Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TR/ATRAPS. Gen2 Virus [Solved]


  • This topic is locked This topic is locked

#1
Steviep

Steviep

    Member

  • Member
  • PipPipPip
  • 338 posts
Hi,

I have recently had the above virus piucked up from a site I regularly visit and this is what has been posted on their site "For those curious to know, someone gained access to our template system and managed to insert their code. We had to dig through and find all instances of their code and remove it from our templates in addition to performing some security work to prevent future access. Hopefully no issues from here on out"

I have removed items using Malware and a;so tdsskiller however since the infection I have been unable to access the internet from my laptop - it continualy says Acquiring network address.

Would anyone be able to assist to help me ensure that I have removed the virus completely and secondly help with my internet problem?

Many thanks in advance

Attached File  OTL.Txt   71.24KB   99 downloadsAttached File  Extras.Txt   51.69KB   101 downloads

OTL logfile created on: 30/12/2011 18:40:14 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Gillian\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.45 Gb Total Physical Memory | 2.82 Gb Available Physical Memory | 81.74% Memory free
5.29 Gb Paging File | 4.76 Gb Available in Paging File | 90.04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.84 Gb Total Space | 119.99 Gb Free Space | 51.53% Space Free | Partition Type: NTFS
Drive E: | 3.73 Gb Total Space | 3.49 Gb Free Space | 93.42% Space Free | Partition Type: FAT32

Computer Name: E6400 | User Name: Gillian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/30 18:35:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gillian\Desktop\OTL.exe
PRC - [2011/10/11 14:00:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/11 14:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 14:00:08 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 14:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/08/31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/12/11 15:52:52 | 000,445,552 | ---- | M] (Auslogics) -- C:\Program Files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe
PRC - [2009/02/23 11:08:10 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/12/16 15:41:44 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2008/04/13 23:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/11 14:00:22 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/02/02 21:47:42 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2010/02/02 21:45:58 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2009/12/12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/12/11 15:52:56 | 000,346,224 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics Disk Defrag\madExcept_.bpl
MOD - [2009/12/11 15:52:56 | 000,180,848 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics Disk Defrag\madBasic_.bpl
MOD - [2009/12/11 15:52:56 | 000,048,240 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics Disk Defrag\madDisAsm_.bpl
MOD - [2009/12/11 15:52:52 | 000,253,552 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics Disk Defrag\ausshellext.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/10/11 14:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 14:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/01/09 13:46:25 | 001,122,304 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe -- (RoxMediaDB11)
SRV - [2008/08/14 00:25:24 | 000,367,088 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUpnpService11.exe -- (Roxio Upnp Server 11)
SRV - [2008/08/14 00:25:20 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe -- (Roxio UPnP Renderer 11)
SRV - [2008/08/14 00:24:06 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe -- (RoxLiveShare11)
SRV - [2008/08/14 00:24:02 | 000,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe -- (RoxWatch11)


========== Driver Services (SafeList) ==========

DRV - [2011/12/30 18:18:16 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/12/08 15:18:09 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/11 14:00:32 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 14:00:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/03/23 16:00:10 | 000,241,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2011/02/16 15:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/02/02 21:47:32 | 002,696,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/02/23 11:08:10 | 001,545,795 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/12/16 15:41:44 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/09/22 13:40:46 | 000,109,568 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/08/11 10:53:22 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/03/06 18:42:14 | 000,530,944 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/04/26 04:42:16 | 000,045,696 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/05/13 17:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp?rls=ig
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:6.4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/25 20:59:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/28 08:41:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/27 17:41:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/25 20:59:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Gillian\Application Data\IDM\idmmzcc3

[2010/01/18 21:13:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gillian\Application Data\Mozilla\Extensions
[2011/02/25 20:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\4nu0v8wb.default\extensions
[2011/03/25 20:43:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\4nu0v8wb.default\extensions\[email protected]
[2011/10/27 17:41:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/27 17:41:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\GILLIAN\APPLICATION DATA\IDM\IDMMZCC3
[2011/10/27 17:41:17 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/19 21:09:25 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2009/12/22 03:30:24 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/02/25 20:51:43 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2009/12/22 03:30:24 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/12/22 03:30:24 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/12/22 03:30:24 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/05/14 17:51:55 | 000,434,416 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 tonec.com
O1 - Hosts: 127.0.0.1 www.tonec.com
O1 - Hosts: 127.0.0.1 registeridm.com
O1 - Hosts: 127.0.0.1 www.registeridm.com
O1 - Hosts: 127.0.0.1 secure.registeridm.com
O1 - Hosts: 127.0.0.1 internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 www.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 secure.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror2.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror3.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 14950 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1B735B98-8010-11D5-AD0B-00500463D885} http://www.partsaren...ns/IMIESRCH.cab (SearchCD Control)
O16 - DPF: {2665693B-C4F3-434B-83DB-7574CF50C8B7} http://www.kaspersky...censefinder.cab (Kaspersky License Finder)
O16 - DPF: {36C17E9B-3354-11D1-95CF-0000B4530F04} http://www.partsaren...ins/GFXVIEW.cab (GrafixViewControl)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1263935527859 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.su...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://cards.hallmar...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BDDADA8-A4CB-4B1E-8758-F57923403A51}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Gillian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gillian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/18 20:56:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{113880f3-cdb0-11e0-a520-0ceee6e138cf}\Shell - "" = AutoRun
O33 - MountPoints2\{113880f3-cdb0-11e0-a520-0ceee6e138cf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{113880f3-cdb0-11e0-a520-0ceee6e138cf}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/12/30 18:39:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gillian\Desktop\OTL.exe
[2011/12/30 18:18:16 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/12/30 17:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gillian\Desktop\broadcom_v5.100.57.8
[2011/12/26 19:15:42 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Gillian\Desktop\tdsskiller.exe
[2011/12/23 21:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gillian\Local Settings\Application Data\PCHealth
[2011/12/23 17:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/23 16:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/12/23 14:47:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Gillian\Local Settings\Application Data\885799d3
[2011/12/17 13:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gillian\Desktop\photo frame
[2011/12/07 16:55:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gillian\Recent
[2011/11/30 19:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gillian\Desktop\rays for printing
[2011/11/30 19:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gillian\Desktop\rays photos
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Gillian\Desktop\*.tmp files -> C:\Documents and Settings\Gillian\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/12/30 18:35:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gillian\Desktop\OTL.exe
[2011/12/30 18:18:16 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/12/30 18:18:10 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/30 18:13:44 | 000,508,228 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/30 18:13:44 | 000,109,176 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/30 18:09:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/30 18:09:25 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/30 18:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics Boost Speed Disk Defrag Start On Windows Logon.job
[2011/12/30 18:09:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/29 18:55:28 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C41D49E3-3065-492C-8C9A-34C847A14A5B}.job
[2011/12/27 18:49:38 | 083,010,992 | ---- | M] () -- C:\Documents and Settings\Gillian\Desktop\R260737.exe
[2011/12/26 20:54:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/26 20:09:04 | 000,709,968 | ---- | M] () -- C:\WINDOWS\is-IULS0.exe
[2011/12/26 20:09:04 | 000,010,498 | ---- | M] () -- C:\WINDOWS\is-IULS0.msg
[2011/12/26 20:09:04 | 000,000,341 | ---- | M] () -- C:\WINDOWS\is-IULS0.lst
[2011/12/26 19:57:50 | 000,709,968 | ---- | M] () -- C:\WINDOWS\is-R5FB6.exe
[2011/12/26 19:57:50 | 000,010,498 | ---- | M] () -- C:\WINDOWS\is-R5FB6.msg
[2011/12/26 19:57:50 | 000,000,341 | ---- | M] () -- C:\WINDOWS\is-R5FB6.lst
[2011/12/26 17:31:16 | 000,331,075 | ---- | M] () -- C:\Documents and Settings\Gillian\Desktop\FSS.exe
[2011/12/26 17:30:50 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Gillian\Desktop\tdsskiller.exe
[2011/12/26 14:28:13 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\Gillian\Desktop\Avira Free Antivirus Profile Complete system scan.LNK
[2011/12/21 00:17:52 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\Gillian\default.pls
[2011/12/20 23:38:33 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/18 00:17:43 | 000,157,184 | ---- | M] () -- C:\Documents and Settings\Gillian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/14 18:19:38 | 000,416,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/14 15:10:56 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/08 15:18:09 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Gillian\Desktop\*.tmp files -> C:\Documents and Settings\Gillian\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/30 18:05:01 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2011/12/27 19:09:33 | 083,010,992 | ---- | C] () -- C:\Documents and Settings\Gillian\Desktop\R260737.exe
[2011/12/26 20:09:04 | 000,709,968 | ---- | C] () -- C:\WINDOWS\is-IULS0.exe
[2011/12/26 20:09:04 | 000,010,498 | ---- | C] () -- C:\WINDOWS\is-IULS0.msg
[2011/12/26 20:09:04 | 000,000,341 | ---- | C] () -- C:\WINDOWS\is-IULS0.lst
[2011/12/26 19:57:50 | 000,709,968 | ---- | C] () -- C:\WINDOWS\is-R5FB6.exe
[2011/12/26 19:57:50 | 000,010,498 | ---- | C] () -- C:\WINDOWS\is-R5FB6.msg
[2011/12/26 19:57:50 | 000,000,341 | ---- | C] () -- C:\WINDOWS\is-R5FB6.lst
[2011/12/26 19:20:54 | 000,331,075 | ---- | C] () -- C:\Documents and Settings\Gillian\Desktop\FSS.exe
[2011/12/26 14:28:13 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\Gillian\Desktop\Avira Free Antivirus Profile Complete system scan.LNK
[2011/12/14 15:06:46 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/08/30 00:37:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/03 15:51:54 | 000,000,072 | ---- | C] () -- C:\WINDOWS\CmdPrint.INI
[2011/02/12 12:27:27 | 000,031,620 | ---- | C] () -- C:\Documents and Settings\Gillian\Local Settings\Application Data\rx_audio.Cache
[2011/02/12 12:27:27 | 000,001,080 | ---- | C] () -- C:\Documents and Settings\Gillian\Local Settings\Application Data\rx_image32.Cache
[2011/01/25 17:03:37 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2011/01/16 15:44:34 | 000,303,104 | ---- | C] () -- C:\WINDOWS\emunist.exe
[2011/01/16 15:44:34 | 000,001,588 | ---- | C] () -- C:\WINDOWS\TVEpaDrv.ini
[2011/01/16 15:44:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2011/01/07 19:11:40 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2011/01/07 19:11:19 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/01/07 19:11:15 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2011/01/07 19:11:15 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/01/07 19:11:15 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/01/07 19:11:14 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/12/12 20:54:26 | 000,086,496 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/14 19:08:49 | 001,401,224 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/25 20:58:40 | 000,023,112 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/02/24 19:50:20 | 000,164,002 | ---- | C] () -- C:\WINDOWS\hpoins36.dat
[2010/02/24 19:50:20 | 000,000,652 | ---- | C] () -- C:\WINDOWS\hpomdl36.dat
[2010/02/11 21:28:08 | 000,037,897 | ---- | C] () -- C:\Documents and Settings\Gillian\Application Data\Comma Separated Values (Windows).ADR
[2010/01/29 19:45:31 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/01/29 19:45:16 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Gillian\Application Data\$_hpcst$.hpc
[2010/01/23 15:58:11 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/01/22 20:33:22 | 000,157,184 | ---- | C] () -- C:\Documents and Settings\Gillian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/22 20:33:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/19 20:28:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/18 22:29:41 | 000,982,192 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2010/01/18 22:29:40 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2010/01/18 21:13:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/18 21:06:19 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/01/18 21:06:19 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/01/18 20:58:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/01/18 20:53:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/18 20:49:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/18 20:48:53 | 000,416,656 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/10/14 14:05:42 | 000,014,800 | ---- | C] () -- C:\WINDOWS\System32\IMSRCIta.dll
[2008/10/14 14:05:08 | 000,014,800 | ---- | C] () -- C:\WINDOWS\System32\IMSRCFra.dll
[2008/10/14 14:04:36 | 000,014,800 | ---- | C] () -- C:\WINDOWS\System32\IMSRCEsp.dll
[2008/10/14 14:04:02 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMSRCEng.dll
[2008/10/14 14:03:34 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMSRCDeu.dll
[2008/10/14 13:55:20 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMGFXIta.dll
[2008/10/14 13:54:52 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMGFXFra.dll
[2008/10/14 13:54:22 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMGFXEsp.dll
[2008/10/14 13:53:48 | 000,013,776 | ---- | C] () -- C:\WINDOWS\System32\IMGFXEng.dll
[2008/10/14 13:53:18 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMGFXDeu.dll
[2008/08/01 09:16:24 | 000,063,984 | ---- | C] () -- C:\WINDOWS\DVDRGN.EXE
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/13 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/13 23:00:00 | 000,508,228 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/13 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/13 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/13 23:00:00 | 000,109,176 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/13 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/13 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/13 23:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/13 23:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/13 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/06/18 15:00:52 | 000,070,018 | ---- | C] () -- C:\WINDOWS\System32\akrip32.dll
[2005/04/15 03:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/15 03:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/01/30 15:07:46 | 000,245,408 | ---- | C] () -- C:\WINDOWS\System32\unicows.dll
[2002/03/17 00:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000106.DLL

========== LOP Check ==========

[2011/10/15 22:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2011/05/05 13:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2010/01/29 20:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/07 18:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/08/07 18:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2010/08/07 18:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate Collection
[2010/12/27 23:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Recisio
[2011/10/15 23:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/08/07 18:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 14
[2011/02/25 20:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/10/15 22:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/01/16 16:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/08/23 17:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/02/25 20:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/05/07 21:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/22 19:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/19 21:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Auslogics
[2011/05/28 18:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/02/25 20:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\CopyTransPhoto
[2011/06/23 19:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\DMCache
[2011/08/06 17:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\ElevatedDiagnostics
[2010/01/19 21:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Foxit
[2010/01/29 20:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\PC Suite
[2010/08/07 19:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\proDAD
[2011/02/25 20:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Ringtone
[2010/01/29 19:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Samsung
[2011/10/15 23:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Ulead Systems
[2011/09/04 18:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\uTorrent
[2010/09/18 15:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\vShare
[2010/02/11 20:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Windows Desktop Search
[2010/02/28 11:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Windows Search
[2010/02/25 20:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\WindSolutions
[2010/02/25 18:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Zoner
[2011/12/30 18:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\Auslogics Boost Speed Disk Defrag Start On Windows Logon.job
[2011/12/29 18:55:28 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C41D49E3-3065-492C-8C9A-34C847A14A5B}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C232DFB

< End of report >

Edited by Essexboy, 30 December 2011 - 03:11 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets have a look at the internet first

Download run farbar service scanner

Posted Image
Tick "Internet services" and "Windows Firewall" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#3
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts
Hi,

Thanks for your help, here is the log

Farbar Service Scanner
Ran by Gillian (administrator) on 30-12-2011 at 22:04:00
Microsoft Windows XP Professional Service Pack 3 (X86)
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

NetBt Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open NetBt registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open NetBt registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
Attention! C:\WINDOWS\system32\Drivers\netbt.sys is missing.
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000

Attached Files

  • Attached File  FSS.txt   1.77KB   102 downloads

Edited by Steviep, 30 December 2011 - 04:10 PM.

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

NetBt Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open NetBt registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open NetBt registry key. The service key does not exist.

This is the problem

I will need to find a registry fix for this relevant to your system bear with me please
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I have the reg fix

But first we must locate a fresh file to replace the missing one

  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    netbt.*
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, there will be just one log .
  • Post the log


The registry data :

Download the netbt.zip file to your desktop
Extract Netbt.reg to the desktop
Right click and select merge

The registry entries are now added - now we just need to get the file in the right place
  • 0

#6
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts
OTL logfile created on: 30/12/2011 23:21:26 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Gillian\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.45 Gb Total Physical Memory | 2.84 Gb Available Physical Memory | 82.29% Memory free
5.29 Gb Paging File | 4.87 Gb Available in Paging File | 91.98% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.84 Gb Total Space | 120.36 Gb Free Space | 51.69% Space Free | Partition Type: NTFS

Computer Name: E6400 | User Name: Gillian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/30 18:35:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gillian\Desktop\OTL.exe
PRC - [2011/10/11 14:00:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/11 14:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 14:00:08 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 14:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/12/11 15:52:52 | 000,445,552 | ---- | M] (Auslogics) -- C:\Program Files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe
PRC - [2009/02/23 11:08:10 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/12/16 15:41:44 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2008/04/13 23:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/11 14:00:22 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/02/02 21:47:42 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2010/02/02 21:45:58 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2009/12/12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/12/11 15:52:56 | 000,346,224 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics Disk Defrag\madExcept_.bpl
MOD - [2009/12/11 15:52:56 | 000,180,848 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics Disk Defrag\madBasic_.bpl
MOD - [2009/12/11 15:52:56 | 000,048,240 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics Disk Defrag\madDisAsm_.bpl
MOD - [2009/12/11 15:52:52 | 000,253,552 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics Disk Defrag\ausshellext.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/10/11 14:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 14:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/01/09 13:46:25 | 001,122,304 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe -- (RoxMediaDB11)
SRV - [2008/08/14 00:25:24 | 000,367,088 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUpnpService11.exe -- (Roxio Upnp Server 11)
SRV - [2008/08/14 00:25:20 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe -- (Roxio UPnP Renderer 11)
SRV - [2008/08/14 00:24:06 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe -- (RoxLiveShare11)
SRV - [2008/08/14 00:24:02 | 000,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe -- (RoxWatch11)


========== Driver Services (SafeList) ==========

DRV - [2011/12/08 15:18:09 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/11 14:00:32 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 14:00:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/03/23 16:00:10 | 000,241,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2011/02/16 15:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/02/02 21:47:32 | 002,696,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/02/23 11:08:10 | 001,545,795 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/12/16 15:41:44 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/09/22 13:40:46 | 000,109,568 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/08/11 10:53:22 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/03/06 18:42:14 | 000,530,944 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/04/26 04:42:16 | 000,045,696 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/05/13 17:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-682003330-1788223648-2147195623-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp?rls=ig
IE - HKU\S-1-5-21-682003330-1788223648-2147195623-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-682003330-1788223648-2147195623-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-682003330-1788223648-2147195623-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:6.4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/25 20:59:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/28 08:41:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/27 17:41:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/25 20:59:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Gillian\Application Data\IDM\idmmzcc3

[2010/01/18 21:13:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gillian\Application Data\Mozilla\Extensions
[2011/02/25 20:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\4nu0v8wb.default\extensions
[2011/03/25 20:43:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\4nu0v8wb.default\extensions\[email protected]
[2011/10/27 17:41:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/27 17:41:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\GILLIAN\APPLICATION DATA\IDM\IDMMZCC3
[2011/10/27 17:41:17 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/19 21:09:25 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2009/12/22 03:30:24 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/02/25 20:51:43 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2009/12/22 03:30:24 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/12/22 03:30:24 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/12/22 03:30:24 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/05/14 17:51:55 | 000,434,416 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 tonec.com
O1 - Hosts: 127.0.0.1 www.tonec.com
O1 - Hosts: 127.0.0.1 registeridm.com
O1 - Hosts: 127.0.0.1 www.registeridm.com
O1 - Hosts: 127.0.0.1 secure.registeridm.com
O1 - Hosts: 127.0.0.1 internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 www.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 secure.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror2.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror3.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 14950 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-682003330-1788223648-2147195623-1003\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-1788223648-2147195623-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1B735B98-8010-11D5-AD0B-00500463D885} http://www.partsaren...ns/IMIESRCH.cab (SearchCD Control)
O16 - DPF: {2665693B-C4F3-434B-83DB-7574CF50C8B7} http://www.kaspersky...censefinder.cab (Kaspersky License Finder)
O16 - DPF: {36C17E9B-3354-11D1-95CF-0000B4530F04} http://www.partsaren...ins/GFXVIEW.cab (GrafixViewControl)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1263935527859 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.su...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://cards.hallmar...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BDDADA8-A4CB-4B1E-8758-F57923403A51}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Gillian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gillian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/18 20:56:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{113880f3-cdb0-11e0-a520-0ceee6e138cf}\Shell - "" = AutoRun
O33 - MountPoints2\{113880f3-cdb0-11e0-a520-0ceee6e138cf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{113880f3-cdb0-11e0-a520-0ceee6e138cf}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/12/30 18:39:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gillian\Desktop\OTL.exe
[2011/12/30 17:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gillian\Desktop\broadcom_v5.100.57.8
[2011/12/26 19:15:42 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Gillian\Desktop\tdsskiller.exe
[2011/12/23 21:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gillian\Local Settings\Application Data\PCHealth
[2011/12/23 17:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/23 16:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/12/23 14:47:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Gillian\Local Settings\Application Data\885799d3
[2011/12/17 13:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gillian\Desktop\photo frame
[2011/12/07 16:55:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gillian\Recent
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Gillian\Desktop\*.tmp files -> C:\Documents and Settings\Gillian\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/12/30 23:18:10 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/30 23:09:28 | 000,002,651 | ---- | M] () -- C:\Documents and Settings\Gillian\Desktop\NetBT.zip
[2011/12/30 22:38:32 | 000,022,392 | ---- | M] () -- C:\Documents and Settings\Gillian\Desktop\NetBT.reg
[2011/12/30 21:31:25 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C41D49E3-3065-492C-8C9A-34C847A14A5B}.job
[2011/12/30 18:35:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gillian\Desktop\OTL.exe
[2011/12/30 18:13:44 | 000,508,228 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/30 18:13:44 | 000,109,176 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/30 18:09:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/30 18:09:25 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/30 18:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics Boost Speed Disk Defrag Start On Windows Logon.job
[2011/12/30 18:09:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/27 18:49:38 | 083,010,992 | ---- | M] () -- C:\Documents and Settings\Gillian\Desktop\R260737.exe
[2011/12/26 20:54:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/26 20:09:04 | 000,709,968 | ---- | M] () -- C:\WINDOWS\is-IULS0.exe
[2011/12/26 20:09:04 | 000,010,498 | ---- | M] () -- C:\WINDOWS\is-IULS0.msg
[2011/12/26 20:09:04 | 000,000,341 | ---- | M] () -- C:\WINDOWS\is-IULS0.lst
[2011/12/26 19:57:50 | 000,709,968 | ---- | M] () -- C:\WINDOWS\is-R5FB6.exe
[2011/12/26 19:57:50 | 000,010,498 | ---- | M] () -- C:\WINDOWS\is-R5FB6.msg
[2011/12/26 19:57:50 | 000,000,341 | ---- | M] () -- C:\WINDOWS\is-R5FB6.lst
[2011/12/26 17:31:16 | 000,331,075 | ---- | M] () -- C:\Documents and Settings\Gillian\Desktop\FSS.exe
[2011/12/26 17:30:50 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Gillian\Desktop\tdsskiller.exe
[2011/12/26 14:28:13 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\Gillian\Desktop\Avira Free Antivirus Profile Complete system scan.LNK
[2011/12/21 00:17:52 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\Gillian\default.pls
[2011/12/20 23:38:33 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/18 00:17:43 | 000,157,184 | ---- | M] () -- C:\Documents and Settings\Gillian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/14 18:19:38 | 000,416,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/14 15:10:56 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/08 15:18:09 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Gillian\Desktop\*.tmp files -> C:\Documents and Settings\Gillian\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/30 23:13:56 | 000,022,392 | ---- | C] () -- C:\Documents and Settings\Gillian\Desktop\NetBT.reg
[2011/12/30 23:13:16 | 000,002,651 | ---- | C] () -- C:\Documents and Settings\Gillian\Desktop\NetBT.zip
[2011/12/30 18:05:01 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2011/12/27 19:09:33 | 083,010,992 | ---- | C] () -- C:\Documents and Settings\Gillian\Desktop\R260737.exe
[2011/12/26 20:09:04 | 000,709,968 | ---- | C] () -- C:\WINDOWS\is-IULS0.exe
[2011/12/26 20:09:04 | 000,010,498 | ---- | C] () -- C:\WINDOWS\is-IULS0.msg
[2011/12/26 20:09:04 | 000,000,341 | ---- | C] () -- C:\WINDOWS\is-IULS0.lst
[2011/12/26 19:57:50 | 000,709,968 | ---- | C] () -- C:\WINDOWS\is-R5FB6.exe
[2011/12/26 19:57:50 | 000,010,498 | ---- | C] () -- C:\WINDOWS\is-R5FB6.msg
[2011/12/26 19:57:50 | 000,000,341 | ---- | C] () -- C:\WINDOWS\is-R5FB6.lst
[2011/12/26 19:20:54 | 000,331,075 | ---- | C] () -- C:\Documents and Settings\Gillian\Desktop\FSS.exe
[2011/12/26 14:28:13 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\Gillian\Desktop\Avira Free Antivirus Profile Complete system scan.LNK
[2011/12/14 15:06:46 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/08/30 00:37:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/03 15:51:54 | 000,000,072 | ---- | C] () -- C:\WINDOWS\CmdPrint.INI
[2011/02/12 12:27:27 | 000,031,620 | ---- | C] () -- C:\Documents and Settings\Gillian\Local Settings\Application Data\rx_audio.Cache
[2011/02/12 12:27:27 | 000,001,080 | ---- | C] () -- C:\Documents and Settings\Gillian\Local Settings\Application Data\rx_image32.Cache
[2011/01/25 17:03:37 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2011/01/16 15:44:34 | 000,303,104 | ---- | C] () -- C:\WINDOWS\emunist.exe
[2011/01/16 15:44:34 | 000,001,588 | ---- | C] () -- C:\WINDOWS\TVEpaDrv.ini
[2011/01/16 15:44:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2011/01/07 19:11:40 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2011/01/07 19:11:19 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/01/07 19:11:15 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2011/01/07 19:11:15 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/01/07 19:11:15 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/01/07 19:11:14 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/12/12 20:54:26 | 000,086,496 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/14 19:08:49 | 001,401,224 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/25 20:58:40 | 000,023,112 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/02/24 19:50:20 | 000,164,002 | ---- | C] () -- C:\WINDOWS\hpoins36.dat
[2010/02/24 19:50:20 | 000,000,652 | ---- | C] () -- C:\WINDOWS\hpomdl36.dat
[2010/02/11 21:28:08 | 000,037,897 | ---- | C] () -- C:\Documents and Settings\Gillian\Application Data\Comma Separated Values (Windows).ADR
[2010/01/29 19:45:31 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/01/29 19:45:16 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Gillian\Application Data\$_hpcst$.hpc
[2010/01/23 15:58:11 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/01/22 20:33:22 | 000,157,184 | ---- | C] () -- C:\Documents and Settings\Gillian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/22 20:33:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/19 20:28:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/18 22:29:41 | 000,982,192 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2010/01/18 22:29:40 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2010/01/18 21:13:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/18 21:06:19 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/01/18 21:06:19 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/01/18 20:58:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/01/18 20:53:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/18 20:49:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/18 20:48:53 | 000,416,656 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/10/14 14:05:42 | 000,014,800 | ---- | C] () -- C:\WINDOWS\System32\IMSRCIta.dll
[2008/10/14 14:05:08 | 000,014,800 | ---- | C] () -- C:\WINDOWS\System32\IMSRCFra.dll
[2008/10/14 14:04:36 | 000,014,800 | ---- | C] () -- C:\WINDOWS\System32\IMSRCEsp.dll
[2008/10/14 14:04:02 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMSRCEng.dll
[2008/10/14 14:03:34 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMSRCDeu.dll
[2008/10/14 13:55:20 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMGFXIta.dll
[2008/10/14 13:54:52 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMGFXFra.dll
[2008/10/14 13:54:22 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMGFXEsp.dll
[2008/10/14 13:53:48 | 000,013,776 | ---- | C] () -- C:\WINDOWS\System32\IMGFXEng.dll
[2008/10/14 13:53:18 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMGFXDeu.dll
[2008/08/01 09:16:24 | 000,063,984 | ---- | C] () -- C:\WINDOWS\DVDRGN.EXE
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/13 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/13 23:00:00 | 000,508,228 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/13 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/13 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/13 23:00:00 | 000,109,176 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/13 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/13 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/13 23:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/13 23:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/13 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/06/18 15:00:52 | 000,070,018 | ---- | C] () -- C:\WINDOWS\System32\akrip32.dll
[2005/04/15 03:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/15 03:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/01/30 15:07:46 | 000,245,408 | ---- | C] () -- C:\WINDOWS\System32\unicows.dll
[2002/03/17 00:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000106.DLL

========== LOP Check ==========

[2011/10/15 22:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2011/05/05 13:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2010/01/29 20:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/07 18:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/08/07 18:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2010/08/07 18:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate Collection
[2010/12/27 23:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Recisio
[2011/10/15 23:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/08/07 18:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 14
[2011/02/25 20:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/10/15 22:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/01/16 16:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/08/23 17:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/02/25 20:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/05/07 21:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/22 19:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/19 21:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Auslogics
[2011/05/28 18:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/02/25 20:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\CopyTransPhoto
[2011/06/23 19:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\DMCache
[2011/08/06 17:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\ElevatedDiagnostics
[2010/01/19 21:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Foxit
[2010/01/29 20:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\PC Suite
[2010/08/07 19:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\proDAD
[2011/02/25 20:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Ringtone
[2010/01/29 19:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Samsung
[2011/10/15 23:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Ulead Systems
[2011/09/04 18:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\uTorrent
[2010/09/18 15:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\vShare
[2010/02/11 20:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Windows Desktop Search
[2010/02/28 11:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Windows Search
[2010/02/25 20:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\WindSolutions
[2010/02/25 18:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Zoner
[2011/01/25 18:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\vShare
[2011/01/25 18:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\Windows Desktop Search
[2011/12/30 18:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\Auslogics Boost Speed Disk Defrag Start On Windows Logon.job
[2011/12/30 21:31:25 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C41D49E3-3065-492C-8C9A-34C847A14A5B}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: NETBT.REG >
[2011/12/30 22:38:32 | 000,022,392 | ---- | M] () MD5=DF75B5E1776275B46893F1E21C69D841 -- C:\Documents and Settings\Gillian\Desktop\NetBT.reg

< MD5 for: NETBT.SYS >
[2008/04/13 23:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\dllcache\netbt.sys

< MD5 for: NETBT.ZIP >
[2011/12/30 23:09:28 | 000,002,651 | ---- | M] () MD5=62EF03A5F98A15E77E70C8D5BA88F14B -- C:\Documents and Settings\Gillian\Desktop\NetBT.zip

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C232DFB

< End of report >
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK run this OTL fix, followed by the reg file merge (if not allready done)
Reboot

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/03/25 20:43:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\4nu0v8wb.default\extensions\[email protected]
    [2011/02/25 20:51:43 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2011/12/23 14:47:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Gillian\Local Settings\Application Data\885799d3

    :Files
    ipconfig /flushdns /c
    C:\WINDOWS\system32\Drivers\netbt.sys|C:\WINDOWS\system32\dllcache\netbt.sys /replace

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

From the sick computer :)

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#8
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts
Hi, My anti virus seems to have stopped the process and the bottom of the OTL window says "Resetting HOSTS file. DO NOT INTERRUPT..."

Should I try to close OTL and disable the anti virus?
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Just stop OTL and reboot, the stopped area is the last bit and of no import

How is the computer behaving now ? Can you access the net ?
  • 0

#10
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts
Hi,

Still stuck at acquiring address, here is the latest OTL log and thanks again for your assistanceAttached File  OTL.Txt   67.18KB   119 downloads

OTL logfile created on: 31/12/2011 13:21:09 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Gillian\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.45 Gb Total Physical Memory | 2.93 Gb Available Physical Memory | 84.96% Memory free
5.29 Gb Paging File | 4.95 Gb Available in Paging File | 93.51% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.84 Gb Total Space | 120.35 Gb Free Space | 51.69% Space Free | Partition Type: NTFS

Computer Name: E6400 | User Name: Gillian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/30 18:35:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gillian\Desktop\OTL.exe
PRC - [2011/10/11 14:00:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/11 14:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 14:00:08 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 14:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/12/11 15:52:52 | 000,445,552 | ---- | M] (Auslogics) -- C:\Program Files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe
PRC - [2009/02/23 11:08:10 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/12/16 15:41:44 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2008/04/13 23:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/11 14:00:22 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/02/02 21:47:42 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2010/02/02 21:45:58 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2009/12/11 15:52:56 | 000,346,224 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics Disk Defrag\madExcept_.bpl
MOD - [2009/12/11 15:52:56 | 000,180,848 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics Disk Defrag\madBasic_.bpl
MOD - [2009/12/11 15:52:56 | 000,048,240 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics Disk Defrag\madDisAsm_.bpl
MOD - [2009/12/11 15:52:52 | 000,253,552 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics Disk Defrag\ausshellext.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/10/11 14:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 14:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/01/09 13:46:25 | 001,122,304 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe -- (RoxMediaDB11)
SRV - [2008/08/14 00:25:24 | 000,367,088 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUpnpService11.exe -- (Roxio Upnp Server 11)
SRV - [2008/08/14 00:25:20 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe -- (Roxio UPnP Renderer 11)
SRV - [2008/08/14 00:24:06 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe -- (RoxLiveShare11)
SRV - [2008/08/14 00:24:02 | 000,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe -- (RoxWatch11)


========== Driver Services (SafeList) ==========

DRV - [2011/12/08 15:18:09 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/11 14:00:32 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 14:00:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/03/23 16:00:10 | 000,241,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2011/02/16 15:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/02/02 21:47:32 | 002,696,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/02/23 11:08:10 | 001,545,795 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/12/16 15:41:44 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/09/22 13:40:46 | 000,109,568 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/08/11 10:53:22 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/03/06 18:42:14 | 000,530,944 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/04/26 04:42:16 | 000,045,696 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/05/13 17:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp?rls=ig
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:6.4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/25 20:59:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/28 08:41:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/27 17:41:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/25 20:59:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Gillian\Application Data\IDM\idmmzcc3

[2010/01/18 21:13:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gillian\Application Data\Mozilla\Extensions
[2011/12/31 12:33:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\4nu0v8wb.default\extensions
[2011/10/27 17:41:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/27 17:41:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\GILLIAN\APPLICATION DATA\IDM\IDMMZCC3
[2011/10/27 17:41:17 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/19 21:09:25 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2009/12/22 03:30:24 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/12/22 03:30:24 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/12/22 03:30:24 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/12/22 03:30:24 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1B735B98-8010-11D5-AD0B-00500463D885} http://www.partsaren...ns/IMIESRCH.cab (SearchCD Control)
O16 - DPF: {2665693B-C4F3-434B-83DB-7574CF50C8B7} http://www.kaspersky...censefinder.cab (Kaspersky License Finder)
O16 - DPF: {36C17E9B-3354-11D1-95CF-0000B4530F04} http://www.partsaren...ins/GFXVIEW.cab (GrafixViewControl)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1263935527859 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.su...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://cards.hallmar...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BDDADA8-A4CB-4B1E-8758-F57923403A51}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Gillian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gillian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/18 20:56:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{113880f3-cdb0-11e0-a520-0ceee6e138cf}\Shell - "" = AutoRun
O33 - MountPoints2\{113880f3-cdb0-11e0-a520-0ceee6e138cf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{113880f3-cdb0-11e0-a520-0ceee6e138cf}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/12/31 12:33:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/30 18:39:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gillian\Desktop\OTL.exe
[2011/12/30 17:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gillian\Desktop\broadcom_v5.100.57.8
[2011/12/26 19:15:42 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Gillian\Desktop\tdsskiller.exe
[2011/12/23 21:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gillian\Local Settings\Application Data\PCHealth
[2011/12/23 17:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/23 16:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/12/17 13:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gillian\Desktop\photo frame
[2011/12/07 16:55:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gillian\Recent
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Gillian\Desktop\*.tmp files -> C:\Documents and Settings\Gillian\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/12/31 13:24:27 | 000,511,368 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/31 13:24:27 | 000,111,216 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/31 13:20:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/31 13:19:34 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/31 13:19:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics Boost Speed Disk Defrag Start On Windows Logon.job
[2011/12/31 13:19:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/31 13:18:13 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/30 23:09:28 | 000,002,651 | ---- | M] () -- C:\Documents and Settings\Gillian\Desktop\NetBT.zip
[2011/12/30 22:38:32 | 000,022,392 | ---- | M] () -- C:\Documents and Settings\Gillian\Desktop\NetBT.reg
[2011/12/30 21:31:25 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C41D49E3-3065-492C-8C9A-34C847A14A5B}.job
[2011/12/30 18:35:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gillian\Desktop\OTL.exe
[2011/12/27 18:49:38 | 083,010,992 | ---- | M] () -- C:\Documents and Settings\Gillian\Desktop\R260737.exe
[2011/12/26 20:54:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/26 20:09:04 | 000,709,968 | ---- | M] () -- C:\WINDOWS\is-IULS0.exe
[2011/12/26 20:09:04 | 000,010,498 | ---- | M] () -- C:\WINDOWS\is-IULS0.msg
[2011/12/26 20:09:04 | 000,000,341 | ---- | M] () -- C:\WINDOWS\is-IULS0.lst
[2011/12/26 19:57:50 | 000,709,968 | ---- | M] () -- C:\WINDOWS\is-R5FB6.exe
[2011/12/26 19:57:50 | 000,010,498 | ---- | M] () -- C:\WINDOWS\is-R5FB6.msg
[2011/12/26 19:57:50 | 000,000,341 | ---- | M] () -- C:\WINDOWS\is-R5FB6.lst
[2011/12/26 17:31:16 | 000,331,075 | ---- | M] () -- C:\Documents and Settings\Gillian\Desktop\FSS.exe
[2011/12/26 17:30:50 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Gillian\Desktop\tdsskiller.exe
[2011/12/26 14:28:13 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\Gillian\Desktop\Avira Free Antivirus Profile Complete system scan.LNK
[2011/12/21 00:17:52 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\Gillian\default.pls
[2011/12/20 23:38:33 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/18 00:17:43 | 000,157,184 | ---- | M] () -- C:\Documents and Settings\Gillian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/14 18:19:38 | 000,416,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/14 15:10:56 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/08 15:18:09 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Gillian\Desktop\*.tmp files -> C:\Documents and Settings\Gillian\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/30 23:13:56 | 000,022,392 | ---- | C] () -- C:\Documents and Settings\Gillian\Desktop\NetBT.reg
[2011/12/30 23:13:16 | 000,002,651 | ---- | C] () -- C:\Documents and Settings\Gillian\Desktop\NetBT.zip
[2011/12/30 18:05:01 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2011/12/27 19:09:33 | 083,010,992 | ---- | C] () -- C:\Documents and Settings\Gillian\Desktop\R260737.exe
[2011/12/26 20:09:04 | 000,709,968 | ---- | C] () -- C:\WINDOWS\is-IULS0.exe
[2011/12/26 20:09:04 | 000,010,498 | ---- | C] () -- C:\WINDOWS\is-IULS0.msg
[2011/12/26 20:09:04 | 000,000,341 | ---- | C] () -- C:\WINDOWS\is-IULS0.lst
[2011/12/26 19:57:50 | 000,709,968 | ---- | C] () -- C:\WINDOWS\is-R5FB6.exe
[2011/12/26 19:57:50 | 000,010,498 | ---- | C] () -- C:\WINDOWS\is-R5FB6.msg
[2011/12/26 19:57:50 | 000,000,341 | ---- | C] () -- C:\WINDOWS\is-R5FB6.lst
[2011/12/26 19:20:54 | 000,331,075 | ---- | C] () -- C:\Documents and Settings\Gillian\Desktop\FSS.exe
[2011/12/26 14:28:13 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\Gillian\Desktop\Avira Free Antivirus Profile Complete system scan.LNK
[2011/12/14 15:06:46 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/08/30 00:37:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/03 15:51:54 | 000,000,072 | ---- | C] () -- C:\WINDOWS\CmdPrint.INI
[2011/02/12 12:27:27 | 000,031,620 | ---- | C] () -- C:\Documents and Settings\Gillian\Local Settings\Application Data\rx_audio.Cache
[2011/02/12 12:27:27 | 000,001,080 | ---- | C] () -- C:\Documents and Settings\Gillian\Local Settings\Application Data\rx_image32.Cache
[2011/01/25 17:03:37 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2011/01/16 15:44:34 | 000,303,104 | ---- | C] () -- C:\WINDOWS\emunist.exe
[2011/01/16 15:44:34 | 000,001,588 | ---- | C] () -- C:\WINDOWS\TVEpaDrv.ini
[2011/01/16 15:44:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2011/01/07 19:11:40 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2011/01/07 19:11:19 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/01/07 19:11:15 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2011/01/07 19:11:15 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/01/07 19:11:15 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/01/07 19:11:14 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/12/12 20:54:26 | 000,086,496 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/14 19:08:49 | 001,401,224 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/25 20:58:40 | 000,023,112 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/02/24 19:50:20 | 000,164,002 | ---- | C] () -- C:\WINDOWS\hpoins36.dat
[2010/02/24 19:50:20 | 000,000,652 | ---- | C] () -- C:\WINDOWS\hpomdl36.dat
[2010/02/11 21:28:08 | 000,037,897 | ---- | C] () -- C:\Documents and Settings\Gillian\Application Data\Comma Separated Values (Windows).ADR
[2010/01/29 19:45:31 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/01/29 19:45:16 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Gillian\Application Data\$_hpcst$.hpc
[2010/01/23 15:58:11 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/01/22 20:33:22 | 000,157,184 | ---- | C] () -- C:\Documents and Settings\Gillian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/22 20:33:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/19 20:28:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/18 22:29:41 | 000,982,192 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2010/01/18 22:29:40 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2010/01/18 21:13:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/18 21:06:19 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/01/18 21:06:19 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/01/18 20:58:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/01/18 20:53:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/18 20:49:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/18 20:48:53 | 000,416,656 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/10/14 14:05:42 | 000,014,800 | ---- | C] () -- C:\WINDOWS\System32\IMSRCIta.dll
[2008/10/14 14:05:08 | 000,014,800 | ---- | C] () -- C:\WINDOWS\System32\IMSRCFra.dll
[2008/10/14 14:04:36 | 000,014,800 | ---- | C] () -- C:\WINDOWS\System32\IMSRCEsp.dll
[2008/10/14 14:04:02 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMSRCEng.dll
[2008/10/14 14:03:34 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMSRCDeu.dll
[2008/10/14 13:55:20 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMGFXIta.dll
[2008/10/14 13:54:52 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMGFXFra.dll
[2008/10/14 13:54:22 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMGFXEsp.dll
[2008/10/14 13:53:48 | 000,013,776 | ---- | C] () -- C:\WINDOWS\System32\IMGFXEng.dll
[2008/10/14 13:53:18 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMGFXDeu.dll
[2008/08/01 09:16:24 | 000,063,984 | ---- | C] () -- C:\WINDOWS\DVDRGN.EXE
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/13 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/13 23:00:00 | 000,511,368 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/13 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/13 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/13 23:00:00 | 000,111,216 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/13 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/13 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/13 23:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/13 23:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/13 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/06/18 15:00:52 | 000,070,018 | ---- | C] () -- C:\WINDOWS\System32\akrip32.dll
[2005/04/15 03:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/15 03:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/01/30 15:07:46 | 000,245,408 | ---- | C] () -- C:\WINDOWS\System32\unicows.dll
[2002/03/17 00:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000106.DLL

========== LOP Check ==========

[2011/10/15 22:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2011/05/05 13:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2010/01/29 20:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/07 18:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/08/07 18:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2010/08/07 18:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate Collection
[2010/12/27 23:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Recisio
[2011/10/15 23:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/08/07 18:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 14
[2011/02/25 20:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/10/15 22:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/01/16 16:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/08/23 17:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/02/25 20:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/05/07 21:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/22 19:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/19 21:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Auslogics
[2011/05/28 18:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/02/25 20:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\CopyTransPhoto
[2011/06/23 19:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\DMCache
[2011/08/06 17:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\ElevatedDiagnostics
[2010/01/19 21:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Foxit
[2010/01/29 20:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\PC Suite
[2010/08/07 19:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\proDAD
[2011/02/25 20:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Ringtone
[2010/01/29 19:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Samsung
[2011/10/15 23:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Ulead Systems
[2011/09/04 18:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\uTorrent
[2010/09/18 15:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\vShare
[2010/02/11 20:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Windows Desktop Search
[2010/02/28 11:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Windows Search
[2010/02/25 20:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\WindSolutions
[2010/02/25 18:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Zoner
[2011/12/31 13:19:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\Auslogics Boost Speed Disk Defrag Start On Windows Logon.job
[2011/12/30 21:31:25 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C41D49E3-3065-492C-8C9A-34C847A14A5B}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C232DFB

< End of report >
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK next we will reset the ip data

From the command prompt type the following, pressing enter after each line :

ipconfig /flushdns
ipconfig /release
ipconfig /renew
netsh winsock reset


Then

If still no network download and run winsockXp
  • 0

#12
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts
hi, followed the instructions and still stuck at acquiring network address. When I ran winsock my anti virus came up with a warning at the end which said "hOST FILE BLOCKED FOR YOUR SECURITY ACCESS TO THE HOSTS FILE HAS BEEN BLOCKED"
:confused:
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you disable Avira please and try again
  • 0

#14
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts
Hi, tried it again and still the same
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run Farbar again please and let me see the new log
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP