Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Suspected malware [Closed]

Started by doug62 , Jun 10 2010 03:30 PM

  • This topic is locked This topic is locked

#1
doug62
Posted 10 June 2010 - 03:30 PM

doug62

    New Member

  • Member
  • Pip
  • 1 posts
I have had some malware problems. Generally my ergo ensis 211 laptop is running slowly and has a recurring fullscreen video popup. I have gone through the preliminary steps on this site but the machine is still running slowly, haven't seen the popup again yet but want to be sure the machine is clean. can you help? Here is my OTL log:






---------------------------------------------------------------------------------------------------------------
OTL logfile created on: 10/06/2010 19:09:45 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Douglas Bramley\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,015.00 Mb Total Physical Memory | 302.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.49 Gb Total Space | 29.60 Gb Free Space | 39.74% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ENSIS211DOB
Current User Name: Douglas Bramley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/09 18:00:58 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Douglas Bramley\My Documents\Downloads\OTL.exe
PRC - [2010/06/08 21:38:56 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/05 11:50:14 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/05 11:50:12 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/05 11:50:10 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/05 11:50:06 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/06/05 11:50:02 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/05 11:50:00 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/04 12:37:08 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/06/04 12:37:06 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/04 12:36:54 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/06/04 12:36:54 | 000,596,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/05/14 11:00:26 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/10/23 01:55:24 | 000,095,232 | ---- | M] () -- C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
PRC - [2008/04/14 05:42:32 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/06 08:21:46 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\GS30s.exe
PRC - [2007/05/12 16:31:48 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/03/21 15:54:22 | 000,544,768 | R--- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2006/02/23 05:40:40 | 000,106,496 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
PRC - [2006/02/21 08:25:58 | 002,170,880 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
PRC - [2005/06/06 23:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2005/02/16 16:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/11/02 20:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
PRC - [2002/07/30 11:40:44 | 000,573,440 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2002/07/30 11:36:00 | 000,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
PRC - [2002/07/30 11:35:04 | 000,077,824 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe


========== Modules (SafeList) ==========

MOD - [2010/06/09 18:00:58 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Douglas Bramley\My Documents\Downloads\OTL.exe
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/05 11:50:06 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/06/04 12:37:06 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/04 12:36:54 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/09/18 13:02:18 | 000,294,912 | ---- | M] (OPSWAT, Inc.) [On_Demand | Stopped] -- C:\Program Files\OPSWAT\VPNGuard\VPNGuardService.exe -- (VPNGuardService)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2007/09/06 08:21:46 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\GS30s.exe -- (GS30s)
SRV - [2007/02/07 01:39:26 | 000,263,168 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer)
SRV - [2002/07/30 11:40:44 | 000,573,440 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2002/07/30 11:36:00 | 000,032,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)


========== Driver Services (SafeList) ==========

DRV - [2010/06/05 11:50:12 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/05 11:50:10 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/06/04 12:39:00 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/06/04 12:39:00 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/06/04 12:38:50 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/04 12:36:56 | 000,122,376 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/06/04 12:36:56 | 000,030,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/06/04 12:36:56 | 000,026,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/06/04 12:36:22 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/06/04 12:36:22 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010/06/04 09:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100604.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/06/04 09:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100604.006\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/27 09:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/12/11 14:46:42 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/09/06 08:21:46 | 000,069,792 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GS30d.sys -- (GS30d)
DRV - [2007/08/28 05:58:00 | 000,005,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/09/20 17:43:10 | 000,073,224 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/06/28 16:25:24 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/04 03:17:24 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/03/21 16:04:24 | 000,889,472 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005/07/14 12:14:34 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys -- (risdptsk)
DRV - [2005/07/12 19:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/05/11 14:03:00 | 000,189,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/06/19 20:57:14 | 000,029,184 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -- (NAVAPEL)
DRV - [2002/06/19 20:57:12 | 000,218,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP)
DRV - [2001/08/17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..keyword.URL: "http://www.bing.com/...?FORM=IEFM1&q="


FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/04 12:36:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/09 23:57:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2006/12/20 01:38:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2006/12/20 01:38:54 | 000,000,000 | ---D | M]

[2009/05/11 21:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Douglas Bramley\Application Data\Mozilla\Extensions
[2006/12/20 01:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Douglas Bramley\Application Data\Mozilla\Firefox\Profiles\v5mgjsv4.default\extensions
[2010/06/04 14:03:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Douglas Bramley\Application Data\Mozilla\Firefox\Profiles\v5mgjsv4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/14 00:05:38 | 000,010,899 | ---- | M] () -- C:\Documents and Settings\Douglas Bramley\Application Data\Mozilla\Firefox\Profiles\v5mgjsv4.default\searchplugins\bing.xml
[2006/12/20 01:38:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/08 21:39:02 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/06/08 21:39:04 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/06/08 21:39:04 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/06/08 21:39:04 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EPSON Stylus D78 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Oxford.lnk = C:\COMPLEX\OXFORD.EXE (AND Software B.V.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPNGuardUI.lnk = C:\Program Files\opswat\VPNGuard\VPNGuardUI.exe ()
O4 - Startup: C:\Documents and Settings\Douglas Bramley\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Documents and Settings\Douglas Bramley\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1159957328390 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} http://www.miniclip....er/igloader.CAB (igLoader Content on Demand)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Douglas Bramley\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Douglas Bramley\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/15 20:09:00 | 000,000,000 | ---D | M] - C:\Autorun -- [ FAT32 ]
O33 - MountPoints2\{bf5f7286-5c49-11dc-ac99-0018f32f7dbf}\Shell\AutoRun\command - "" = E:\GizmoSecure\Windows\GizmoSecure30.exe -- File not found
O33 - MountPoints2\{fcd38b86-b335-11dd-ad37-0018f32f7dbf}\Shell - "" = AutoRun
O33 - MountPoints2\{fcd38b86-b335-11dd-ad37-0018f32f7dbf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fcd38b86-b335-11dd-ad37-0018f32f7dbf}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{fcd38b87-b335-11dd-ad37-0018f32f7dbf}\Shell - "" = AutoRun
O33 - MountPoints2\{fcd38b87-b335-11dd-ad37-0018f32f7dbf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fcd38b87-b335-11dd-ad37-0018f32f7dbf}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/06/13 15:40:32 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MKVC - C:\WINDOWS\System32\KMVIDC32.DLL ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/10 16:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Douglas Bramley\Application Data\Malwarebytes
[2010/06/10 16:30:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/10 16:30:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/10 16:30:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/10 16:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/10 16:21:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/10 16:19:06 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/08 02:48:28 | 000,000,000 | -HSD | C] -- C:\FOUND.002
[2010/06/07 14:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Douglas Bramley\Application Data\AVG9
[2010/06/04 14:13:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/04 14:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Douglas Bramley\My Documents\Downloads
[2010/06/04 12:47:18 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/06/04 12:38:59 | 000,025,096 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/06/04 12:38:59 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/06/04 12:38:58 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/06/04 12:38:56 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/04 12:38:48 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/06/04 12:38:46 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/04 12:38:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/06/04 12:36:20 | 000,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/06/04 12:36:20 | 000,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/06/04 12:34:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/06/04 12:34:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/06/04 12:18:35 | 002,131,808 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Douglas Bramley\Desktop\avg_free_stb_all_9_114_cnet.exe
[2010/06/04 12:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/01 14:55:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[10 C:\Documents and Settings\Douglas Bramley\My Documents\*.tmp files -> C:\Documents and Settings\Douglas Bramley\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/10 19:11:44 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Douglas Bramley\ntuser.dat
[2010/06/10 19:11:30 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Word 2003.lnk
[2010/06/10 19:05:44 | 000,000,717 | ---- | M] () -- C:\WINDOWS\Oxford.ini
[2010/06/10 19:05:42 | 000,000,905 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/10 19:04:18 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\Douglas Bramley\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2010/06/10 19:01:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/10 19:01:04 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/06/10 19:00:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/10 19:00:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/10 18:59:06 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Douglas Bramley\ntuser.ini
[2010/06/10 16:47:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Douglas Bramley\Local Settings\Application Data\prvlcl.dat
[2010/06/10 16:33:30 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/10 16:20:24 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\Douglas Bramley\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/10 16:06:42 | 060,896,297 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/10 15:58:06 | 000,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/09 23:59:42 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/09 23:49:42 | 000,506,430 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/09 23:49:42 | 000,444,676 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/09 23:49:42 | 000,072,552 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/09 22:13:44 | 000,000,578 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Douglas Bramley.job
[2010/06/09 17:58:52 | 000,166,912 | ---- | M] () -- C:\Documents and Settings\Douglas Bramley\My Documents\geeks to go instructions.doc
[2010/06/09 17:58:52 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Douglas Bramley\My Documents\~$eks to go instructions.doc
[2010/06/09 13:09:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/07 17:13:44 | 000,183,296 | ---- | M] () -- C:\Documents and Settings\Douglas Bramley\My Documents\fringe-job-application-form-street-events.doc
[2010/06/05 11:50:12 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/05 11:50:10 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/05 11:46:02 | 000,594,556 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/06/04 14:13:34 | 000,002,004 | ---- | M] () -- C:\Documents and Settings\Douglas Bramley\Desktop\HiJackThis.lnk
[2010/06/04 14:11:38 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/04 12:39:04 | 000,001,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/06/04 12:39:02 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/06/04 12:39:00 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/06/04 12:39:00 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/06/04 12:38:50 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/06/04 12:38:48 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/06/04 12:36:22 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/06/04 12:36:22 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/06/04 12:18:44 | 002,131,808 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Douglas Bramley\Desktop\avg_free_stb_all_9_114_cnet.exe
[2010/05/11 00:44:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/06 02:51:50 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Douglas Bramley\My Documents\Dissertation proposal form2.doc
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 02:24:30 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Douglas Bramley\Desktop\iTunes.lnk
[2010/04/09 16:21:56 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Douglas Bramley\My Documents\San Marco essay.doc
[2010/04/09 13:17:38 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Douglas Bramley\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/28 04:36:56 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Douglas Bramley\My Documents\Wittgenstien essay.doc
[2010/03/20 02:07:18 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Douglas Bramley\My Documents\philosophy of biology essay.doc
[2010/03/18 00:00:40 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Douglas Bramley\My Documents\phill bio essay.doc
[10 C:\Documents and Settings\Douglas Bramley\My Documents\*.tmp files -> C:\Documents and Settings\Douglas Bramley\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/10 16:30:24 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/10 16:20:22 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\Douglas Bramley\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/09 17:58:50 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Douglas Bramley\My Documents\~$eks to go instructions.doc
[2010/06/09 17:58:49 | 000,166,912 | ---- | C] () -- C:\Documents and Settings\Douglas Bramley\My Documents\geeks to go instructions.doc
[2010/06/08 21:42:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Douglas Bramley\Local Settings\Application Data\prvlcl.dat
[2010/06/07 17:13:42 | 000,183,296 | ---- | C] () -- C:\Documents and Settings\Douglas Bramley\My Documents\fringe-job-application-form-street-events.doc
[2010/06/04 14:13:32 | 000,002,004 | ---- | C] () -- C:\Documents and Settings\Douglas Bramley\Desktop\HiJackThis.lnk
[2010/06/04 12:39:02 | 000,001,415 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/06/04 12:38:46 | 000,594,556 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/06/04 12:38:46 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/06/04 12:38:39 | 060,896,297 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/11 00:44:04 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/06 02:51:49 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\Douglas Bramley\My Documents\Dissertation proposal form2.doc
[2010/04/09 16:21:54 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\Douglas Bramley\My Documents\San Marco essay.doc
[2010/03/27 22:22:49 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Douglas Bramley\My Documents\Wittgenstien essay.doc
[2010/03/20 02:07:16 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Douglas Bramley\My Documents\philosophy of biology essay.doc
[2010/03/18 00:00:38 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Douglas Bramley\My Documents\phill bio essay.doc
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2007/10/09 20:23:04 | 000,002,074 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/09/06 08:21:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\GizmoSecure30.INI
[2007/09/06 08:21:45 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\GizmoSecure30.dll
[2007/09/06 08:21:45 | 000,069,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\GS30d.sys
[2007/05/13 23:11:46 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wa.INI
[2007/02/15 20:21:46 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/01/21 00:24:27 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2007/01/14 18:01:14 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/11/30 12:35:09 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/11/23 12:01:35 | 000,000,051 | ---- | C] () -- C:\WINDOWS\KeyScript.ini
[2006/09/26 16:48:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2006/09/26 15:41:23 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/09/20 18:21:15 | 000,000,717 | ---- | C] () -- C:\WINDOWS\Oxford.ini
[2006/09/20 18:21:13 | 000,211,285 | ---- | C] () -- C:\WINDOWS\XWI321.DLL
[2006/09/20 18:21:13 | 000,058,759 | ---- | C] () -- C:\WINDOWS\XWI321TE.DLL
[2006/09/20 17:45:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/09/20 17:08:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/26 09:38:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/14 08:23:02 | 000,007,424 | R--- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS
[2006/04/12 19:17:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\KESIMapiStub.dll
[2005/02/17 16:07:48 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2004/09/16 14:31:02 | 000,000,686 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/07/30 11:33:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2000/07/10 15:02:26 | 000,541,761 | ---- | C] () -- C:\WINDOWS\System32\Prdllw32.dll
[2000/07/10 15:01:10 | 000,243,425 | ---- | C] () -- C:\WINDOWS\System32\Pddllw32.dll
[1996/03/26 14:09:08 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\Pddllwnt.dll
[1995/08/23 13:45:58 | 000,002,016 | ---- | C] () -- C:\WINDOWS\Sg5w30.dll
[1995/08/23 13:45:54 | 000,214,899 | ---- | C] () -- C:\WINDOWS\Aplib2.dll
[1995/08/23 13:45:42 | 000,034,144 | ---- | C] () -- C:\WINDOWS\Aplib1.dll
[1995/08/23 13:45:40 | 000,006,784 | ---- | C] () -- C:\WINDOWS\Accupage.dll

========== LOP Check ==========

[2006/09/22 11:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KESI
[2006/09/26 16:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2006/09/26 16:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/08/22 17:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ChessBase
[2010/06/04 12:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2006/09/22 12:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Douglas Bramley\Application Data\KESI
[2006/09/26 16:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Douglas Bramley\Application Data\Nuance
[2006/10/04 11:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Douglas Bramley\Application Data\EPSON
[2006/11/23 12:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Douglas Bramley\Application Data\Gael
[2007/01/06 01:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Douglas Bramley\Application Data\Azureus
[2007/12/28 19:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Douglas Bramley\Application Data\Leadertech
[2008/01/05 16:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Douglas Bramley\Application Data\TSO
[2009/07/29 00:58:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Douglas Bramley\Application Data\Spotify
[2009/08/22 17:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Douglas Bramley\Application Data\ChessBase
[2009/10/23 01:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Douglas Bramley\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/06/07 14:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Douglas Bramley\Application Data\AVG9

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/07/16 09:11:32 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2006/09/06 18:15:28 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2004/08/04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2005/03/24 16:53:54 | 000,020,480 | ---- | M] (Ergo UK) -- C:\Reminder.exe
[2001/08/23 12:00:00 | 001,388,544 | ---- | M] (Microsoft Corporation) -- C:\msvbvm60.dll
[2006/09/20 17:45:18 | 000,023,730 | -H-- | M] () -- C:\_NavCClt.Log
[2006/09/20 17:43:10 | 000,017,590 | ---- | M] () -- C:\PkgClnup.log
[2006/09/20 18:21:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/09/20 18:21:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/10 19:00:28 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2009/09/23 14:57:18 | 000,000,008 | ---- | M] () -- C:\test.txt
[2009/02/02 19:39:50 | 000,000,000 | ---- | M] () -- C:\report.txt
[2009/09/23 14:57:18 | 000,000,008 | ---- | M] () -- C:\testcrypted.txt
[2009/09/23 14:57:18 | 000,000,008 | ---- | M] () -- C:\testBack.txt
[2007/12/07 08:41:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2007/12/07 08:41:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2007/12/12 01:20:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2007/12/12 01:20:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2007/12/13 14:39:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2007/12/13 14:39:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2007/12/13 14:39:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2007/12/13 14:39:22 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2007/12/14 01:24:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2007/12/14 01:24:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2007/12/14 19:02:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2007/12/14 19:02:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2007/12/16 00:56:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2007/12/16 00:56:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2007/12/16 22:46:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2007/12/16 22:46:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2007/12/16 23:38:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2007/12/16 23:38:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2007/12/17 23:21:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2007/12/17 23:21:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2007/12/20 08:16:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2007/12/20 08:16:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2007/12/22 00:52:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2007/12/22 00:52:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2007/12/22 23:53:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2007/12/22 23:53:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/07/15 17:25:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/07/15 17:25:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/09/09 11:12:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/09/09 11:12:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/09/09 11:14:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008/09/09 11:14:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/02/24 12:41:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/02/24 12:41:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/02/28 11:41:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/02/28 11:41:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2007/11/25 02:15:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2007/11/25 02:15:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2007/12/04 05:46:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2007/12/04 05:46:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2004/08/04 12:00:00 | 000,068,768 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mmsystem.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/06/13 15:48:08 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2006/06/13 15:48:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/06/13 15:48:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 05:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
< End of report >


OTL Extras logfile created on: 10/06/2010 19:09:45 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Douglas Bramley\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,015.00 Mb Total Physical Memory | 302.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.49 Gb Total Space | 29.60 Gb Free Space | 39.74% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ENSIS211DOB
Current User Name: Douglas Bramley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kurzweil Educational Systems\Kurzweil 3000\Kurzweil 3000.exe" = C:\Program Files\Kurzweil Educational Systems\Kurzweil 3000\Kurzweil 3000.exe:*:Enabled:Kurzweil 3000 -- (Kurzweil Educational Systems, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Disabled:Azureus -- (Aelitis)
"C:\Program Files\THQ\Dawn Of War\W40k.exe" = C:\Program Files\THQ\Dawn Of War\W40k.exe:*:Disabled:W40k -- (THQ Canada Inc.)
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Disabled:Ares p2p for windows -- File not found
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)
"C:\Program Files\Microsoft Games\Halo\halo.exe" = C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044146E4-A924-458A-9948-4B9C7C7D9321}" = LightScribe 1.4.31.1
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
"{11D3D948-2789-2E3D-03D7-282B537D8C01}" = BBC iPlayer Desktop
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34DB8600-BF1C-40BB-A6EB-259A1B408568}" = English Language CD
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{50D8FFDD-90CD-4859-841F-AA1961C7767A}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{674FEFFB-E398-42A8-813B-AFEB43123854}" = OPSWAT VPNGuard
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD
"{70D9854A-CEF5-4BCF-B37A-0AA1AB0A83CF}" = Playchess
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{79D1BA4A-BEB4-4357-A431-C3EF58E72E6C}" = DSA Theory Test
"{7DDAA520-414B-4671-BE8A-12428ACF76A3}" = Conflict Vietnam
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820F4F44-9B10-4A5D-ACC5-4BC2EA3FFEEE}" = Kurzweil 3000 v.10
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F12F73-D52E-40C0-93B1-463C311C4E17}" = Dawn Of War
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B4789DF-F357-4056-B94B-7EF76E4B087C}" = MindGenius Education
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97DB07C0-7E43-4C4A-8766-26396935F177}" = Playchess
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}" = Apple Software Update
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}" = Dragon NaturallySpeaking 9
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ares" = Ares 2.0.6
"AVG9Uninstall" = AVG 9.0
"Azureus" = Azureus
"BA7C3E474BCC2DD6360ACAFC7E9C0F9C7E2B96EB" = Windows Driver Package - Intel (w39n51) net (04/04/2006 10.1.1.3)
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"CampusNet" = CampusNet Uninstall
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10431966" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Delta Force 2" = Delta Force 2
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"F785D6B63FDA08F811F56F84F831B3E291B7129A" = Windows Driver Package - Intel (w29n51) net (04/05/2006 9.0.4.13)
"GameSpy Arcade" = GameSpy Arcade
"Generic ChkMail" = Generic ChkMail
"GizmoSecure" = Gizmo Secure 3.0
"Google Updater" = Google Updater
"Halo" = Microsoft Halo
"HControl" = ATK0100 ACPI UTILITY
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{79D1BA4A-BEB4-4357-A431-C3EF58E72E6C}" = DSA Theory Test
"LiveUpdate1.7" = LiveUpdate 1.7 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mirek's_Cellebration" = Mirek's Cellebration 4.20
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSS" = Norton Security Scan
"Red Alert" = Red Alert Windows 95
"Red Alert 2" = Command & Conquer Red Alert 2
"Shockwave" = Shockwave
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Sonic 3D" = Sonic 3D
"Spotify" = Spotify
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"StirlingVPN" = StirlingVPN
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tiberian Sun" = Command & Conquer Tiberian Sun
"VLC media player" = VLC media player 0.9.9
"WChat" = Westwood Chat
"web'n'walk stick manager" = web'n'walk stick manager
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WOLAPI" = Westwood Shared Internet Components
"Worms Armageddon" = Worms Armageddon
"Worms2" = Worms2
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/04/2010 12:10:15 | Computer Name = ENSIS211DOB | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17023, faulting
module unknown, version 0.0.0.0, fault address 0x01846941.

Error - 01/05/2010 20:09:10 | Computer Name = ENSIS211DOB | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17023, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x000101b3.

Error - 03/05/2010 16:09:20 | Computer Name = ENSIS211DOB | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17023, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00010a19.

Error - 03/05/2010 16:11:37 | Computer Name = ENSIS211DOB | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17023, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00010a19.

Error - 03/05/2010 17:33:18 | Computer Name = ENSIS211DOB | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17023, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00010a19.

Error - 05/05/2010 16:35:16 | Computer Name = ENSIS211DOB | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17023, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x000101b3.

Error - 05/05/2010 17:29:33 | Computer Name = ENSIS211DOB | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17023, faulting
module unknown, version 0.0.0.0, fault address 0x018474f3.

Error - 08/05/2010 17:32:26 | Computer Name = ENSIS211DOB | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17023, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x000101b3.

Error - 16/05/2010 10:36:00 | Computer Name = ENSIS211DOB | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17023, faulting
module unknown, version 0.0.0.0, fault address 0x018472ff.

Error - 04/06/2010 07:16:48 | Computer Name = ENSIS211DOB | Source = MsiInstaller | ID = 11500
Description = Product: Java™ 6 Update 20 -- Error 1500.Another installation is
in progress. You must complete that installation before continuing this one.

[ System Events ]
Error - 09/06/2010 13:40:25 | Computer Name = ENSIS211DOB | Source = Service Control Manager | ID = 7034
Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s).

Error - 09/06/2010 13:40:25 | Computer Name = ENSIS211DOB | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 09/06/2010 13:45:23 | Computer Name = ENSIS211DOB | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the BarDiscover Service service
to connect.

Error - 09/06/2010 13:49:23 | Computer Name = ENSIS211DOB | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service VPNGuardService
with arguments "" in order to run the server: {5E41093F-892E-4AE0-8C72-BE82F8A1AEBF}

Error - 09/06/2010 13:49:23 | Computer Name = ENSIS211DOB | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the VPNGuardService service
to connect.

Error - 09/06/2010 13:49:23 | Computer Name = ENSIS211DOB | Source = Service Control Manager | ID = 7000
Description = The VPNGuardService service failed to start due to the following error:
%%1053

Error - 10/06/2010 10:59:51 | Computer Name = ENSIS211DOB | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the BarDiscover Service service
to connect.

Error - 10/06/2010 14:03:28 | Computer Name = ENSIS211DOB | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service VPNGuardService
with arguments "" in order to run the server: {5E41093F-892E-4AE0-8C72-BE82F8A1AEBF}

Error - 10/06/2010 14:03:43 | Computer Name = ENSIS211DOB | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the VPNGuardService service
to connect.

Error - 10/06/2010 14:03:43 | Computer Name = ENSIS211DOB | Source = Service Control Manager | ID = 7000
Description = The VPNGuardService service failed to start due to the following error:
%%1053


< End of report >
  • 0

Advertisements

#2
mpascal
Posted 12 June 2010 - 10:23 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi doug62,

Welcome to Geeks To Go!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.
STEP 1 - TFC

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
STEP 2 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM''s database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • Kaspersky Log

  • 0

#3
mpascal
Posted 20 June 2010 - 08:02 AM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#4
mpascal
Posted 21 June 2010 - 10:39 AM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi there,

Welcome back, did you ever get the Kaspersky scan to finish?
  • 0

#5
mpascal
Posted 22 June 2010 - 09:17 AM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi there,

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.
alternate download link
Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the anti-virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

  • 0

#6
mpascal
Posted 28 June 2010 - 04:42 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP