRESTOREPOINTS] 
  [Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
• Click Yes to confirm.
• Click OK.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

• Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 21.
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u21-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u21-windows-i586-p.exe and select "Run as an Administrator.")

SPRING CLEAN

Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

• SpywareBlaster to help prevent spyware from installing in the first place.
  Malwarebytes. Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.