[golaro]

Hi, i'm very new to this so sorry if its dumb. I think i have had an infection on my PC(vista) and have installed Malwarebytes which seems to have done the trick. Now though i can't access any of my files. C:drive shows that there is over 100gb used but when i click into it shows none of the content to justify the size. The 'users' file shows 53gb of data but all empty files when i go into it I have run some recover deleted files tools which show they are there as it scans but i can't get to them. These haven't been deleted. Help please, all my photos of our kids are gone and i'm in the firing line. Hopefully its just something dumb, any suggestions ?

[Advertisements]

Hello golaro and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Step 1

Download OTL to your Desktop

• Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  . Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Can you post last Malwarebytes log to see what infection have you removed from your system. To do that open Malwarebytes click on tab Logs and find log from that time.

Step 3

Please don't forget to include these items in your reply:

• OTL log
• OTL Extras log
• Malwarebytes old log

It would be helpful if you could post each log in separate post

[maliprog]

Hello golaro and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Step 1

Download OTL to your Desktop

• Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  . Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Can you post last Malwarebytes log to see what infection have you removed from your system. To do that open Malwarebytes click on tab Logs and find log from that time.

Step 3

Please don't forget to include these items in your reply:

• OTL log
• OTL Extras log
• Malwarebytes old log

It would be helpful if you could post each log in separate post

[golaro]

Hi Maliprog, thanks in advance for any help you can give me its is really appreciated. Hopefully i've attatched all you need below.





OTL logfile created on: 06/04/2011 20:35:53 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Matt\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.03 Gb Total Space | 133.10 Gb Free Space | 46.21% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.90 Gb Free Space | 59.01% Space Free | Partition Type: NTFS
Drive E: | 91.93 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/06 20:34:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.scr
PRC - [2011/02/16 16:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/01/17 17:15:32 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/11/12 15:17:32 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/11/12 15:17:32 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/09/29 12:27:30 | 001,584,640 | -H-- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
PRC - [2010/09/04 14:09:24 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/06/24 15:41:38 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/06/24 15:41:34 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/01/27 01:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/02 01:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFCE.EXE
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/05/13 16:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/01/21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/05/29 06:19:56 | 000,598,960 | ---- | M] ( ) -- C:\Windows\System32\lxdlcoms.exe
PRC - [2007/05/11 14:26:44 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/04/23 11:23:14 | 001,032,640 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
PRC - [2007/04/23 11:22:14 | 003,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2005/07/12 19:54:32 | 000,278,528 | ---- | M] () -- C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe
PRC - [2004/06/09 15:37:02 | 000,040,960 | ---- | M] (BIGDOG) -- C:\Windows\VM_STI.EXE


========== Modules (SafeList) ==========

MOD - [2011/04/06 20:34:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.scr
MOD - [2011/03/09 17:54:14 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/16 16:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/02/09 20:10:02 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2010/11/12 15:17:32 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/11/12 15:17:32 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/09/04 14:09:24 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/06/24 15:41:38 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/29 06:19:56 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdlcoms.exe -- (lxdl_device)
SRV - [2007/04/23 11:22:14 | 003,068,352 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)


========== Driver Services (SafeList) ==========

DRV - [2010/11/12 15:17:32 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/11/12 15:17:32 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/11/12 15:17:32 | 000,164,840 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2010/11/12 15:17:32 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/11/12 15:17:32 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/11/12 15:17:32 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/11/12 15:17:32 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2010/11/12 15:17:32 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/11/12 15:17:32 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/09/29 12:27:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/09/29 12:27:14 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/10/14 08:07:40 | 000,348,160 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2007/04/29 09:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/04/03 10:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/02/26 16:25:52 | 000,091,527 | ---- | M] (VM) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbVM31b.sys -- (ZSMC301b)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {ca4eedb3-5719-4e27-a478-8d13f761c28d} - C:\Program Files\SparkleBox\tbSpar.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=uk&ibd=0080822
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {ca4eedb3-5719-4e27-a478-8d13f761c28d} - C:\Program Files\SparkleBox\tbSpar.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/03/28 19:07:16 | 000,000,000 | ---D | M]

[2010/06/30 18:50:50 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2010/06/30 18:50:50 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/06/30 18:59:23 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101208113520.dll (McAfee, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (SparkleBox Toolbar) - {ca4eedb3-5719-4e27-a478-8d13f761c28d} - C:\Program Files\SparkleBox\tbSpar.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (SparkleBox Toolbar) - {ca4eedb3-5719-4e27-a478-8d13f761c28d} - C:\Program Files\SparkleBox\tbSpar.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (SparkleBox Toolbar) - {CA4EEDB3-5719-4E27-A478-8D13F761C28D} - C:\Program Files\SparkleBox\tbSpar.dll (Conduit Ltd.)
O4 - HKLM..\Run: [4oD] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKLM..\Run: [BigDogPath] C:\Windows\VM_STI.EXE (BIGDOG)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [EPSON SX410 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www3.truprint...rintActivia.cab (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Matt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Matt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/03/29 10:59:00 | 000,000,038 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/06/27 15:47:27 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{8d91f010-7045-11dd-b713-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8d91f010-7045-11dd-b713-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Princess.exe -- [2009/07/07 12:50:24 | 004,882,922 | R--- | M] (Macromedia, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/04/06 20:34:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.scr
[2011/04/05 20:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/04/01 20:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digital Assembly
[2011/04/01 20:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Assembly
[2011/04/01 19:13:42 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Malwarebytes
[2011/04/01 19:13:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/01 19:13:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/01 19:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/01 19:13:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/01 19:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/01 19:12:18 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Matt\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/01 19:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2011/04/01 18:10:54 | 000,000,000 | -H-D | C] -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Repair
[2009/04/13 08:19:40 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lexlog.dll
[2007/05/29 06:19:58 | 000,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdlih.exe
[2007/05/29 06:19:56 | 000,598,960 | ---- | C] ( ) -- C:\Windows\System32\lxdlcoms.exe
[2007/05/29 06:19:54 | 000,365,488 | ---- | C] ( ) -- C:\Windows\System32\lxdlcfg.exe
[2007/05/17 16:08:58 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdlpmui.dll
[2007/05/17 16:06:40 | 001,200,128 | ---- | C] ( ) -- C:\Windows\System32\lxdlserv.dll
[2007/05/17 16:00:32 | 000,565,248 | ---- | C] ( ) -- C:\Windows\System32\lxdllmpm.dll
[2007/05/17 16:00:32 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdlcomm.dll
[2007/05/17 16:00:32 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdlinpa.dll
[2007/05/17 15:59:34 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdlhbn3.dll
[2007/05/17 15:57:52 | 000,950,272 | ---- | C] ( ) -- C:\Windows\System32\lxdlusb1.dll
[2007/05/17 15:56:56 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdlcomc.dll
[2007/05/17 15:52:56 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdliesc.dll
[2007/05/17 15:51:30 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdlprox.dll
[2004/12/13 08:57:36 | 000,065,536 | ---- | C] ( ) -- C:\Windows\System32\RCCOLLAB.DLL
[68 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[68 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Users\Matt\Documents\*.tmp files -> C:\Users\Matt\Documents\*.tmp -> ]
[1 C:\Users\Matt\Desktop\*.tmp files -> C:\Users\Matt\Desktop\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/06 20:34:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.scr
[2011/04/06 20:26:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/06 19:58:54 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/06 19:58:54 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/06 12:26:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/02 20:04:36 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/02 20:04:36 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/02 19:58:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/02 19:58:21 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/01 22:52:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/04/01 20:01:30 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Adroit Photo Recovery.lnk
[2011/04/01 19:13:15 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/01 19:12:19 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Matt\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/01 18:14:56 | 000,000,040 | -H-- | M] () -- C:\ProgramData\~42131208
[2011/04/01 18:10:54 | 000,000,581 | -H-- | M] () -- C:\Users\Matt\Desktop\Windows Repair.lnk
[2011/03/25 02:22:28 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/03/10 22:20:00 | 000,244,224 | -H-- | M] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[68 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[68 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Users\Matt\Documents\*.tmp files -> C:\Users\Matt\Documents\*.tmp -> ]
[1 C:\Users\Matt\Desktop\*.tmp files -> C:\Users\Matt\Desktop\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/01 20:01:30 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Adroit Photo Recovery.lnk
[2011/04/01 19:13:15 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/01 18:14:55 | 000,000,040 | -H-- | C] () -- C:\ProgramData\~42131208
[2011/04/01 18:10:54 | 000,000,581 | -H-- | C] () -- C:\Users\Matt\Desktop\Windows Repair.lnk
[2010/12/01 23:11:05 | 000,005,216 | -H-- | C] () -- C:\Users\Matt\AppData\Local\d3d9caps.dat
[2010/10/15 20:14:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/02 18:17:29 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/03/02 18:17:29 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010/03/02 18:17:29 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/03/02 18:17:29 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/03/02 18:17:29 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010/03/02 18:17:29 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010/03/02 18:17:29 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/03/02 18:17:29 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/03/02 18:17:28 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/03/02 18:17:28 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/03/02 18:17:28 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/03/02 18:17:28 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/03/02 18:17:28 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/03/02 18:17:28 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/03/02 18:17:28 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/03/02 18:17:28 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/03/02 18:17:28 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/03/02 18:17:28 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/03/02 18:17:28 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/09/11 20:12:30 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/12 17:16:58 | 000,000,478 | -H-- | C] () -- C:\Users\Matt\AppData\Roaming\settings.ini
[2009/05/12 15:56:04 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/12/07 14:08:04 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/10/08 16:46:45 | 000,000,149 | ---- | C] () -- C:\ProgramData\lxdl
[2008/10/08 16:09:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXDLPMON.DLL
[2008/10/08 16:09:44 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXDLFXPU.DLL
[2008/10/08 16:09:24 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdloem.dll
[2008/10/07 19:57:04 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/29 17:00:07 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2008/09/22 20:13:32 | 000,244,224 | -H-- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/22 20:12:52 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/09/22 20:12:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/22 20:10:12 | 000,000,512 | -H-- | C] () -- C:\Users\Matt\AppData\Roaming\wklnhst.dat
[2008/08/22 21:24:03 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/08/22 21:24:03 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/08/22 21:24:03 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/08/22 21:24:03 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/04/27 10:33:36 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/02/04 00:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/09/04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007/05/28 00:02:38 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdlgrd.dll
[2007/05/03 17:50:10 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdlcoin.dll
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,283,960 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/01 03:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdlvs.dll

========== LOP Check ==========

[2010/02/26 19:23:13 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\7500 Series
[2010/05/09 19:18:27 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Canon
[2010/03/16 20:25:52 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\EPSON
[2008/12/21 19:02:20 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Lexmark Productivity Studio
[2010/12/01 20:29:22 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\NCH Swift Sound
[2010/08/18 22:00:09 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Red Kawa
[2010/09/30 19:51:05 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Regensoft
[2008/09/22 20:10:38 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Template
[2010/06/30 18:50:47 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\TomTom
[2010/04/01 14:42:38 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Uniblue
[2011/02/27 09:48:58 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\uTorrent
[2011/04/01 22:52:29 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:88050731

< End of report >

[golaro]

OTL Extras logfile created on: 06/04/2011 20:35:53 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Matt\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.03 Gb Total Space | 133.10 Gb Free Space | 46.21% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.90 Gb Free Space | 59.01% Space Free | Partition Type: NTFS
Drive E: | 91.93 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08E31F8A-9FA0-404D-AE97-B8E0088317BB}" = lport=445 | protocol=6 | dir=in | app=system |
"{11244C0D-ED76-4BA6-95D7-AE5BFB048EBE}" = lport=3390 | protocol=6 | dir=in | app=system |
"{11D01304-9AE2-47DA-AB3E-DC26BDA73310}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{11F26E9D-1792-4719-989E-3E8B33C622CE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1A6ED4CB-EBEF-4B38-A441-BB1F5AC4250D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1DE45626-BAC7-4AEB-9238-9AB6A82990A5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{20062F9E-37BC-450C-AE44-F2F1BD4C4702}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{2F3DD1D9-992C-46B5-A837-F6A4AD5AF9FA}" = rport=445 | protocol=6 | dir=out | app=system |
"{3595708D-33AA-4E3B-84AB-B5FE96D3EBA6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{36AFFF31-5EAB-4E9D-8DC9-55662B685952}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{3722E28F-5BD0-4C7F-B158-6FABB9316BC7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{399A0666-7768-47DE-9275-42BF96A58EC4}" = lport=3390 | protocol=6 | dir=in | app=system |
"{4CBE5DF1-C2BE-4630-81A4-50A5F8DD46AC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4F2EB716-02F7-43FA-B599-5B9F6118E1C8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5003A333-0294-419B-9537-ACAD6E8F8213}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{59758141-45E4-45F7-B1C5-206BF343CBAC}" = lport=137 | protocol=17 | dir=in | app=system |
"{6515385D-B98E-4C23-A5A7-110169F58FA9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{653FFAB6-6002-42D0-A67C-68D01CE364D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6BE66379-F0FB-4A9D-9DB9-938034830782}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6CEB3FF8-ACCD-4FE2-8FE7-33A81BB838A7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6CED80EC-EB6B-46AE-B619-C93807287774}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{72C4C41F-592A-41E4-AB89-DF79F891FB0B}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{75303877-444B-4775-AB32-395471BE84DF}" = rport=137 | protocol=17 | dir=out | app=system |
"{766D5577-12F2-46E5-B77F-32721153FAD7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7794986B-EAD9-4387-8119-4D8B72D8E558}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{784C12FF-228B-4D38-93C8-E1C2A23411F6}" = rport=10244 | protocol=6 | dir=out | app=system |
"{78640986-053A-4081-BD9C-D2888E1CD26C}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{8778D245-CE26-4A14-B931-5051198BFF6A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8DD1782F-0B97-4EA9-B73E-0BBFEBAC25DC}" = lport=138 | protocol=17 | dir=in | app=system |
"{93850AC1-7833-4608-AC01-2ACF94D388CF}" = lport=10244 | protocol=6 | dir=in | app=system |
"{A526063D-8ECD-4509-B5E9-B289B90EC044}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{B48F8862-49E9-4407-9389-ECDEB086E024}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B55639F1-7CB3-4688-8C7A-A6698057CF3B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BDB2D465-0811-4781-AE9C-89FB46EB2AB2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C776A95E-2F48-4085-A11C-7EB02EE3C3E9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C927CAD9-4241-4F0D-BDA4-2E2E964650F2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CCB916D6-AF11-419B-BF92-34A1EED5571E}" = lport=139 | protocol=6 | dir=in | app=system |
"{DF94696F-A824-47CA-BD22-F8175F7D80AF}" = rport=139 | protocol=6 | dir=out | app=system |
"{E148DE38-642F-4CF8-A4E0-8299536B71BF}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E941C577-BD12-4BFD-9813-B61F09D53E05}" = lport=10244 | protocol=6 | dir=in | app=system |
"{EA9696E5-AE0E-4EC0-BC1E-BBCCADC172F3}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{EDFFA60B-9F13-4EB4-841E-76794629563F}" = rport=138 | protocol=17 | dir=out | app=system |
"{EEFED693-720E-4E46-B7D7-F048864B5F5A}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{F0DBE0B3-BEE9-4273-A3E9-EC1E89E5ABFE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FD89CAC6-8A72-47B9-ACAC-7F023788485E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FD988E10-BB22-40C5-9660-77CBAE47BC9D}" = rport=10244 | protocol=6 | dir=out | app=system |
"{FE13BBEB-B9F7-4487-BF38-437F9C1DDC1B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02564C2F-52E2-4599-9263-97441111D2EB}" = protocol=6 | dir=in | app=c:\users\matt\appdata\local\temp\lxdl\wireless\english\lxdlwpss.exe |
"{0A255138-DBBA-4C10-92E8-04AFDAF08316}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0D70CCD3-0CDB-4B7E-91FB-66F8BB3DE768}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{10A2EF87-6DD2-4EEE-943B-496C488B9755}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{10F8D1EB-45FC-4583-92FB-D573B0C4A8CD}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{19A93411-9114-4FFC-9174-5F302F8A2777}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{1A75B870-F7B8-454C-B5E7-99445E09075E}" = protocol=17 | dir=in | app=c:\program files\lexmark 7500 series\lxdlfax.exe |
"{258B59A2-1869-4707-B7E8-DB7724470A34}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{2789CA0C-0EF1-4B79-8B49-E533B95D2CF4}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{2A7A516F-E289-4DBB-A024-4BF197105D79}" = protocol=6 | dir=in | app=c:\program files\lexmark 7500 series\lxdlamon.exe |
"{34B11B78-C93B-4E85-B093-7D6BF3B938F4}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{359ACA90-B294-4CD2-95C3-0C6A105B62DE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{37370592-A958-4354-A249-B8BC43F684CF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C83CD6F-4A37-445A-B30D-D573BBCD185F}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{3DB5B909-4F2C-440A-B40A-F586F600F976}" = protocol=17 | dir=in | app=c:\program files\lexmark 7500 series\frun.exe |
"{4365C307-D847-4A18-8C6F-D1EE7C250BB2}" = protocol=6 | dir=out | app=system |
"{47D04BED-116B-4FED-A956-C1A497406E3C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4A0241D7-C6B4-4893-A47F-E40A7A700E8F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4A951E8D-2EF5-46A4-8ACC-0D24F062BFC2}" = protocol=6 | dir=in | app=c:\program files\lexmark 7500 series\lxdlfax.exe |
"{576C6FD3-7FE1-47FC-849C-79C2C5F8EFEA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5A3D11D2-FAF3-4917-AAC9-BF6690FC361B}" = protocol=6 | dir=in | app=c:\program files\lexmark\scanback\scanwiz.exe |
"{5A6DCAED-3C66-4AFA-B970-FF18C2CC1852}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5AC8CCD6-CA29-4065-89C1-17E9E85D1E5F}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdlpswx.exe |
"{5EE1A0CF-3566-4A45-8035-BCC871DCE8AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{619C6529-FA93-42C7-BB8B-FA57417864CF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{647C7BA2-5651-44AB-9471-F4F3A6D6134E}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6C9B5477-526C-416A-A845-6CB9FE75FFBC}" = protocol=17 | dir=in | app=c:\windows\system32\lxdlcoms.exe |
"{71BC5E7B-D265-4502-B23B-3977FB3E624F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7421257E-E7B3-4160-A763-A4052DC4F0D0}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{75B37DD5-0462-40D9-96DA-CB3A97B5A831}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{778245EC-05EE-4636-82E3-4D1B206699AE}" = protocol=1 | dir=out | [email protected],-28544 |
"{7AF64D48-F699-4F19-82E2-354DC15F854C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7B97EB72-DA13-4D43-8CAC-279AAF9EDE1C}" = protocol=17 | dir=in | app=c:\program files\lexmark 7500 series\lxdlamon.exe |
"{7D7F45FB-7D6C-42FB-AE68-F6916959824B}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{827580F8-F09D-4EE8-88EF-B25E60C5E284}" = protocol=58 | dir=in | [email protected],-28545 |
"{8CE86B2A-3CAF-4D75-BAC2-15F119DE5A76}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8D2A77BE-3E14-4EC4-AAC4-B46029CFC929}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{8E0DE693-868C-408F-B9B7-C7D8A5204E4A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8EB96612-B835-44CF-9181-B4EDC4AEBD91}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8F410108-C172-427B-B54B-B39E3D5C9C30}" = protocol=58 | dir=out | [email protected],-28546 |
"{9BA78613-F00A-47F5-85B1-50ABB8287DA1}" = protocol=6 | dir=in | app=c:\program files\lexmark 7500 series\frun.exe |
"{9C3FD1C0-CACF-43CE-A9B2-345B7AA43DC9}" = protocol=6 | dir=in | app=c:\program files\lexmark 7500 series\lxdlmon.exe |
"{A83CD9FB-3DC4-40EF-9CDF-F95C0E7D4526}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AA8F1F23-DC04-44AB-BAA6-8CD871C58049}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B1CCEC41-EC18-46E6-901F-2B1176AD30F8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B5BC82B0-27A4-4AD0-85E0-4B5CB0DB177F}" = protocol=17 | dir=in | app=c:\program files\lexmark 7500 series\lxdlmon.exe |
"{B7295CD8-78C8-48C9-92A0-749563BBC947}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{B7F47B18-5C43-49AF-8D7C-4A67B7E7457E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B9858898-D783-4F16-A8C0-88320830AFDF}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{BAE42B01-5013-417E-9D05-B3DD8255AB49}" = protocol=1 | dir=in | [email protected],-28543 |
"{BBCB931C-5A7C-4455-8F3C-39F19427F3EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C092F6C3-B457-4B77-ADDB-F83EECD6B244}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{C13BD561-8FB6-446A-9DB9-E5CC3D3C7AEA}" = protocol=17 | dir=in | app=c:\program files\lexmark\scanback\scanwiz.exe |
"{C1B73ABE-D331-4B65-A3BF-A300DD3CCA1A}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{C63FD93B-D2AE-44BF-AFDE-A445B0ECBE71}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{CB54273D-CA48-4739-BAB6-6D80707F5DA5}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{D1237597-372B-4DC1-AAB7-594159E27997}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D1CC0C5D-859B-40CE-9A9A-C21174BDD6E0}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{D598F913-980A-497C-9A68-E748577CF9E9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D67CB7C4-F00D-4AC9-9381-055E08480988}" = protocol=6 | dir=in | app=c:\windows\system32\lxdlcoms.exe |
"{D6C53D1C-8971-402C-88D0-76E2EE94CE59}" = protocol=17 | dir=in | app=c:\users\matt\appdata\local\temp\lxdl\wireless\english\lxdlwpss.exe |
"{DF6D1082-3507-404C-BF32-C187EEFB9312}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{E1A718C5-7442-4225-868E-CBE70A42B221}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdlpswx.exe |
"{F14318EB-3EC4-4D77-A836-6535C89F2ABF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F175C048-5AD9-4299-B14A-6378EAA704D1}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F52F4BC3-9723-4736-A6A5-577C5E6581EC}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{FAC28690-D027-4BE0-B565-456EB717801C}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{FF38A21E-9CEA-4E6C-902C-343BD1142A21}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"TCP Query User{07FC6793-A272-4E4A-A347-935F7190C7ED}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{1B1860D2-64D4-47A0-A221-FB2600E64BA5}C:\program files\lexmark 7500 series\lxdlmon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 7500 series\lxdlmon.exe |
"TCP Query User{4ADC682B-C178-46F9-B863-72E085B55673}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DC7C38A0-8779-42B8-9B3F-96BAD168274A}E:\fscommand\vividas.exe" = protocol=6 | dir=in | app=e:\fscommand\vividas.exe |
"UDP Query User{5A502297-8552-4B05-9BAE-23CF2C40BCF8}E:\fscommand\vividas.exe" = protocol=17 | dir=in | app=e:\fscommand\vividas.exe |
"UDP Query User{CE81B3D7-A764-47D1-9C66-0C1A7475CD50}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{D3F639C7-681B-4257-B2AF-03CA514C77D0}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{F531CA5C-235F-469D-A13F-A02535B7DB41}C:\program files\lexmark 7500 series\lxdlmon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 7500 series\lxdlmon.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{14DBEC87-6278-4787-8F14-2279CEB3AE11}" = In Print 2
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17BF3045-AB1D-4048-8356-6C584B83565E}" = Canon Utilities Digital Photo Professional 2.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2A2646FB-7BAC-451B-BF90-4889C4429C5E}" = Philips SPC 200NC PC Camera
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{33711828-7194-4446-8C05-0DC0E59A0C1B}" = CANON iMAGE GATEWAY Task
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{36C65B50-37BA-4467-AAD5-0523EFDF6F62}" = Camera Window MC
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4B41AE13-BA0E-4328-8E83-AD2A0BEB33EB}" = Sky Player
"{4DF66F1E-D6C0-4C6A-BBA0-A00EDD0094D0}" = Adroit Photo Recovery
"{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = EOS Capture 1.5
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}" = Internet From BT
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B7443F5-E141-42A0-AB61-ED2331AAD606}" = 4oD
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"4oD" = 4oD
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All To MP3 Converter_is1" = All To MP3 Converter 3.02
"AviSynth" = AviSynth 2.5
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BTHomeHub" = BTHomeHub
"Candy Land - Dora the Explorer Edition_is1" = Candy Land - Dora the Explorer Edition
"EOS USB WIA Driver" = EOS USB WIA Driver
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 User’s Guide" = Epson Stylus SX210_SX410_TX210_TX410 Manual
"EPSON SX410 Series" = EPSON SX410 Series Printer Uninstall
"ExpressBurn" = Express Burn
"Getting Ready for School" = Getting Ready for School
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist Corporate
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{17BF3045-AB1D-4048-8356-6C584B83565E}" = Canon Utilities Digital Photo Professional 2.0
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA Driver
"InstallShield_{36C65B50-37BA-4467-AAD5-0523EFDF6F62}" = Canon Camera Window MC 5 for ZoomBrowser EX
"InstallShield_{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = Canon Utilities EOS Capture 1.5
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"Lexmark_HostCD" = Lexmark Software Uninstall
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSC" = BT NetProtect Plus
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"SparkleBox Toolbar" = SparkleBox Toolbar
"Tesco Photobook Creator_is1" = Tesco Photobook Creator
"TescoDownloader" = Tesco Download Manager
"TomTom HOME" = TomTom HOME 2.7.5.2014
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"Videora iPhone 3G Converter" = Videora iPhone 3G Converter 5.04
"WavePad" = WavePad Sound Editor
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"YouTube Downloader App" = YouTube Downloader App 2.03

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/02/2011 12:01:57 | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18565, time stamp
0x4d0f5fa9, faulting module SHELL32.dll, version 6.0.6001.18588, time stamp 0x4d39aa58,
exception code 0xc0000005, fault offset 0x00089e96, process id 0xdd0, application
start time 0x01cbd760b84df4a0.

Error - 10/03/2011 17:32:55 | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18565, time stamp
0x4d0f5fa9, faulting module SHELL32.dll, version 6.0.6001.18588, time stamp 0x4d39aa58,
exception code 0xc0000005, fault offset 0x0008b97d, process id 0x5374, application
start time 0x01cbdf69d5007c10.

Error - 13/03/2011 05:31:37 | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application ieuser.exe, version 6.0.6001.18000, time stamp
0x47918f0e, faulting module msvcrt.dll, version 7.0.6001.18000, time stamp 0x4791a727,
exception code 0xc0000005, fault offset 0x00009b30, process id 0x68fc, application
start time 0x01cbe15fafeeda00.

Error - 13/03/2011 14:53:42 | Computer Name = Matt-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/03/2011 15:15:28 | Computer Name = Matt-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/03/2011 15:15:58 | Computer Name = Matt-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 13/03/2011 15:15:58 | Computer Name = Matt-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 13/03/2011 23:19:12 | Computer Name = Matt-PC | Source = WinMgmt | ID = 10
Description =

Error - 23/03/2011 09:00:21 | Computer Name = Matt-PC | Source = WinMgmt | ID = 10
Description =

Error - 24/03/2011 16:15:06 | Computer Name = Matt-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 17/05/2010 15:52:39 | Computer Name = Matt-PC | Source = Mcx2Dvcs | ID = 401
Description =

Error - 17/05/2010 15:59:05 | Computer Name = Matt-PC | Source = McrMgr | ID = 107
Description =

[ System Events ]
Error - 11/10/2010 07:11:16 | Computer Name = Matt-PC | Source = DCOM | ID = 10016
Description =

Error - 11/10/2010 07:11:16 | Computer Name = Matt-PC | Source = DCOM | ID = 10016
Description =

Error - 11/10/2010 07:11:16 | Computer Name = Matt-PC | Source = DCOM | ID = 10016
Description =

Error - 11/10/2010 07:11:17 | Computer Name = Matt-PC | Source = DCOM | ID = 10016
Description =

Error - 12/10/2010 13:21:50 | Computer Name = Matt-PC | Source = DCOM | ID = 10016
Description =

Error - 12/10/2010 13:21:50 | Computer Name = Matt-PC | Source = DCOM | ID = 10016
Description =

Error - 12/10/2010 13:22:02 | Computer Name = Matt-PC | Source = DCOM | ID = 10016
Description =

Error - 12/10/2010 13:22:02 | Computer Name = Matt-PC | Source = DCOM | ID = 10016
Description =

Error - 13/10/2010 17:46:27 | Computer Name = Matt-PC | Source = DCOM | ID = 10010
Description =

Error - 30/10/2010 10:21:35 | Computer Name = Matt-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:42:09 on 30/10/2010 was unexpected.


< End of report >

[golaro]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6239

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

01/04/2011 19:34:33
mbam-log-2011-04-01 (19-34-33).txt

Scan type: Quick scan
Objects scanned: 166475
Time elapsed: 6 minute(s), 51 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
c:\programdata\qbhjhyxtxkjfvo.exe (Trojan.Downloader) -> 2200 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QBHjHYxtXkJfvo (Trojan.Downloader) -> Value: QBHjHYxtXkJfvo -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\qbhjhyxtxkjfvo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\programdata\42131208.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Users\Matt\AppData\Local\Temp\tmpC52A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

[maliprog]

Hi golaro,

This is caused by malware. I don't see traces of it anymore but this is his work .

Step 1

Download RogueKiller to your desktop

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 6 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Step 2

Please close all running programs and Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the fix log it produces in your next reply.

Step 3

Please don't forget to include these items in your reply:

• RogueKiller log
• OTL fix log

It would be helpful if you could post each log in separate post

[golaro]

Ok, not quite to plan but here goes. Roguekiller wouldn't work so downlaoded it from another site (not the french one) and it was then ok however there was no option 6. Option 1 was scan so i did that and post the resulting RKreport below. Hope this is ok.

RogueKiller V4.0.0 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User: Matt [Admin rights]
Mode: Scan -- Time : 07/04/2011 18:23:04

Bad processes: 0

Registry Entries: 1
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND

HOSTS File:
127.0.0.1 localhost
::1 localhost


Finished

[golaro]

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Matt\Desktop\cmd.bat deleted successfully.
C:\Users\Matt\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Matt
->Temp folder emptied: 89567160 bytes
->Temporary Internet Files folder emptied: 640148334 bytes
->Java cache emptied: 1223994 bytes
->Google Chrome cache emptied: 39665984 bytes
->Apple Safari cache emptied: 11116544 bytes
->Flash cache emptied: 218937 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 41424 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1077656273 bytes
Error loading Shell32.dll! Cannot empty RecycleBin.
RecycleBin emptied: 14054549031 bytes

Total Files Cleaned = 15,177.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Matt
->Flash cache emptied: 0 bytes

User: Mcx1

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04072011_182705

Files\Folders moved on Reboot...
File\Folder C:\Users\Matt\AppData\Local\Temp\~DF6CEA.tmp not found!
File\Folder C:\Users\Matt\AppData\Local\Temp\~DF70BE.tmp not found!
File\Folder C:\Users\Matt\AppData\Local\Temp\~DF7259.tmp not found!
File\Folder C:\Users\Matt\AppData\Local\Temp\~DF750F.tmp not found!
File\Folder C:\Users\Matt\AppData\Local\Temp\~DF851E.tmp not found!
File\Folder C:\Users\Matt\AppData\Local\Temp\~DF85F1.tmp not found!
File\Folder C:\Users\Matt\AppData\Local\Temp\~DFBC97.tmp not found!
File\Folder C:\Users\Matt\AppData\Local\Temp\~DFBCAA.tmp not found!
C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NVJFZ88Y\embedded[1].htm moved successfully.
C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NVJFZ88Y\xd_proxy[1].htm moved successfully.
C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M6SSUCU9\search[3].htm moved successfully.
C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LTR8B3L6\page__gopid__1992492[1].htm moved successfully.
C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0EOCIHTT\like[1].htm moved successfully.

Registry entries deleted on Reboot...

[maliprog]

Hi golaro,

Please don't download programs from un-trasted sites. You can harm your system. If you have problems let me know.

Please close all running programs and Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  
  :Files
  attrib -h /s /d c:\*.* /c
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the fix log it produces in your next reply.

Test your system and let me know your problems.

[golaro]

Hi, seems like you've come to the rescue. All the files seem to be there with the bulk being in an OST file. I have tried to paste the log but i think theres too much of it so i have copied the first few pages. The remainder say the same thing but with different files. Its too big to attach at 15mg+

Thanks

Golaro



All processes killed
========== OTL ==========
========== FILES ==========
< attrib -h /s /d c:\*.* /c >
Not resetting system file - C:\$Recycle.Bin\S-1-5-20\desktop.ini
Not resetting system file - C:\$Recycle.Bin\S-1-5-21-2773397201-2855733099-4214572315-500\desktop.ini
Not resetting system file - C:\$Recycle.Bin\S-1-5-21-4013651319-2393249910-1013120398-1000\desktop.ini
Not resetting system file - C:\$Recycle.Bin\S-1-5-21-4013651319-2393249910-1013120398-500\desktop.ini
Not resetting system file - C:\$Recycle.Bin\S-1-5-20
Not resetting system file - C:\$Recycle.Bin\S-1-5-21-2773397201-2855733099-4214572315-500
Not resetting system file - C:\$Recycle.Bin\S-1-5-21-4013651319-2393249910-1013120398-1000
Not resetting system file - C:\$Recycle.Bin\S-1-5-21-4013651319-2393249910-1013120398-500
Not resetting system file - C:\-Reverend- And -The -Makers - the- state- of- things-\Thumbs.db
Not resetting system file - C:\All pictures\2005-12 (Dec)\Thumbs.db
Not resetting system file - C:\All pictures\23.07.08\Thumbs.db
Not resetting system file - C:\All pictures\aiya napa 2005\Thumbs.db
Not resetting system file - C:\All pictures\Ann's 60th\Thumbs.db
Not resetting system file - C:\All pictures\aus\new aus\Thumbs.db
Not resetting system file - C:\All pictures\aus\Thumbs.db
Not resetting system file - C:\All pictures\Ball\Thumbs.db
Not resetting system file - C:\All pictures\Cara 2nd B'day\Thumbs.db
Not resetting system file - C:\All pictures\Cara's Photo album\April 2006\Thumbs.db
Not resetting system file - C:\All pictures\Cara's Photo album\April 2007\Thumbs.db
Not resetting system file - C:\All pictures\Cara's Photo album\August 2006\Thumbs.db
Not resetting system file - C:\All pictures\Cara's Photo album\August 2007\Thumbs.db
Not resetting system file - C:\All pictures\Cara's Photo album\Baptism\Thumbs.db
Not resetting system file - C:\All pictures\Cara's Photo album\December 2006\Thumbs.db
Not resetting system file - C:\All pictures\Cara's Photo album\february 2007\Thumbs.db
Not resetting system file - C:\All pictures\Cara's Photo album\First Week\Thumbs.db
Not resetting system file - C:\All pictures\Cara's Photo album\January 2007\Thumbs.db
Not resetting system file - C:\All pictures\Cara's Photo album\July 2006\Thumbs.db
Not resetting system file - C:\All pictures\Cara's Photo album\June 2006\Thumbs.db
Not resetting system file - C:\All pictures\Cara's Photo album\June 2007\Thumbs.db
Not resetting system file - C:\All pictures\Cara's Photo album\March 2007\Thumbs.db
Not resetting system file - C:\All pictures\Cara's Photo album\March 2008\Thumbs.db
Not resetting system file - C:\All pictures\Cara's Photo album\May (2) 2006\Thumbs.db
Not resetting system file - C:\All pictures\Cara's Photo album\May 2006\Thumbs.db
Not resetting system file - C:\All pictures\Cara's Photo album\May 2007\Thumbs.db
Not resetting system file - C:\All pictures\Cara's Photo album\November 2006\Thumbs.db
Not resetting system file - C:\All pictures\Cara's Photo album\October 2006\Thumbs.db
Not resetting system file - C:\All pictures\Cara's Photo album\September\Thumbs.db
Not resetting system file - C:\All pictures\Cara's Photo album\skipsea sands 2007\Thumbs.db
Not resetting system file - C:\All pictures\Cara's Photo album\xmas\Thumbs.db
Not resetting system file - C:\All pictures\Cara's Photo album\Thumbs.db
Not resetting system file - C:\All pictures\Christmas\Thumbs.db
Not resetting system file - C:\All pictures\CONSERVATORY AND GARDEN\Thumbs.db
Not resetting system file - C:\All pictures\CRAIG & LAURA\Thumbs.db
Not resetting system file - C:\All pictures\Craig & Lauras wedding\Thumbs.db
Not resetting system file - C:\All pictures\ebay\Thumbs.db
Not resetting system file - C:\All pictures\flower\Thumbs.db
Not resetting system file - C:\All pictures\hayleys 18th\Thumbs.db
Not resetting system file - C:\All pictures\Hilti\Thumbs.db
Not resetting system file - C:\All pictures\K's 30th\Thumbs.db
Not resetting system file - C:\All pictures\Liz Wedding\Thumbs.db
Not resetting system file - C:\All pictures\Lizs' Hen\Thumbs.db
Not resetting system file - C:\All pictures\louise\Thumbs.db
Not resetting system file - C:\All pictures\lucy\Thumbs.db
Not resetting system file - C:\All pictures\matt driving\Thumbs.db
Not resetting system file - C:\All pictures\Matts Do\Thumbs.db
Not resetting system file - C:\All pictures\Misc 08\Thumbs.db
Not resetting system file - C:\All pictures\mismash\Thumbs.db
Not resetting system file - C:\All pictures\New Folder\Thumbs.db
Not resetting system file - C:\All pictures\NewCanon26.06.08\K 30th\Thumbs.db
Not resetting system file - C:\All pictures\NewCanon26.06.08\Thumbs.db
Not resetting system file - C:\All pictures\sabha pics\Thumbs.db
Not resetting system file - C:\All pictures\skipton castle\Thumbs.db
Not resetting system file - C:\All pictures\Stanley Rd HI children\Thumbs.db
Not resetting system file - C:\All pictures\the car\Thumbs.db
Not resetting system file - C:\All pictures\Tom's 1st\Thumbs.db
Not resetting system file - C:\All pictures\tom's 2nd bday\Thumbs.db
Not resetting system file - C:\All pictures\Desktop.ini
Not resetting system file - C:\All pictures\Thumbs.db
Not resetting system file - C:\Andrea Bocelli\Amore\AlbumArtSmall.jpg
Not resetting system file - C:\Andrea Bocelli\Amore\AlbumArt_{65941D8E-D52E-4945-8E5A-A8D0D2E37734}_Large.jpg
Not resetting system file - C:\Andrea Bocelli\Amore\AlbumArt_{65941D8E-D52E-4945-8E5A-A8D0D2E37734}_Small.jpg
Not resetting system file - C:\Andrea Bocelli\Amore\desktop.ini
Not resetting system file - C:\Andrea Bocelli\Amore\Folder.jpg
Not resetting system file - C:\Andrea Bocelli\desktop.ini
Not resetting system file - C:\Andrea Bocelli\Thumbs.db
Not resetting system file - C:\Arctic monkeys - Whatever people say I am that's what I'm not\AlbumArtSmall.jpg
Not resetting system file - C:\All pictures\Cara's Photo album\May 2007\Thumbs.db
Not resetting system file - C:\All pictures\Cara's Photo album\November 2006\Thumbs.db
Not resetting system file - C:\All pictures\Cara's Photo album\October 2006\Thumbs.db
Not resetting system file - C:\All pictures\Cara's Photo album\September\Thumbs.db
Not resetting system file - C:\All pictures\Cara's Photo album\skipsea sands 2007\Thumbs.db
Not resetting system file - C:\All pictures\Cara's Photo album\xmas\Thumbs.db
Not resetting system file - C:\All pictures\Cara's Photo album\Thumbs.db
Not resetting system file - C:\All pictures\Christmas\Thumbs.db
Not resetting system file - C:\All pictures\CONSERVATORY AND GARDEN\Thumbs.db
Not resetting system file - C:\All pictures\CRAIG & LAURA\Thumbs.db
Not resetting system file - C:\All pictures\Craig & Lauras wedding\Thumbs.db
Not resetting system file - C:\All pictures\ebay\Thumbs.db
Not resetting system file - C:\All pictures\flower\Thumbs.db
Not resetting system file - C:\All pictures\hayleys 18th\Thumbs.db
Not resetting system file - C:\All pictures\Hilti\Thumbs.db
Not resetting system file - C:\All pictures\K's 30th\Thumbs.db
Not resetting system file - C:\All pictures\Liz Wedding\Thumbs.db
Not resetting system file - C:\All pictures\Lizs' Hen\Thumbs.db
Not resetting system file - C:\All pictures\louise\Thumbs.db
Not resetting system file - C:\All pictures\lucy\Thumbs.db
Not resetting system file - C:\All pictures\matt driving\Thumbs.db
Not resetting system file - C:\All pictures\Matts Do\Thumbs.db
Not resetting system file - C:\All pictures\Misc 08\Thumbs.db
Not resetting system file - C:\All pictures\mismash\Thumbs.db
Not resetting system file - C:\All pictures\New Folder\Thumbs.db
Not resetting system file - C:\All pictures\NewCanon26.06.08\K 30th\Thumbs.db
Not resetting system file - C:\All pictures\NewCanon26.06.08\Thumbs.db
Not resetting system file - C:\All pictures\sabha pics\Thumbs.db
Not resetting system file - C:\All pictures\skipton castle\Thumbs.db
Not resetting system file - C:\All pictures\Stanley Rd HI children\Thumbs.db
Not resetting system file - C:\All pictures\the car\Thumbs.db
Not resetting system file - C:\All pictures\Tom's 1st\Thumbs.db
Not resetting system file - C:\All pictures\tom's 2nd bday\Thumbs.db
Not resetting system file - C:\All pictures\Desktop.ini
Not resetting system file - C:\All pictures\Thumbs.db
Not resetting system file - C:\Andrea Bocelli\Amore\AlbumArtSmall.jpg
Not resetting system file - C:\Andrea Bocelli\Amore\AlbumArt_{65941D8E-D52E-4945-8E5A-A8D0D2E37734}_Large.jpg
Not resetting system file - C:\Andrea Bocelli\Amore\AlbumArt_{65941D8E-D52E-4945-8E5A-A8D0D2E37734}_Small.jpg
Not resetting system file - C:\Andrea Bocelli\Amore\desktop.ini
Not resetting system file - C:\Andrea Bocelli\Amore\Folder.jpg
Not resetting system file - C:\Andrea Bocelli\desktop.ini
Not resetting system file - C:\Andrea Bocelli\Thumbs.db
Not resetting system file - C:\Arctic monkeys - Whatever people say I am that's what I'm not\AlbumArtSmall.jpg
Not resetting system file - C:\Arctic monkeys - Whatever people say I am that's what I'm not\AlbumArt_{133E86EE-235D-4F38-8AD7-424B94933C9F}_Large.jpg
Not resetting system file - C:\Arctic monkeys - Whatever people say I am that's what I'm not\AlbumArt_{133E86EE-235D-4F38-8AD7-424B94933C9F}_Small.jpg
Not resetting system file - C:\Arctic monkeys - Whatever people say I am that's what I'm not\desktop.ini
Not resetting system file - C:\Arctic monkeys - Whatever people say I am that's what I'm not\Folder.jpg
Not resetting system file - C:\Arctic monkeys - Whatever people say I am that's what I'm not\Thumbs.db
Not resetting system file - C:\Athlete - Vehicles & Animals\AlbumArtSmall.jpg
Not resetting system file - C:\Athlete - Vehicles & Animals\AlbumArt_{ECF6F289-C2E9-4121-A1AD-EE6EB94CCB1E}_Large.jpg
Not resetting system file - C:\Athlete - Vehicles & Animals\AlbumArt_{ECF6F289-C2E9-4121-A1AD-EE6EB94CCB1E}_Small.jpg
Not resetting system file - C:\Athlete - Vehicles & Animals\desktop.ini
Not resetting system file - C:\Athlete - Vehicles & Animals\Folder.jpg
Not resetting system file - C:\Athlete - Vehicles & Animals\Thumbs.db
Not resetting system file - C:\Aztec Camera\The Best Of Aztec Camera [UK]\AlbumArtSmall.jpg
Not resetting system file - C:\Aztec Camera\The Best Of Aztec Camera [UK]\AlbumArt_{2BCCA0CC-CD53-4735-BADA-DD910E64D173}_Large.jpg
Not resetting system file - C:\Aztec Camera\The Best Of Aztec Camera [UK]\AlbumArt_{2BCCA0CC-CD53-4735-BADA-DD910E64D173}_Small.jpg
Not resetting system file - C:\Aztec Camera\The Best Of Aztec Camera [UK]\desktop.ini
Not resetting system file - C:\Aztec Camera\The Best Of Aztec Camera [UK]\Folder.jpg
Not resetting system file - C:\Aztec Camera\The Best Of Aztec Camera [UK]\Thumbs.db
Not resetting system file - C:\Aztec Camera\desktop.ini
Not resetting system file - C:\Aztec Camera\Thumbs.db
Not resetting system file - C:\Basement Jaxx = The Singles\Thumbs.db
Not resetting system file - C:\Beyonce Ft Jay - Z - Deja Vu (Freemasons Mixes) [2006][Dance][www bitmp3 com]\AlbumArtSmall.jpg
Not resetting system file - C:\Beyonce Ft Jay - Z - Deja Vu (Freemasons Mixes) [2006][Dance][www bitmp3 com]\AlbumArt_{ECCC92DC-F947-4427-B391-EBAB39E2C803}_Large.jpg
Not resetting system file - C:\Beyonce Ft Jay - Z - Deja Vu (Freemasons Mixes) [2006][Dance][www bitmp3 com]\AlbumArt_{ECCC92DC-F947-4427-B391-EBAB39E2C803}_Small.jpg
Not resetting system file - C:\Beyonce Ft Jay - Z - Deja Vu (Freemasons Mixes) [2006][Dance][www bitmp3 com]\desktop.ini
Not resetting system file - C:\Beyonce Ft Jay - Z - Deja Vu (Freemasons Mixes) [2006][Dance][www bitmp3 com]\Folder.jpg
Not resetting system file - C:\Beyonce Ft Jay - Z - Deja Vu (Freemasons Mixes) [2006][Dance][www bitmp3 com]\Thumbs.db
Access denied - C:\Boot\cs-CZ\bootmgr.exe.mui
Access denied - C:\Boot\da-DK\bootmgr.exe.mui
Access denied - C:\Boot\de-DE\bootmgr.exe.mui
Access denied - C:\Boot\el-GR\bootmgr.exe.mui
Access denied - C:\Boot\en-US\bootmgr.exe.mui
Access denied - C:\Boot\en-US\memtest.exe.mui
Access denied - C:\Boot\es-ES\bootmgr.exe.mui
Access denied - C:\Boot\fi-FI\bootmgr.exe.mui
Access denied - C:\Boot\Fonts\chs_boot.ttf
Access denied - C:\Boot\Fonts\cht_boot.ttf
Access denied - C:\Boot\Fonts\jpn_boot.ttf
Access denied - C:\Boot\Fonts\kor_boot.ttf
Access denied - C:\Boot\Fonts\wgl4_boot.ttf
Access denied - C:\Boot\fr-FR\bootmgr.exe.mui
Access denied - C:\Boot\hu-HU\bootmgr.exe.mui
Access denied - C:\Boot\it-IT\bootmgr.exe.mui
Access denied - C:\Boot\ja-JP\bootmgr.exe.mui
Access denied - C:\Boot\ko-KR\bootmgr.exe.mui
Access denied - C:\Boot\nb-NO\bootmgr.exe.mui
Access denied - C:\Boot\nl-NL\bootmgr.exe.mui
Access denied - C:\Boot\pl-PL\bootmgr.exe.mui
Access denied - C:\Boot\pt-BR\bootmgr.exe.mui
Access denied - C:\Boot\pt-PT\bootmgr.exe.mui
Access denied - C:\Boot\ru-RU\bootmgr.exe.mui
Access denied - C:\Boot\sv-SE\bootmgr.exe.mui
Access denied - C:\Boot\tr-TR\bootmgr.exe.mui
Access denied - C:\Boot\zh-CN\bootmgr.exe.mui
Access denied - C:\Boot\zh-HK\bootmgr.exe.mui
Access denied - C:\Boot\zh-TW\bootmgr.exe.mui
Not resetting system file - C:\Boot\bootstat.dat
Access denied - C:\Boot\memtest.exe
Not resetting system file - C:\Bryan Adams\Bryan Adams The Best of me\desktop.ini
Not resetting system file - C:\Bryan Adams\desktop.ini
Not resetting system file - C:\Coldplay\Parachutes\AlbumArtSmall.jpg
Not resetting system file - C:\Coldplay\Parachutes\AlbumArt_{CAAEE3D3-1E76-4E3E-B207-CF3E68D31BAE}_Large.jpg
Not resetting system file - C:\Coldplay\Parachutes\AlbumArt_{CAAEE3D3-1E76-4E3E-B207-CF3E68D31BAE}_Small.jpg
Not resetting system file - C:\Coldplay\Parachutes\desktop.ini
Not resetting system file - C:\Coldplay\Parachutes\Folder.jpg
Not resetting system file - C:\Coldplay\Parachutes\Thumbs.db
Not resetting system file - C:\Coldplay\desktop.ini
Not resetting system file - C:\Coldplay\Thumbs.db
Not resetting system file - C:\Copy of My Music\Desktop.ini
Not resetting system file - C:\Copy of My Music\ehthumbs_vista.db
Not resetting system file - C:\Copy of My Music\Thumbs.db
Not resetting system file - C:\Crash Test Dummies\God Shuffled His Feet\AlbumArtSmall.jpg
Not resetting system file - C:\Crash Test Dummies\God Shuffled His Feet\AlbumArt_{5D7495BC-8E8B-4EF3-9DD5-FF6CA4F95EC9}_Large.jpg
Not resetting system file - C:\Crash Test Dummies\God Shuffled His Feet\AlbumArt_{5D7495BC-8E8B-4EF3-9DD5-FF6CA4F95EC9}_Small.jpg
Not resetting system file - C:\Crash Test Dummies\God Shuffled His Feet\desktop.ini
Not resetting system file - C:\Crash Test Dummies\God Shuffled His Feet\Folder.jpg
Not resetting system file - C:\Crash Test Dummies\desktop.ini
Not resetting system file - C:\Crash Test Dummies\Thumbs.db
Not resetting system file - C:\Daft Punk\Discovery [UK]\AlbumArtSmall.jpg
Not resetting system file - C:\Daft Punk\Discovery [UK]\AlbumArt_{FF2B30C3-2E6D-4D1B-B2F1-721C1BCB25B5}_Large.jpg
Not resetting system file - C:\Daft Punk\Discovery [UK]\AlbumArt_{FF2B30C3-2E6D-4D1B-B2F1-721C1BCB25B5}_Small.jpg
Not resetting system file - C:\Daft Punk\Discovery [UK]\desktop.ini
Not resetting system file - C:\Daft Punk\Discovery [UK]\Folder.jpg
Not resetting system file - C:\Daft Punk\desktop.ini
Not resetting system file - C:\Daft Punk\Thumbs.db
Not resetting system file - C:\David Gray\White Ladder\AlbumArtSmall.jpg
Not resetting system file - C:\David Gray\White Ladder\AlbumArt_{76A32775-3BF3-4F56-81DD-4C175E23BDDE}_Large.jpg
Not resetting system file - C:\David Gray\White Ladder\AlbumArt_{76A32775-3BF3-4F56-81DD-4C175E23BDDE}_Small.jpg
Not resetting system file - C:\David Gray\White Ladder\desktop.ini
Not resetting system file - C:\David Gray\White Ladder\Folder.jpg
Not resetting system file - C:\David Gray\desktop.ini
Not resetting system file - C:\David Gray\Thumbs.db
Not resetting system file - C:\Dolly Parton\Ultimate Dolly Parton [UK]\desktop.ini
Not resetting system file - C:\Dolly Parton\desktop.ini
Not resetting system file - C:\Doves\The Last Broadcast [UK]\AlbumArtSmall.jpg
Not resetting system file - C:\Doves\The Last Broadcast [UK]\AlbumArt_{A303B85D-D203-4A40-97CE-21F773A42F40}_Large.jpg
Not resetting system file - C:\Doves\The Last Broadcast [UK]\AlbumArt_{A303B85D-D203-4A40-97CE-21F773A42F40}_Small.jpg
Not resetting system file - C:\Doves\The Last Broadcast [UK]\desktop.ini
Not resetting system file - C:\Doves\The Last Broadcast [UK]\Folder.jpg
Not resetting system file - C:\Doves\The Last Broadcast [UK]\Thumbs.db
Not resetting system file - C:\Doves\desktop.ini
Not resetting system file - C:\Doves\Thumbs.db
Not resetting system file - C:\Elvis Presley\Artist of the Century Disc 1\AlbumArtSmall.jpg
Not resetting system file - C:\Elvis Presley\Artist of the Century Disc 1\AlbumArt_{46F7C10B-9989-4FD0-8547-25996971AC0E}_Large.jpg
Not resetting system file - C:\Elvis Presley\Artist of the Century Disc 1\AlbumArt_{46F7C10B-9989-4FD0-8547-25996971AC0E}_Small.jpg
Not resetting system file - C:\Elvis Presley\Artist of the Century Disc 1\desktop.ini
Not resetting system file - C:\Elvis Presley\Artist of the Century Disc 1\Folder.jpg
Not resetting system file - C:\Elvis Presley\Artist of the Century Disc 2\AlbumArtSmall.jpg
Not resetting system file - C:\Elvis Presley\Artist of the Century Disc 2\AlbumArt_{C86ED420-F120-456D-948F-A8726E6DF0E8}_Large.jpg
Not resetting system file - C:\Elvis Presley\Artist of the Century Disc 2\AlbumArt_{C86ED420-F120-456D-948F-A8726E6DF0E8}_Small.jpg
Not resetting system file - C:\Elvis Presley\Artist of the Century Disc 2\desktop.ini
Not resetting system file - C:\Elvis Presley\Artist of the Century Disc 2\Folder.jpg

[maliprog]

Hi golaro,

Glad to hear that . Don't bother with OTL fix log. How is your system now? Any problems?

[golaro]

I think its all ok, just need to move the files out of the new log.
Thanks so much for your help its great what you guys do to help out the technically inept like myself.

Cheers

Golaro

[maliprog]

Hi golaro,

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update

• Click Start, click Run, type sysdm.cpl, and then press ENTER.
• Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
• Click OK button

2. Delete Temp files

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.

[maliprog]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.