Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Security Alerts still OFF after XP Total Security infection


  • This topic is locked This topic is locked

#1
jems

jems

    Member

  • Member
  • PipPip
  • 58 posts
Hi There,

Last week I picked up the "XP Total Security" rogue malware bug. (How does this get onto my system? Is it when d/ling something or just browsing ... ?) I managed to get rid of it following the instructions found on this forum here:

http://www.geekstogo...and-its-clones/

However, after the removal of the bug I could not get Windows Security Updates to turn back to automatic. I tried doing this both from the bottom toolbar icon and through the control panel. I have tried since but it remains "off".

Now, a week on I just got the same "XP Total Security" infection!!! Not sure if something is still hanging around and causing the Security Updates to remain off ???

Any ideas?

ETA: Just realised today that windows updates are also failing! I just get an error.
I ran AVAST anti virus and it found a bug which was removed, it then ran BEFORE wondows start up and was clean.
I re-ran Malwarebytes and it was clean.
But still I can't update or turn on auto updates.

Can anyone help?

Edited by jems, 18 May 2011 - 02:52 PM.

  • 0

Advertisements


#2
jems

jems

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Just realised today that windows updates are also failing! I just get an error.

I ran AVAST anti virus and it found a bug which was removed, it then ran BEFORE wondows start up and was clean.

I re-ran Malwarebytes and it was clean.

But still I can't update or turn on auto updates.

Can anyone help?

Edited by jems, 18 May 2011 - 02:51 PM.

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there sorry for the delay

Could you run this programme first and then run an analysis

Go to this page
Run the fixit there (big button about one third the way down) - if the normal run does not cure it then re run and use the aggressive mode

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#4
jems

jems

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Thankso much for your response.

I ran the FIX IT on agressive mode and automatic updates is back. :)

I ran OTL but only the LOG file OTL.txt was created.

When trying to find a fix earlier today I ran OTL and it did create two files - an extras.txt and an otl.text.
But this time it only created 1.
Should I also post the extras file form easlier today?


OTL logfile created on: 21/05/2011 19:52:12 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\XPMCE\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 7.02 Gb Free Space | 23.97% Space Free | Partition Type: NTFS
Drive E: | 45.23 Gb Total Space | 45.11 Gb Free Space | 99.73% Space Free | Partition Type: NTFS
Drive X: | 902.22 Gb Total Space | 393.86 Gb Free Space | 43.65% Space Free | Partition Type: NTFS

Computer Name: MCE | User Name: XPMCE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/21 13:12:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XPMCE\Desktop\OTL.exe
PRC - [2011/05/10 13:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/05/10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/12/10 13:29:00 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/11/30 21:20:46 | 000,107,568 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2010/11/30 21:19:06 | 000,268,848 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2010/10/15 19:42:14 | 000,326,704 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2010/10/15 19:35:30 | 000,352,304 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/21 13:12:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XPMCE\Desktop\OTL.exe
MOD - [2011/05/10 13:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/12/10 13:29:00 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/11/30 21:20:50 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/11/30 21:19:06 | 000,268,848 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010/10/15 19:42:14 | 000,326,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010/10/15 19:35:30 | 000,352,304 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 13:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 13:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 13:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 13:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 12:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 12:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 12:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/22 20:19:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010/09/22 20:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/02 12:05:00 | 000,131,584 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw99bda.sys -- (HCW99BDA)
DRV - [2008/08/01 19:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 19:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/13 19:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/04/13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/03/17 18:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/01/27 15:04:16 | 000,099,584 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2004/10/27 16:21:30 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2002/09/16 18:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1177238915-299502267-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.uk.yahoo.com/
IE - HKU\S-1-5-21-1177238915-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1177238915-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.4
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {04b56b3f-c4f4-48ba-9ea1-30e04fb7d829}:2.6.20091103
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:4.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/06 21:45:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/08 11:23:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/08 11:23:34 | 000,000,000 | ---D | M]

[2011/01/03 16:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XPMCE\Application Data\Mozilla\Extensions
[2011/01/03 16:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XPMCE\Application Data\Mozilla\Extensions\[email protected]
[2011/05/08 11:28:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XPMCE\Application Data\Mozilla\Firefox\Profiles\j5j79q4i.default\extensions
[2011/05/01 22:51:21 | 000,000,000 | ---D | M] (Session Manager) -- C:\Documents and Settings\XPMCE\Application Data\Mozilla\Firefox\Profiles\j5j79q4i.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2010/04/27 17:58:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\XPMCE\Application Data\Mozilla\Firefox\Profiles\j5j79q4i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/01 22:51:20 | 000,000,000 | ---D | M] (FireGestures) -- C:\Documents and Settings\XPMCE\Application Data\Mozilla\Firefox\Profiles\j5j79q4i.default\extensions\[email protected]
[2010/01/16 20:55:31 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\XPMCE\Application Data\Mozilla\Firefox\Profiles\j5j79q4i.default\searchplugins\dictionary.xml
[2010/01/16 20:53:21 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\XPMCE\Application Data\Mozilla\Firefox\Profiles\j5j79q4i.default\searchplugins\imdb.xml
[2010/01/24 11:36:11 | 000,002,212 | ---- | M] () -- C:\Documents and Settings\XPMCE\Application Data\Mozilla\Firefox\Profiles\j5j79q4i.default\searchplugins\lyrics-search.xml
[2010/01/16 20:52:13 | 000,002,256 | ---- | M] () -- C:\Documents and Settings\XPMCE\Application Data\Mozilla\Firefox\Profiles\j5j79q4i.default\searchplugins\snappy-words.xml
[2011/05/08 11:23:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/23 18:58:17 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/27 17:56:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/07 00:01:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/11 11:00:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/19 22:11:47 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
File not found (No name found) --
[2010/01/16 20:26:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 17:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/10 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1177238915-299502267-682003330-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1177238915-299502267-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1263590890373 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 76.14.0.9 64.127.100.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/15 21:34:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{22c1abff-174b-11e0-b82f-001731cb1bea}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O33 - MountPoints2\{5e6dca3c-484a-11df-b74c-001731cb1bea}\Shell\AutoRun\command - "" = E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
O33 - MountPoints2\{856889ee-95dc-11df-b79d-001731cb1bea}\Shell - "" = AutoRun
O33 - MountPoints2\{856889ee-95dc-11df-b79d-001731cb1bea}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{856889ee-95dc-11df-b79d-001731cb1bea}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{e87a1206-0d84-11df-b70c-001731cb1bea}\Shell - "" = AutoRun
O33 - MountPoints2\{e87a1206-0d84-11df-b70c-001731cb1bea}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e87a1206-0d84-11df-b70c-001731cb1bea}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1177238915-299502267-682003330-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1177238915-299502267-682003330-1003\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/21 19:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPMCE\Desktop\older
[2011/05/21 13:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPMCE\Application Data\SUPERAntiSpyware.com
[2011/05/21 13:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/21 13:42:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/05/21 13:42:36 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/21 13:42:13 | 011,205,608 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\XPMCE\Desktop\SUPERAntiSpyware.exe
[2011/05/21 13:12:34 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\XPMCE\Desktop\OTL.exe
[2011/05/21 12:55:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/05/21 12:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPMCE\Application Data\ElevatedDiagnostics
[2011/05/21 12:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/05/21 12:39:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/05/14 23:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPMCE\Desktop\wft lab
[2011/05/14 23:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPMCE\Desktop\lab and puffins
[2011/05/05 20:28:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPMCE\Desktop\Kirstene

========== Files - Modified Within 30 Days ==========

[2011/05/21 19:46:43 | 000,193,460 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/21 19:46:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/21 17:50:27 | 000,186,880 | ---- | M] () -- C:\Documents and Settings\XPMCE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/21 14:28:04 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/21 14:28:03 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/21 14:28:03 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/21 14:24:08 | 000,013,666 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/21 13:42:38 | 000,001,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/21 13:42:13 | 011,205,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\XPMCE\Desktop\SUPERAntiSpyware.exe
[2011/05/21 13:23:03 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/05/21 13:12:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XPMCE\Desktop\OTL.exe
[2011/05/21 12:05:44 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2011/05/21 12:04:45 | 000,016,820 | -HS- | M] () -- C:\Documents and Settings\XPMCE\Local Settings\Application Data\462siw7cfe
[2011/05/21 12:04:45 | 000,016,820 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\462siw7cfe
[2011/05/20 23:24:22 | 000,016,913 | ---- | M] () -- C:\Documents and Settings\XPMCE\.recently-used.xbel
[2011/05/17 22:15:53 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/17 11:56:12 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/17 11:46:54 | 000,015,722 | -HS- | M] () -- C:\Documents and Settings\XPMCE\Local Settings\Application Data\q627c3m4061358n50t62
[2011/05/17 11:46:54 | 000,015,722 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\q627c3m4061358n50t62
[2011/05/16 22:54:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/10 13:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/10 13:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/10 13:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/10 13:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/10 13:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/10 13:02:25 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/10 13:02:22 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/10 12:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/10 12:59:37 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/10 12:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/05/08 11:23:37 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\XPMCE\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/08 11:23:37 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/08 10:57:07 | 000,002,210 | -HS- | M] () -- C:\Documents and Settings\XPMCE\Local Settings\Application Data\re15525dl3y7e4hemd3d26i4u6tdmmy
[2011/05/08 10:57:07 | 000,002,210 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\re15525dl3y7e4hemd3d26i4u6tdmmy
[2011/04/26 17:35:34 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2011/05/21 13:42:38 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/21 12:02:37 | 000,016,820 | -HS- | C] () -- C:\Documents and Settings\XPMCE\Local Settings\Application Data\462siw7cfe
[2011/05/21 12:02:37 | 000,016,820 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\462siw7cfe
[2011/05/20 23:24:22 | 000,016,913 | ---- | C] () -- C:\Documents and Settings\XPMCE\.recently-used.xbel
[2011/05/17 11:44:54 | 000,015,722 | -HS- | C] () -- C:\Documents and Settings\XPMCE\Local Settings\Application Data\q627c3m4061358n50t62
[2011/05/17 11:44:54 | 000,015,722 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\q627c3m4061358n50t62
[2011/05/08 11:23:37 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/08 10:41:23 | 000,002,210 | -HS- | C] () -- C:\Documents and Settings\XPMCE\Local Settings\Application Data\re15525dl3y7e4hemd3d26i4u6tdmmy
[2011/05/08 10:41:23 | 000,002,210 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\re15525dl3y7e4hemd3d26i4u6tdmmy
[2011/04/26 17:35:34 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/02/16 01:18:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2010/12/06 21:38:24 | 000,193,167 | ---- | C] () -- C:\WINDOWS\hpoins43.dat
[2010/12/06 21:38:24 | 000,000,675 | ---- | C] () -- C:\WINDOWS\hpomdl43.dat
[2010/10/11 20:09:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2010/07/31 16:14:33 | 000,000,089 | ---- | C] () -- C:\WINDOWS\bsm.ini
[2010/03/23 19:26:32 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/02/06 14:21:55 | 000,017,960 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/21 18:11:50 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/16 13:54:08 | 000,186,880 | ---- | C] () -- C:\Documents and Settings\XPMCE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/16 10:53:09 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\XPMCE\Local Settings\Application Data\fusioncache.dat
[2010/01/16 00:19:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/15 23:42:41 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/01/15 23:40:39 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/01/15 21:56:21 | 000,004,509 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/01/15 21:56:20 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/01/15 21:56:09 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/01/15 21:36:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/01/15 21:29:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/15 21:19:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/15 21:18:05 | 000,116,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/01/24 11:15:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/01/24 11:15:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/01/24 11:15:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/01/24 11:15:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/01/24 11:15:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/01/24 11:15:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/01/24 11:15:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/01/24 11:15:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/01/24 11:15:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/01/24 11:15:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/08/10 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/03/11 20:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/06/15 03:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Boss Media
[2010/12/20 15:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hssff
[2010/01/16 12:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2011/01/03 16:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/04/03 17:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/16 00:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/10/30 14:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPMCE\Application Data\Amazon
[2010/08/07 12:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPMCE\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/02/15 20:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPMCE\Application Data\Digiarty
[2011/05/21 12:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPMCE\Application Data\ElevatedDiagnostics
[2011/05/20 23:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPMCE\Application Data\gtk-2.0
[2010/01/16 12:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPMCE\Application Data\MSNInstaller
[2010/01/16 00:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPMCE\Application Data\OpenOffice.org
[2011/01/03 16:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPMCE\Application Data\TomTom

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2011/05/21 12:54:22 | 006,776,168 | ---- | M] (Microsoft Corporation) -- C:\WindowsUpdateAgent30-x86.exe


< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/10 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/10 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/10 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< >

< End of report >
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OTL will only produce the extra for the first run. On completion of this can you let me know what problems remain

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\XPMCE\Local Settings\Application Data\462siw7cfe
    C:\Documents and Settings\All Users\Application Data\462siw7cfe
    C:\Documents and Settings\XPMCE\Local Settings\Application Data\q627c3m4061358n50t62
    C:\Documents and Settings\All Users\Application Data\q627c3m4061358n50t62
    C:\Documents and Settings\XPMCE\Local Settings\Application Data\re15525dl3y7e4hemd3d26i4u6tdmmy
    C:\Documents and Settings\All Users\Application Data\re15525dl3y7e4hemd3d26i4u6tdmmy

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#6
jems

jems

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
OTL log:

OTL logfile created on: 22/05/2011 10:33:07 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\XPMCE\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 7.13 Gb Free Space | 24.35% Space Free | Partition Type: NTFS
Drive E: | 45.23 Gb Total Space | 45.11 Gb Free Space | 99.73% Space Free | Partition Type: NTFS
Drive X: | 902.22 Gb Total Space | 393.41 Gb Free Space | 43.60% Space Free | Partition Type: NTFS

Computer Name: MCE | User Name: XPMCE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/21 13:12:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XPMCE\Desktop\OTL.exe
PRC - [2011/05/10 13:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/05/04 18:42:04 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/12/10 13:29:00 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/21 13:12:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XPMCE\Desktop\OTL.exe
MOD - [2011/05/10 13:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/12/10 13:29:00 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 13:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 13:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 13:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 13:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 12:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 12:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 12:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/22 20:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/02 12:05:00 | 000,131,584 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw99bda.sys -- (HCW99BDA)
DRV - [2008/08/01 19:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 19:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/13 19:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/04/13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/03/17 18:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/01/27 15:04:16 | 000,099,584 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2004/10/27 16:21:30 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2002/09/16 18:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.uk.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.4
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {04b56b3f-c4f4-48ba-9ea1-30e04fb7d829}:2.6.20091103
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:4.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/06 21:45:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/08 11:23:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/08 11:23:34 | 000,000,000 | ---D | M]

[2011/01/03 16:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XPMCE\Application Data\Mozilla\Extensions
[2011/01/03 16:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XPMCE\Application Data\Mozilla\Extensions\[email protected]
[2011/05/21 21:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XPMCE\Application Data\Mozilla\Firefox\Profiles\j5j79q4i.default\extensions
[2011/05/01 22:51:21 | 000,000,000 | ---D | M] (Session Manager) -- C:\Documents and Settings\XPMCE\Application Data\Mozilla\Firefox\Profiles\j5j79q4i.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2010/04/27 17:58:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\XPMCE\Application Data\Mozilla\Firefox\Profiles\j5j79q4i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/01 22:51:20 | 000,000,000 | ---D | M] (FireGestures) -- C:\Documents and Settings\XPMCE\Application Data\Mozilla\Firefox\Profiles\j5j79q4i.default\extensions\[email protected]
[2010/01/16 20:55:31 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\XPMCE\Application Data\Mozilla\Firefox\Profiles\j5j79q4i.default\searchplugins\dictionary.xml
[2010/01/16 20:53:21 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\XPMCE\Application Data\Mozilla\Firefox\Profiles\j5j79q4i.default\searchplugins\imdb.xml
[2010/01/24 11:36:11 | 000,002,212 | ---- | M] () -- C:\Documents and Settings\XPMCE\Application Data\Mozilla\Firefox\Profiles\j5j79q4i.default\searchplugins\lyrics-search.xml
[2010/01/16 20:52:13 | 000,002,256 | ---- | M] () -- C:\Documents and Settings\XPMCE\Application Data\Mozilla\Firefox\Profiles\j5j79q4i.default\searchplugins\snappy-words.xml
[2011/05/21 20:36:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/23 18:58:17 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/27 17:56:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/07 00:01:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/05/21 20:36:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/21 20:36:12 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 17:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/05/21 20:36:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/05/22 10:26:33 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1263590890373 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 76.14.0.9 64.127.100.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/15 21:34:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{22c1abff-174b-11e0-b82f-001731cb1bea}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O33 - MountPoints2\{5e6dca3c-484a-11df-b74c-001731cb1bea}\Shell\AutoRun\command - "" = E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
O33 - MountPoints2\{856889ee-95dc-11df-b79d-001731cb1bea}\Shell - "" = AutoRun
O33 - MountPoints2\{856889ee-95dc-11df-b79d-001731cb1bea}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{856889ee-95dc-11df-b79d-001731cb1bea}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{e87a1206-0d84-11df-b70c-001731cb1bea}\Shell - "" = AutoRun
O33 - MountPoints2\{e87a1206-0d84-11df-b70c-001731cb1bea}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e87a1206-0d84-11df-b70c-001731cb1bea}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/22 10:26:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/21 21:06:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011/05/21 21:06:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011/05/21 21:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPMCE\Application Data\Windows Desktop Search
[2011/05/21 20:58:44 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/21 20:58:44 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/05/21 20:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/05/21 20:58:43 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/21 20:58:43 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/21 20:58:43 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/21 20:58:43 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/21 20:58:43 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/21 20:58:43 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/21 20:58:30 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/21 20:58:30 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/21 20:58:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/21 20:58:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/21 20:50:13 | 000,306,736 | ---- | C] (AVAST Software) -- C:\Documents and Settings\XPMCE\Desktop\aswclear.exe
[2011/05/21 20:42:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPMCE\Application Data\vlc
[2011/05/21 20:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/05/21 20:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS
[2011/05/21 20:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CutePDF
[2011/05/21 20:38:44 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2011/05/21 20:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/21 20:18:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/05/21 20:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/05/21 19:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPMCE\Desktop\older
[2011/05/21 13:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPMCE\Application Data\SUPERAntiSpyware.com
[2011/05/21 13:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/21 13:42:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/05/21 13:42:36 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/21 13:42:13 | 011,205,608 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\XPMCE\Desktop\SUPERAntiSpyware.exe
[2011/05/21 13:12:34 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\XPMCE\Desktop\OTL.exe
[2011/05/21 12:55:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/05/21 12:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPMCE\Application Data\ElevatedDiagnostics
[2011/05/21 12:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/05/21 12:39:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/05/14 23:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPMCE\Desktop\wft lab
[2011/05/14 23:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPMCE\Desktop\lab and puffins
[2011/05/05 20:28:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPMCE\Desktop\Kirstene

========== Files - Modified Within 30 Days ==========

[2011/05/22 10:30:13 | 000,193,460 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/22 10:28:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/22 10:26:33 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/21 21:07:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/21 21:06:15 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/05/21 21:06:11 | 000,502,150 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/21 21:06:11 | 000,086,234 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/21 21:03:39 | 000,013,666 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/21 20:58:44 | 000,001,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/05/21 20:58:43 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/21 20:50:14 | 000,306,736 | ---- | M] (AVAST Software) -- C:\Documents and Settings\XPMCE\Desktop\aswclear.exe
[2011/05/21 20:46:58 | 056,923,744 | ---- | M] () -- C:\Documents and Settings\XPMCE\Desktop\setup_av_free.exe
[2011/05/21 20:42:46 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/05/21 17:50:27 | 000,186,880 | ---- | M] () -- C:\Documents and Settings\XPMCE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/21 13:42:38 | 000,001,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/21 13:42:13 | 011,205,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\XPMCE\Desktop\SUPERAntiSpyware.exe
[2011/05/21 13:23:03 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/05/21 13:12:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XPMCE\Desktop\OTL.exe
[2011/05/21 12:05:44 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2011/05/20 23:24:22 | 000,016,913 | ---- | M] () -- C:\Documents and Settings\XPMCE\.recently-used.xbel
[2011/05/17 11:56:12 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/16 22:54:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/10 13:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/10 13:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/10 13:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/10 13:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/10 13:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/10 13:02:25 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/10 13:02:22 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/10 12:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/10 12:59:37 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/10 12:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/05/08 11:23:37 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\XPMCE\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/08 11:23:37 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2011/05/21 21:06:15 | 000,001,816 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2011/05/21 21:06:15 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/05/21 21:05:36 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/05/21 20:58:44 | 000,001,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/05/21 20:46:56 | 056,923,744 | ---- | C] () -- C:\Documents and Settings\XPMCE\Desktop\setup_av_free.exe
[2011/05/21 20:42:46 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/05/21 20:38:50 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/05/21 13:42:38 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/20 23:24:22 | 000,016,913 | ---- | C] () -- C:\Documents and Settings\XPMCE\.recently-used.xbel
[2011/05/08 11:23:37 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/02/16 01:18:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2010/12/06 21:38:24 | 000,193,167 | ---- | C] () -- C:\WINDOWS\hpoins43.dat
[2010/12/06 21:38:24 | 000,000,675 | ---- | C] () -- C:\WINDOWS\hpomdl43.dat
[2010/10/11 20:09:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2010/07/31 16:14:33 | 000,000,089 | ---- | C] () -- C:\WINDOWS\bsm.ini
[2010/03/23 19:26:32 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/02/06 14:21:55 | 000,017,960 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/21 18:11:50 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/16 13:54:08 | 000,186,880 | ---- | C] () -- C:\Documents and Settings\XPMCE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/16 10:53:09 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\XPMCE\Local Settings\Application Data\fusioncache.dat
[2010/01/16 00:19:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/15 23:42:41 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/01/15 23:40:39 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/01/15 21:56:21 | 000,004,509 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/01/15 21:56:20 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/01/15 21:56:09 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/01/15 21:36:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/01/15 21:29:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/15 21:19:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/15 21:18:05 | 000,116,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/01/24 11:15:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/01/24 11:15:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/01/24 11:15:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/01/24 11:15:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/01/24 11:15:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/01/24 11:15:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/01/24 11:15:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/01/24 11:15:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/01/24 11:15:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/01/24 11:15:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/08/10 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:00:00 | 000,502,150 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:00:00 | 000,086,234 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/03/11 20:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/05/21 20:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/06/15 03:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Boss Media
[2010/01/16 12:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2011/01/03 16:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/04/03 17:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/16 00:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/10/30 14:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPMCE\Application Data\Amazon
[2010/08/07 12:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPMCE\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/02/15 20:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPMCE\Application Data\Digiarty
[2011/05/21 12:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPMCE\Application Data\ElevatedDiagnostics
[2011/05/20 23:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPMCE\Application Data\gtk-2.0
[2010/01/16 12:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPMCE\Application Data\MSNInstaller
[2010/01/16 00:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPMCE\Application Data\OpenOffice.org
[2011/01/03 16:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPMCE\Application Data\TomTom
[2011/05/21 21:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPMCE\Application Data\Windows Desktop Search

========== Purity Check ==========



< End of report >


MALWAREBYTES LOG:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6639

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22/05/2011 10:45:10
mbam-log-2011-05-22 (10-45-10).txt

Scan type: Quick scan
Objects scanned: 145746
Time elapsed: 5 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---------------

NOTE: Last night I believe my partner removed Hotpot Shield and Java and Adobe reader.
He then installed the latest Java and Cute PDF as replacements.
I hope these changes won't hinder you too much.

Everything seems to be running fine now and the automatic updates are back and have remained on. :unsure:

Can I ask - we are only using the Windows Firewall and I was wondering if we should look to get a better Firewall - since I assume that is how this trogan got in. (Actually if you have time could you let me know HOW the XP Security bug gets in in the first place? (or a link to somewhere which tells me) Is there a Firewall you might recommend which would work alongside Avast?

Also - thanks so much for your time and patience. :)
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Can I ask - we are only using the Windows Firewall and I was wondering if we should look to get a better Firewall - since I assume that is how this trogan got in. (Actually if you have time could you let me know HOW the XP Security bug gets in in the first place? (or a link to somewhere which tells me) Is there a Firewall you might recommend which would work alongside Avast?

Ok first the firewall - this one is compatible with Avast - PCTools free firewall

As for how you got it - well there are plenty of variations on a theme for this, legitimate websites are hacked, although Avast is very hot in this area. A popup appears on a web page and you either click no or close by using the X, however, the way the popup is designed all of these actions would be the same as pressing run. So if you get them then close IE or Firefox via task manager and you should be OK. Additionally they can be attached to torrents or P2P files if you use them

Subject to no further problems :unsure:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :yes:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#8
jems

jems

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Thanks so much.

I believe the initial infection was exactly as you described - I clicked to close an advert (I know better than to do this but it was an almost automatic reaction!) and the bug must have got past the Windows Firewall - it actually closed Forefox itself and wouldn't allow it to be re-opened! I guess it somehow deleted the automatic updates files as well allowing a way to get back in!? I am a bit concerned concerned AVAST missed it. :unsure:

Thanks for the Firewall recommendation. I am off to download.

I double checked and we have the latest Java installed so that's all good.

And I'll go run all the recommended scans to "clean up".

We already run Malware regularly - it's an excellent program and Avast is regularly updated!! :) Hopefully with a new Firewall I can stay clean!

Thanks so much again for all your help.
  • 0

#9
jems

jems

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Gah - just in the middle of doing all the scans / installing new Firewall and I went to watch TV (we run MCE) ... the Media Centre no longer works.
I can run the software and it starts up but but it won't run "live tv" or "guide" or "recorded tv". It just becomes non responsive and I have to ctl/alt/dlt to close..

:-/

Any ideas?

Should I start a new topic in the software area ... ??
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets try to reset the media centre

start a cmd window by

*clicking on start, run, type the letters "cmd" press enter

once you have the black box with the prompt >_

paste or enter this

%windir%\ehome\medctrro.exe /o /p RunOnce

This may take a while as all files and entries are reset

Reboot then try media centre
  • 0

Advertisements


#11
jems

jems

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
I ran the CMD suggested and it pretty much just hesitated a few seconds and then the same prompt line came up and a flashing cursor ready to type something else.

Un-sure if anything had happened I re-booted anyway and ran Media Centre.

Upon trying to open the guide, rather than just crashing, this time I got a range of messages:
1. MCE said: "Critial Madia Centre Process has unexpectedly failed. If problem persist restart and try again or contact tech support".
I closed that and then:
2. "Some of the files needed to play radio or video are missing or corrupt. Try restart!"

Then a pop up window came:
ehshell.exe common language debug service. Aplication has generated an expction that could not be handled.
Process id=0xddc (3548), thread id=0xde0 (355c)

It then asked whether to terminate and generated a crash report which for some reason didn't send. I have no print screen key on this daft keyboard so I took a photo of the crash report (attached).

The following came up when I clicked view technical information:
C:\Documents and Settings\XPMCE\Local Settings\Application Data\microsoft\ehome\ehshell.crash
C:\WINDOWS\medctroc.log
C:\Documents and Settings\XPMCE\Local Settings\Application Data\microsoft\ehome\BlackScreen.log

-------

FYI - I did a full Windows Update installation today following all the fixes etc and I did notice some random shell names files downloading ... might these be to blame? :-/

Sorry for the continued hastle and thanks so much for the ongoing technical support! You are a star!

Attached Thumbnails

  • DSC02990.JPG

  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you go to windows updates and see if there is a dotnet framework for you to download, as that is the common cause of this error - meanwhile I will look at the more esoteric ones :)
  • 0

#13
jems

jems

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
One of the download earlier was dotnet framework.

Right now there are two un-critical:

1 (software) - Update for Root Certificates [March 2011] (KB931125)

2(hardware) nVidia - Display, Other hardware - NVIDIA GeForce 6150

---

I am about to go download and install both and check if MCE starts working.

Thanks.
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I have also found out that a corrupt dotnet framework 1 can also cause this error - so we are narrowing it down.

Did the problem occur after the first dotnet update ?
  • 0

#15
jems

jems

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Eeek, to be honest I am not sure.

Live TV was certainly working fine last night AND the recorded TV listing was definitely available to view. In fact, the media centre was recording because I remember it asking me if it was okay to stop when I did a reboot.

So it must have been working okay until today. Today I have followed all the protocols you detailed AND installed a few microsoft updates. Let me know if you want me to check exactly what was installed and I'll check the list/dates).

......

Ok, since my last entry I installed the two updates I detailed in the previous entry and MCE still didn't give a critical error this time and did not crash - instead it just said "Some of the files needed to play radio or video are missing or corrupt." and I closed the software without having to ctl/alt/del. It also allowed me into "recorded tv" but said no files are listed (yet all the files are actually still on the pc.

......

(Not sure if this is relevant but the actual tv files for our media centre at on a different hard drive. Could it be that the pathways set up in MCE have been altered somehow with all the things we're done to "fix" the bug problem?? )
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP