Results 1 to 7 of 7
  1. #1
    Member
    Join Date
    Apr 2009
    Posts
    33
    Points
    0

    Default bdWruSduNKKJP.exe - symptoms

    A file called bdWruSduNKKJP.exe was quarantined two days ago by my Avast antivirus program. It was removed from C:/Documents and Settings/All Users/Application Data. HijackThis also showed a 04 entry for the same name. This has now been “fixed” by HijackThis.

    Afterwards I noticed the following symptoms on my PC (Windows XP Home Edition + Service Pack 3) -

    Task Manager was disabled - now recovered (manually)
    Several Files were hidden - some have now been unhidden (manually)
    Most IE Explorer Favourites were hidden - now been unhidden (manually)
    Most Desktop Icons were hidden - now been unhidden (manually)
    SpyWareBlaster can not detect Firefox - this was the first symptom that I noticed and I started Firefox & SpywareBlaster on the Computer Help forum.
    System Recovery does not operate (albeit going through all the motions of doing so).
    Commit Charge on Task Manager seems to be approx 30m higher than previous with the same number of Processes running.

    There may also be other symptoms that I am not aware of.

    The main rogue objects seem to have been stopped but it is a worry that some debris and unwanted effects have been left behind.

    Could you please help me to check and remove anything that should not be there and to restore any settings, which might have been amended, back to what they should be?

    I will post the three initial logs as a separate entry.

    Daphne

  2. #2
    Member
    Join Date
    Apr 2009
    Posts
    33
    Points
    0

    Default Logs

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 05/29/2011 at 08:34 AM

    Application Version : 4.53.1000

    Core Rules Database Version : 7162
    Trace Rules Database Version: 4974

    Scan type : Quick Scan
    Total Scan Time : 00:08:00

    Memory items scanned : 451
    Memory threats detected : 0
    Registry items scanned : 1961
    Registry threats detected : 0
    File items scanned : 5891
    File threats detected : 0



    Malwarebytes' Anti-Malware 1.50.1.1100
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 6710

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    29/05/2011 10:44:01
    mbam-log-2011-05-29 (10-44-00).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 214184
    Time elapsed: 38 minute(s), 46 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:51:14, on 29/05/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Microsoft Works\WksWP.exe
    C:\Program Files\Microsoft Works\MSWorks.exe
    C:\Program Files\Microsoft Works\wkgdcach.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:4021
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.tiny.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1103643235720
    O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 6554 bytes

  3. #3
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Hello Daphne hogg and Welcome to the Help2Go Spyware Help Forum

    Sorry for the delay!!
    .


    That program is a fake antivirus!

    Ransomware Program is a program that literally ransoms the data or functionality of your computer until you perform an action, which is typically to purchase the program or send someone money.



    Detailed description:

    Ransomware are programs that take your computer hostage in order to force you to give them money so that your computer operates properly again. These programs typically change the behavior of your computer in the following ways:

    Make it so that you can not execute programs other than ones required to pay the ransom.

    Terminate any non-essential programs that may be running.

    Encrypt your data so that you can no longer access it or open it with programs.

    Remove your ability to browse the Internet other than to locations that will allow you to pay the ransom

    Once you pay the requested ransom, the criminals may send you a code that you can input into the Ransomware program that will then allow you to use your computer or decrypt your data. In some situations, though, even if you do pay the ransom, the criminals will just take your money and run, with you being left with your problem unresolved.

    Though the loss of your data and computer can be devastating, sending the ransom could be even more so. Depending on how the criminals want you to pay the ransom could put you at risk for Identity Theft as the information you send may contain personal information. Therefore, we suggest that you never pay these ransoms as in almost all situations a solution will be found that will allow you to remove the ransomware or restore your data without you having to pay the ransom. Therefore, if you ever run into a ransomware, please do not send the payment, and instead you should ask around in our forum or research your situation through Google, as the answer will most likely be published or at least being worked on.
    Details by Grinler.


    My nick is Net_Surfer and I will be helping you with your malware issues, this may or may not solve other issues you may have with your machine.

    Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.

    I would also like to inform you that most of us here at Help2Go support forums offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!


    Please be patient and I'd be grateful if you would note the following:

    The cleaning process is not instant. Combofix, OTL and hijackthis logs can take some time to research, Please be aware that I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.

    I use Google as resource to research what the problem is just to understand some of the infections that are infecting the computer and understand where I need to focus more on to ensure that the member get the best and honest service.

    so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.


    1. Please Read All Instructions Carefully and perform the steps fully and in the order they are written.
    2. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    3. Do not attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. Never will there be an all in one solution for repairing an infected computer. You must have a great arsenal of utilities that can take care of what another program may miss or isn't as specialized as another.
    4. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.
    5. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
    6. Please continue to review my answers until I tell you that your machine is clean and free of malware. (Absence of symptoms does not mean that everything is clear.
    Just because you can't see a problem doesn't mean it isn't there.

    If you can do these things, everything should go smoothly!


    OK..If you have a Vista or Win7 computer ensure that you right click on the tools and run them as an Admin. IF XP double click on the program to run them.

    Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.
    Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.


    Let's Fix your Internet Explorer Browser by doing the following:

    Click on: Tools > then in "Internet Options" > Click on the "Advanced" Tab > You will see the "Reset" button at the bottom. <-- Click on it to reset internet explorer so you can use it again.


    *If The infection may created a Proxy with your internet connection. We will need to reset that.

    Recheck by doing the following:

    Do this....

    - In Internet Explorer browser: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    - In Firefox Browser: Click in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver.

    Reboot and check your internet connection.


    If that did not fix the problem do the following steps:

    Let's use your firefox browser to download the tools and ensure that you put them on the desktop of the infected computer:

    To work properly, you must install all of the fixing tools on the Desktop..
    • If you are using Firefox, make sure that your download settings are as follows:

      * Tools->Options->Main tab
      * Set to "Always ask me where to Save the files".
    • For Internet Explorer:
      o Choose to save, not open the file
      o When prompted - save the file to your desktop


    *If you can not run this fixing tools in normal mode then...Let's do the steps in safe mode with networking:


    Please carefully follow the next set of steps:

    If you can not download and run the following tools, then I would like for you to try another approach:

    If you have the use of another computer please either use a Flash Drive or a CD to download the following and transfer them for use on the infected machine.
    Be sure you put them on the desktop of the infected computer.


    Step 1.

    Please download the following 4 programs to a clean computer and then transfer them on to a usb stick.

    Download FixNCR.reg
    Download Rkill
    Download Malwarebytes Anti-Malware


    Step 2.

    Please reboot your Infected computer in Safe Mode with Networking by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
      You will need to use the 'keyboard arrow keys' to navigate on this menu.
    • Select the option, to run Windows in Safe Mode With Networking, then press "Enter".
    • Then choose your usual account.

    • Once you have downloaded all the necessary files to a removable device, you need to plug it into your infected computer so it can access them.
    • Now open the drive that corresponds to the removable media that you copied the programs from the earlier step. Once open, double-click on the FixNCR.reg file. When Windows prompts whether or not you want to allow the data to be added to your computer, click on the Yes button.
    • Now run RKill.
      If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the malware when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself .

      If the malware is persistant, you may have to run RKill a number of times.
      When it has finished, the black window will automatically close and you can continue with the next step.

      If you continue having problems running rkill.com, you can download iExplore or eXplorer.exe from the rkill download page. Both of these files are renamed copies of rkill.com, which you can try instead. Please note that the download page will open in a new browser window or tab.

      Note: If Rkill detects a proxy, it will disable it and make a backup on the desktop as rk-proxy.reg. At the end of the fix you can safely delete it by right click and select delete.


      Please do not reboot your system until you have completed the following step, or the Malware will restart itself:

    • You should now be able to run the MBAM setup.

    Step 3.
    • Make sure you are connected to the Internet.
    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • On the Scanner tab:
      • Make sure the "Perform Full Scan" option is selected.
      • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply and exit MBAM.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    Now that you are in normal mode...You should now be able to download OTL onto the infected system.
    Step 4.

    This tool will unhide everything that has been hidden


    Please download and run >> UnHide.exe << by Grinler.
    Once finished let me know if anything has changed

    Step 5.

    • Download OTL to your desktop.
      right click on the link and select 'Save Link/Target As'.

      if you have problems, try this download link:
      OTL
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check
    .

    .

    • Now copy the lines in bold below.

      netsvcs
      msconfig
      %SYSTEMDRIVE%\*.*
      %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\system32\*.exe /lockedfiles
      %systemroot%\System32\config\*.sav
      %PROGRAMFILES%\*
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      CREATERESTOREPOINT


    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


      .
    • Click the Run Scan button.


    • Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.



    Summary of the logs I will need in your next reply:
    • Rkill log.
    • MBAM log.
    • The TWO report logs of OTL

    How are things your end ?


    Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

    Again, Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

    The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

    Kind regards
    Net_Surfer

    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  4. The Following User Says Thank You to Net_Surfer For This Useful Post:


  5. #4
    Member
    Join Date
    Apr 2009
    Posts
    33
    Points
    0

    Default

    Many thanks for taking the trouble to help.

    I need a bit of time to digest all that you have said and to implement it in the correct order.

    I am able to download the tools to my desktop, so should I just run them in normal mode. I already have that version of Malwarebytes installed. Should I uninstall it and then do what you have said or can I continue to use the one that is already installed?

    Daphne

  6. #5
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Hi Daphne

    Run the tools in normal mode...if you have trouble then do them in safe mode with networking
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  7. #6
    Member
    Join Date
    Apr 2009
    Posts
    33
    Points
    0

    Default

    For the Internet browser(s), I followed all of the initial instructions that you gave and everything was already set at what you said it should be.

    I have Run FixNCRreg with no apparent problems. It took only seconds.

    I have Run Rkill (after turning off Avast Shields, which would not let it run) but I cannot find a log anywhere.

    I have Updated and Run Malwarebytes, which found no malicious items. I append the log below.

    I have Run unhide.exe (after turning off Avast Shields again). I cannot immediately see any changes but I had already unhidden (manually) most of the items which I use frequently beforehand.

    I have Run OTL (with Avast Shields still turned off). I append the two logs below.

    SpywareBlaster is now detecting FireFox.

    Daphne

  8. #7
    Member
    Join Date
    Apr 2009
    Posts
    33
    Points
    0

    Default Logs (second batch)

    Malwarebytes' Anti-Malware 1.50.1.1100
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 6712

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    29/05/2011 13:33:06
    mbam-log-2011-05-29 (13-33-06).txt

    Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
    Objects scanned: 214332
    Time elapsed: 28 minute(s), 17 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    OTL logfile created on: 29/05/2011 13:52:14 - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\DAVID & IRENE\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    510.48 Mb Total Physical Memory | 160.25 Mb Available Physical Memory | 31.39% Memory free
    1.22 Gb Paging File | 0.78 Gb Available in Paging File | 63.88% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 183.71 Gb Total Space | 154.27 Gb Free Space | 83.97% Space Free | Partition Type: NTFS

    Computer Name: YOUR-0VKGCMIGMI | User Name: DAVID & IRENE | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\DAVID & IRENE\Desktop\OTL.scr (OldTimer Tools)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
    PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
    PRC - C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)
    PRC - C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe (Lexmark International, Inc.)
    PRC - C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\DAVID & IRENE\Desktop\OTL.scr (OldTimer Tools)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (HidServ) -- File not found
    SRV - (gupdate) Google Update Service (gupdate) -- File not found
    SRV - (AppMgmt) -- File not found
    SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
    SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
    DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
    DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
    DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)
    DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\wg111v3.sys (Realtek Semiconductor Corporation )
    DRV - (SocketLock) -- C:\WINDOWS\system32\socketlock.sys ()
    DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
    DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
    DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
    DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
    DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
    DRV - (cdrbsvsd) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys (B.H.A Corporation)
    DRV - (ATXBAR) -- C:\WINDOWS\system32\drivers\atxbar.sys (AVerMedia Technologies, Inc.)
    DRV - (ATVCAP) -- C:\WINDOWS\system32\drivers\atvcap.sys (AVerMedia Technologies, Inc.)
    DRV - (ATTSCAP) AVerMedia, WDM MPEG-2 TS Capture (DVBT) -- C:\WINDOWS\system32\drivers\attscap.sys (AVerMedia Technologies, Inc.)
    DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
    DRV - (StreamDispatcher) -- C:\WINDOWS\system32\drivers\strmdisp.sys (Conexant Systems, Inc.)
    DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
    DRV - (V124) -- C:\WINDOWS\system32\drivers\HSF_V124.sys (Conexant)
    DRV - (Tones) -- C:\WINDOWS\system32\drivers\HSF_TONE.sys (Conexant)
    DRV - (hsf_msft) -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys (Conexant)
    DRV - (Rksample) -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys (Conexant)
    DRV - (K56) -- C:\WINDOWS\system32\drivers\HSF_K56K.sys (Conexant)
    DRV - (Fallback) -- C:\WINDOWS\system32\drivers\HSF_FALL.sys (Conexant)
    DRV - (SoftFax) -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys (Conexant)
    DRV - (Fsks) -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys (Conexant)
    DRV - (basic2) -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys (Conexant)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:4021

    ========== FireFox ==========

    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "about:blank"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
    FF - prefs.js..extensions.enabledItems: 6
    FF - prefs.js..extensions.enabledItems: 2
    FF - prefs.js..extensions.enabledItems: 44
    FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3.1
    FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.7.7
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: support@easy-hide-ip.com:1.0
    FF - prefs.js..network.proxy.no_proxies_on: ""
    FF - prefs.js..network.proxy.socks_version: 4
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/05/14 14:13:42 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/27 20:43:53 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/27 20:43:53 | 000,000,000 | ---D | M]

    [2008/08/27 10:58:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DAVID & IRENE\Application Data\Mozilla\Extensions
    [2011/05/28 22:25:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DAVID & IRENE\Application Data\Mozilla\Firefox\Profiles\6o5omh38.default\extensions
    [2011/04/21 20:20:47 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Documents and Settings\DAVID & IRENE\Application Data\Mozilla\Firefox\Profiles\6o5omh38.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
    [2011/03/23 11:49:06 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\DAVID & IRENE\Application Data\Mozilla\Firefox\Profiles\6o5omh38.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
    [2011/05/15 10:08:35 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\DAVID & IRENE\Application Data\Mozilla\Firefox\Profiles\6o5omh38.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2009/09/10 17:53:13 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\DAVID & IRENE\Application Data\Mozilla\Firefox\Profiles\6o5omh38.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2011/03/23 11:49:07 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\DAVID & IRENE\Application Data\Mozilla\Firefox\Profiles\6o5omh38.default\extensions\personas@christopher.beard
    [2008/06/22 11:03:50 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\DAVID & IRENE\Application Data\Mozilla\Firefox\Profiles\6o5omh38.default\searchplugins\askjeeves.xml
    [2006/11/26 19:44:16 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\DAVID & IRENE\Application Data\Mozilla\Firefox\Profiles\6o5omh38.default\searchplugins\live-search.xml
    [2011/05/28 22:25:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/06/30 23:32:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2011/03/17 23:23:40 | 000,000,000 | ---D | M] (Easy-Hide-IP Firefox Plugin) -- C:\PROGRAM FILES\EASY-HIDE-IP\FF-EXTENSION
    [2010/06/30 23:32:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2010/06/30 23:32:00 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2007/02/04 23:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
    [2009/04/25 12:34:52 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    [2007/05/11 17:41:00 | 000,200,704 | ---- | M] (Ancestry.com) -- C:\Program Files\Mozilla Firefox\plugins\npImgCtl.dll
    [2011/04/21 00:07:17 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2011/04/21 00:07:17 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2011/04/21 00:07:17 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2011/04/21 00:07:17 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2011/05/28 08:27:56 | 000,436,124 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 007guard.com - 007guard and Free Antivirus
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com - Sex links Resources and Information. This website is for sale!
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.123topsearch.com
    O1 - Hosts: 127.0.0.1 123topsearch.com
    O1 - Hosts: 127.0.0.1 132???
    O1 - Hosts: 127.0.0.1 132.com
    O1 - Hosts: 127.0.0.1 Naruto Download | Cash Advance | Debt Consolidation | Insurance | Free Credit Report at 136136.net
    O1 - Hosts: 127.0.0.1 136136.net
    O1 - Hosts: 127.0.0.1 ?,,?,?,,??,??,?,?
    O1 - Hosts: 127.0.0.1 163ns.com
    O1 - Hosts: 15010 more lines...
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [QuickDVBT] File not found
    O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    O4 - HKCU..\Run: [Power2GoExpress] File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://protect.microsoft.com/securit...?1103650145687 (MSSecurityAdvisor Class)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.co...?1103643235720 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} http://download.zonelabs.com/bin/pro...tor/WebAAS.cab (Anonymizer Anti-Spyware Scanner)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\WINDOWS\Prairie Wind.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Prairie Wind.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/30 22:40:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    MsConfig - Services: "aawservice"
    MsConfig - Services: "gupdate"
    MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: ASM - hkey= - key= - File not found
    MsConfig - StartUpReg: Eraserl.exe - hkey= - key= - File not found
    MsConfig - StartUpReg: mmtask - hkey= - key= - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe (Musicmatch Inc.)
    MsConfig - StartUpReg: Power2GoExpress - hkey= - key= - File not found
    MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
    MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 2
    MsConfig - State: "startup" - 2

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/29 13:47:21 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DAVID & IRENE\Desktop\OTL.scr
    [2011/05/29 08:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2011/05/29 08:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011/05/29 07:18:50 | 011,280,808 | ---- | C] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware.exe
    [2011/05/29 07:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAVID & IRENE\My Documents\HelpToGo
    [2011/05/28 22:46:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\DAVID & IRENE\Recent
    [2011/05/28 14:05:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\DAVID & IRENE\IECompatCache
    [2011/05/28 13:30:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\DAVID & IRENE\PrivacIE
    [2011/05/28 13:18:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\DAVID & IRENE\IETldCache
    [2011/05/28 13:14:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
    [2011/05/28 13:12:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
    [2011/05/28 13:11:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8
    [2011/05/28 13:09:11 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
    [2011/05/28 13:09:11 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
    [2011/05/28 13:09:09 | 001,991,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
    [2011/05/28 13:09:09 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
    [2011/05/28 13:09:07 | 011,080,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
    [2011/05/28 11:34:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAVID & IRENE\Start Menu\Programs\HiJackThis
    [2011/05/27 20:44:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
    [2011/05/27 20:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
    [2011/05/27 08:13:04 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
    [2011/05/26 11:03:08 | 008,437,216 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.17.exe
    [2011/05/26 08:24:13 | 003,194,296 | ---- | C] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup44.exe
    [2011/05/21 08:17:06 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2011/04/16 10:30:54 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.50.1.1100.exe
    [2011/03/17 23:22:15 | 003,182,770 | ---- | C] (Easy-Hide-IP ) -- C:\Program Files\easy-hide-ip-3.7.6.exe
    [2010/11/25 00:01:56 | 002,811,584 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup300.exe
    [2010/11/03 14:22:23 | 003,182,231 | ---- | C] (Easy-Hide-IP ) -- C:\Program Files\easy-hide-ip-3.7.4.exe
    [2010/07/14 09:47:47 | 004,064,168 | ---- | C] (Piriform Ltd) -- C:\Program Files\dfsetup120.exe
    [2009/11/14 12:48:55 | 000,308,160 | ---- | C] (ALWIL Software) -- C:\Program Files\avast_home_setup.exe
    [2009/10/30 00:36:24 | 071,020,976 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_85_420a1700.exe
    [2009/04/25 12:34:27 | 003,734,784 | ---- | C] (Foxit Software) -- C:\Program Files\FoxitReader30_enu_Setup.exe
    [2009/02/12 09:56:13 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
    [2008/03/22 11:32:27 | 000,895,016 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WGAPluginInstall.exe
    [2007/09/25 14:55:25 | 006,910,136 | ---- | C] (Lizardtech ) -- C:\Program Files\djvu_plugin.most.current.exe
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/05/29 13:47:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DAVID & IRENE\Desktop\OTL.scr
    [2011/05/29 13:35:27 | 000,606,105 | ---- | M] () -- C:\Documents and Settings\DAVID & IRENE\Desktop\unhide.exe
    [2011/05/29 13:31:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
    [2011/05/29 13:15:02 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/05/29 12:47:07 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\DAVID & IRENE\My Documents\Draft.wps
    [2011/05/29 11:46:13 | 001,007,108 | ---- | M] () -- C:\Documents and Settings\DAVID & IRENE\Desktop\rkill.com
    [2011/05/29 11:44:41 | 000,001,134 | ---- | M] () -- C:\Documents and Settings\DAVID & IRENE\Desktop\FixNCR.reg
    [2011/05/29 07:18:09 | 011,280,808 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware.exe
    [2011/05/29 06:55:09 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011/05/29 06:53:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/05/29 06:52:41 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/05/29 06:51:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/05/29 06:51:37 | 535,351,296 | -HS- | M] () -- C:\hiberfil.sys
    [2011/05/28 13:53:46 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\DAVID & IRENE\Desktop\Explorer.exe.lnk
    [2011/05/28 11:30:20 | 001,402,880 | ---- | M] () -- C:\Program Files\HiJackThis.msi
    [2011/05/28 08:27:56 | 000,436,124 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/05/27 19:53:13 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\DAVID & IRENE\My Documents\WS97.wps
    [2011/05/27 13:57:36 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\DAVID & IRENE\Desktop\Outlook Express.lnk
    [2011/05/27 13:54:12 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\DAVID & IRENE\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2011/05/27 07:42:37 | 000,436,124 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110528-082755.backup
    [2011/05/26 10:56:24 | 008,437,216 | ---- | M] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.17.exe
    [2011/05/26 08:22:37 | 003,194,296 | ---- | M] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup44.exe
    [2011/05/26 08:10:48 | 000,001,588 | ---- | M] () -- C:\Documents and Settings\DAVID & IRENE\Desktop\xEvents.lnk
    [2011/05/26 08:10:40 | 000,436,124 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110527-074237.backup
    [2011/05/26 00:50:17 | 000,000,000 | ---- | M] () -- C:\mediatype.dat
    [2011/05/26 00:25:21 | 000,001,597 | ---- | M] () -- C:\Documents and Settings\DAVID & IRENE\Desktop\MS Spreadsheet.lnk
    [2011/05/26 00:01:53 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\DAVID & IRENE\Desktop\xEasy.exe.lnk
    [2011/05/25 23:55:31 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\DAVID & IRENE\Desktop\xInternet.lnk
    [2011/05/25 23:55:11 | 000,001,368 | ---- | M] () -- C:\Documents and Settings\DAVID & IRENE\Desktop\xSettings.lnk
    [2011/05/25 23:54:46 | 000,001,460 | ---- | M] () -- C:\Documents and Settings\DAVID & IRENE\Desktop\xCleaner.lnk
    [2011/05/25 23:51:01 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\DAVID & IRENE\Desktop\SpyBlaster.lnk
    [2011/05/25 23:48:59 | 000,001,603 | ---- | M] () -- C:\Documents and Settings\DAVID & IRENE\Desktop\MS Word Processor.lnk
    [2011/05/25 23:46:33 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\DAVID & IRENE\Desktop\Spybot.lnk
    [2011/05/23 16:38:59 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\DAVID & IRENE\My Documents\ACCOUNTS 201105.xlr
    [2011/05/22 16:17:39 | 000,000,537 | ---- | M] () -- C:\WINDOWS\lexstat.ini
    [2011/05/21 08:17:06 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2011/05/20 20:47:13 | 000,001,229 | ---- | M] () -- C:\WINDOWS\AVerDVBT.ini
    [2011/05/19 08:35:50 | 000,436,062 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110526-081040.backup
    [2011/05/14 14:13:44 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2011/05/12 08:58:19 | 000,435,554 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110519-083550.backup
    [2011/05/10 13:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011/05/10 13:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011/05/10 13:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2011/05/10 13:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011/05/10 13:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/05/10 13:02:25 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011/05/10 13:02:22 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011/05/10 12:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/05/10 12:59:37 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2011/05/10 12:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2011/05/05 08:41:01 | 000,435,448 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110512-085819.backup
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/05/29 13:35:30 | 000,606,105 | ---- | C] () -- C:\Documents and Settings\DAVID & IRENE\Desktop\unhide.exe
    [2011/05/29 11:46:09 | 001,007,108 | ---- | C] () -- C:\Documents and Settings\DAVID & IRENE\Desktop\rkill.com
    [2011/05/29 11:44:58 | 000,001,134 | ---- | C] () -- C:\Documents and Settings\DAVID & IRENE\Desktop\FixNCR.reg
    [2011/05/28 13:53:46 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\DAVID & IRENE\Desktop\Explorer.exe.lnk
    [2011/05/28 11:33:47 | 001,402,880 | ---- | C] () -- C:\Program Files\HiJackThis.msi
    [2011/05/27 20:47:15 | 535,351,296 | -HS- | C] () -- C:\hiberfil.sys
    [2011/05/27 13:57:36 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\DAVID & IRENE\Desktop\Outlook Express.lnk
    [2011/05/27 13:54:12 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\DAVID & IRENE\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2011/05/27 13:54:12 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\DAVID & IRENE\Start Menu\Programs\Windows Media Player.lnk
    [2011/05/27 13:54:09 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\DAVID & IRENE\Start Menu\Programs\Outlook Express.lnk
    [2011/05/26 00:25:21 | 000,001,597 | ---- | C] () -- C:\Documents and Settings\DAVID & IRENE\Desktop\MS Spreadsheet.lnk
    [2011/05/25 23:55:31 | 000,000,242 | ---- | C] () -- C:\Documents and Settings\DAVID & IRENE\Desktop\xInternet.lnk
    [2011/05/25 23:55:23 | 000,001,588 | ---- | C] () -- C:\Documents and Settings\DAVID & IRENE\Desktop\xEvents.lnk
    [2011/05/25 23:55:11 | 000,001,368 | ---- | C] () -- C:\Documents and Settings\DAVID & IRENE\Desktop\xSettings.lnk
    [2011/05/25 23:54:46 | 000,001,460 | ---- | C] () -- C:\Documents and Settings\DAVID & IRENE\Desktop\xCleaner.lnk
    [2011/05/25 23:51:01 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\DAVID & IRENE\Desktop\SpyBlaster.lnk
    [2011/05/25 23:48:59 | 000,001,603 | ---- | C] () -- C:\Documents and Settings\DAVID & IRENE\Desktop\MS Word Processor.lnk
    [2011/01/23 12:14:15 | 000,001,229 | ---- | C] () -- C:\WINDOWS\AVerDVBT.ini
    [2010/07/02 09:59:23 | 046,899,712 | ---- | C] () -- C:\Program Files\zaSetup_92_057_000_en.exe
    [2008/03/22 12:33:20 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
    [2008/02/24 10:45:27 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
    [2008/02/11 08:42:53 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
    [2008/02/11 08:42:53 | 000,003,460 | ---- | C] () -- C:\WINDOWS\unins000.dat
    [2007/03/30 08:09:09 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
    [2006/11/29 17:11:52 | 000,001,942 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2006/11/26 18:12:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2006/07/23 13:38:35 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
    [2006/06/22 17:31:19 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
    [2006/05/07 09:06:33 | 005,186,048 | ---- | C] () -- C:\Program Files\WindowsDefender.msi
    [2005/12/27 16:17:32 | 000,122,939 | ---- | C] () -- C:\WINDOWS\System32\perf32.ini
    [2005/12/18 10:02:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PICTURE.INI
    [2005/12/18 10:01:35 | 000,000,149 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
    [2005/12/04 17:08:49 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\socketlock.sys
    [2005/11/10 09:15:23 | 000,121,063 | ---- | C] () -- C:\WINDOWS\Uninstall.exe
    [2005/09/30 12:18:27 | 001,348,664 | ---- | C] () -- C:\Program Files\ymb_setup_mini_uk.exe
    [2005/02/05 16:43:33 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cgminivw.ini
    [2005/01/14 09:36:41 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PS5_SETUP.ini
    [2004/12/29 16:21:47 | 000,085,504 | ---- | C] () -- C:\Documents and Settings\DAVID & IRENE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2004/12/27 10:41:21 | 000,001,044 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
    [2004/12/21 21:06:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/12/21 17:09:34 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
    [2004/12/21 14:58:21 | 000,000,537 | ---- | C] () -- C:\WINDOWS\lexstat.ini
    [2004/10/29 07:28:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2004/10/29 07:27:43 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\ipfld.dll
    [2004/10/29 07:27:43 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\Check.dat
    [2004/10/29 07:27:43 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\ipflr.dll
    [2004/08/31 00:21:37 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
    [2004/08/31 00:21:37 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2004/08/31 00:21:37 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
    [2004/08/31 00:21:37 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2004/08/31 00:21:37 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2004/08/31 00:21:37 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
    [2004/08/31 00:21:37 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
    [2004/08/31 00:16:19 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2004/08/30 22:42:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2004/08/30 22:39:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/08/30 22:36:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/08/30 22:35:58 | 000,155,568 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/08/30 17:49:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2004/08/30 16:24:54 | 000,000,020 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
    [2004/08/30 16:24:52 | 000,168,207 | ---- | C] () -- C:\WINDOWS\System32\Unstall.exe
    [2004/03/03 10:29:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2004/03/03 10:29:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2004/01/22 22:54:22 | 000,001,004 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2004/01/22 22:53:29 | 000,314,816 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/01/22 22:53:29 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/01/22 22:53:29 | 000,040,952 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/01/22 22:53:29 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/01/22 22:53:27 | 000,004,875 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/01/22 22:53:23 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/01/22 22:53:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/01/22 22:53:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/01/22 22:53:08 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/01/22 22:52:51 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/01/22 22:52:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2003/08/18 14:55:48 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBKIH.EXE
    [2003/08/18 14:46:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
    [2002/11/13 19:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
    [2002/09/13 15:40:06 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
    [2001/01/19 19:50:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE

    ========== LOP Check ==========

    [2010/10/18 10:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2004/12/21 15:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
    [2011/05/29 07:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2005/09/29 16:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID & IRENE\Application Data\3M
    [2004/12/30 18:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID & IRENE\Application Data\AverAlbum
    [2009/04/25 12:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID & IRENE\Application Data\Foxit
    [2006/07/23 13:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID & IRENE\Application Data\FTW
    [2006/08/13 15:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID & IRENE\Application Data\Sereniti
    [2005/02/21 16:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID & IRENE\Application Data\spweng
    [2004/12/21 22:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID & IRENE\Application Data\Template
    [2009/04/15 17:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID & IRENE\Application Data\Uniblue
    [2011/05/29 13:31:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
    [2011/05/29 06:55:09 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2004/08/30 22:40:52 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/01/23 12:25:03 | 000,000,257 | ---- | M] () -- C:\AVerDVBTtext.txt
    [2010/06/10 09:32:06 | 000,000,211 | RHS- | M] () -- C:\boot.ini
    [2004/10/29 07:27:44 | 000,000,006 | ---- | M] () -- C:\Check.dat
    [2004/08/30 22:40:52 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2004/10/28 22:10:48 | 000,000,007 | ---- | M] () -- C:\FLASHED.DAT
    [2011/05/29 06:51:37 | 535,351,296 | -HS- | M] () -- C:\hiberfil.sys
    [2004/08/30 22:40:52 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/05/26 00:50:17 | 000,000,000 | ---- | M] () -- C:\mediatype.dat
    [2004/08/30 22:40:52 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/12/21 21:14:24 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/07/16 10:01:08 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/05/29 06:51:35 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
    [2004/10/29 07:30:46 | 000,000,518 | ---- | M] () -- C:\SCANDISK.LOG
    [2004/12/21 15:00:22 | 000,000,168 | ---- | M] () -- C:\setupfax.log

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2003/07/29 13:27:40 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBKPP5C.DLL
    [2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2002/05/14 16:50:34 | 000,011,264 | ---- | M] (BVRP Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\wfxprint2000.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\*.exe /lockedfiles >
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\System32\config\*.sav >
    [2004/08/30 22:34:36 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2004/08/30 22:34:36 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2004/08/30 22:34:36 | 000,421,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\* >
    [2009/11/14 12:49:12 | 000,308,160 | ---- | M] (ALWIL Software) -- C:\Program Files\avast_home_setup.exe
    [2009/10/30 00:35:44 | 071,020,976 | ---- | M] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_85_420a1700.exe
    [2010/11/24 12:33:32 | 002,811,584 | ---- | M] (Piriform Ltd) -- C:\Program Files\ccsetup300.exe
    [2010/07/14 09:33:47 | 004,064,168 | ---- | M] (Piriform Ltd) -- C:\Program Files\dfsetup120.exe
    [2007/09/25 14:55:46 | 006,910,136 | ---- | M] (Lizardtech ) -- C:\Program Files\djvu_plugin.most.current.exe
    [2010/11/02 23:56:46 | 003,182,231 | ---- | M] (Easy-Hide-IP ) -- C:\Program Files\easy-hide-ip-3.7.4.exe
    [2011/03/17 23:19:43 | 003,182,770 | ---- | M] (Easy-Hide-IP ) -- C:\Program Files\easy-hide-ip-3.7.6.exe
    [2011/05/26 10:56:24 | 008,437,216 | ---- | M] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.17.exe
    [2009/04/25 12:34:38 | 003,734,784 | ---- | M] (Foxit Software) -- C:\Program Files\FoxitReader30_enu_Setup.exe
    [2011/05/28 11:30:20 | 001,402,880 | ---- | M] () -- C:\Program Files\HiJackThis.msi
    [2011/04/16 10:30:25 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.50.1.1100.exe
    [2009/02/12 09:57:20 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
    [2011/05/26 08:22:37 | 003,194,296 | ---- | M] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup44.exe
    [2011/05/29 07:18:09 | 011,280,808 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware.exe
    [2008/03/22 11:32:20 | 000,895,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WGAPluginInstall.exe
    [2006/12/06 12:42:54 | 005,186,048 | ---- | M] () -- C:\Program Files\WindowsDefender.msi
    [2005/12/14 17:40:06 | 001,348,664 | ---- | M] () -- C:\Program Files\ymb_setup_mini_uk.exe
    [2010/07/02 09:58:30 | 046,899,712 | ---- | M] () -- C:\Program Files\zaSetup_92_057_000_en.exe

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

    < End of report >


    OTL Extras logfile created on: 29/05/2011 13:52:14 - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\DAVID & IRENE\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    510.48 Mb Total Physical Memory | 160.25 Mb Available Physical Memory | 31.39% Memory free
    1.22 Gb Paging File | 0.78 Gb Available in Paging File | 63.88% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 183.71 Gb Total Space | 154.27 Gb Free Space | 83.97% Space Free | Partition Type: NTFS

    Computer Name: YOUR-0VKGCMIGMI | User Name: DAVID & IRENE | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNetisabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNetisabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\IncrediMail\bin\IMApp.exe" = C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail
    "C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
    "C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail
    "C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe" = C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer
    "C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
    "C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
    "C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
    "C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
    "{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
    "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 3.0
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
    "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
    "{67D8F537-7929-11D6-9D72-0008C7223F91}" = V92 PCI Voice Faxmodem
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
    "{A048E41D-CEBE-4B38-9168-193D681337AE}" = ArcSoft PhotoStudio 5
    "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A15ED800-19FF-11D5-AF7F-0050BA1191E9}" = InterVideo FilterSDK
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
    "{B136E4A4-7660-4F15-9752-EF8E6BA7866D}" = Family Tree Maker 2005
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
    "{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8
    "{C08C47C2-E9EF-4357-B8FD-AD90FD2EF791}" = Family History Resource File Viewer 4.0
    "{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
    "{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
    "{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
    "{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Ashampoo Burning Studio 5" = Ashampoo Burning Studio 5
    "avast" = avast! Free Antivirus
    "AVerTV DVB-T" = AVerTV DVB-T
    "CCleaner" = CCleaner
    "Defraggler" = Defraggler
    "DivX Codec" = DivX Codec
    "Easy-Hide-IP_is1" = Easy-Hide-IP 3.7.6
    "Foxit Reader" = Foxit Reader
    "Gadwin PrintScreen" = Gadwin PrintScreen
    "HijackThis" = HijackThis 1.99.1
    "ie8" = Windows Internet Explorer 8
    "IrfanView" = IrfanView (remove only)
    "Legacy 6.0" = Legacy 6.0
    "Lexmark X1100 Series" = Lexmark X1100 Series
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Natwarlal Chess_is1" = Natwarlal v0.12
    "NVIDIA Display Driver" = NVIDIA Display Driver
    "NVIDIA Drivers" = NVIDIA Drivers
    "PSN" = Post-it® Software Notes Lite
    "Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
    "SpywareBlaster_is1" = SpywareBlaster 4.4
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "ymb" = Yahoo! Mail Quick Select Tool (PhotoMail)
    "ZoneAlarm" = ZoneAlarm

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 26/05/2011 03:13:27 | Computer Name = YOUR-0VKGCMIGMI | Source = ESENT | ID = 215
    Description = wlmail (1304) WindowsLiveMail0: The backup has been stopped because
    it was halted by the client or the connection with the client failed.

    Error - 26/05/2011 14:05:27 | Computer Name = YOUR-0VKGCMIGMI | Source = ESENT | ID = 488
    Description = wlcomm (2760) An attempt to create the file "C:\Documents and Settings\DAVID
    & IRENE\Local Settings\Application Data\Microsoft\Windows Live Contacts\{5880026d-4f83-4be6-9f6b-9a8189fb0619}\DBStore\contacts.pat"
    failed with system error 5 (0x00000005): "Access is denied. ". The create file
    operation will fail with error -1032 (0xfffffbf8).

    Error - 26/05/2011 14:05:27 | Computer Name = YOUR-0VKGCMIGMI | Source = ESENT | ID = 217
    Description = wlcomm (2760) Error (-1032) during backup of a database (file C:\Documents
    and Settings\DAVID & IRENE\Local Settings\Application Data\Microsoft\Windows Live
    Contacts\{5880026d-4f83-4be6-9f6b-9a8189fb0619}\DBStore\contacts.edb). The database
    will be unable to restore.

    Error - 26/05/2011 14:05:27 | Computer Name = YOUR-0VKGCMIGMI | Source = ESENT | ID = 215
    Description = wlcomm (2760) C:\Documents and Settings\DAVID & IRENE\Local Settings\Application
    Data\Microsoft\Windows Live Contacts\{5880026d-4f83-4be6-9f6b-9a8189fb0619}\: The
    backup has been stopped because it was halted by the client or the connection with
    the client failed.

    Error - 26/05/2011 14:05:48 | Computer Name = YOUR-0VKGCMIGMI | Source = ESENT | ID = 488
    Description = wlcomm (2760) An attempt to create the file "C:\Documents and Settings\DAVID
    & IRENE\Local Settings\Application Data\Microsoft\Windows Live Contacts\{0e6afb7e-9522-420f-a325-aa534c047682}\DBStore\contacts.pat"
    failed with system error 5 (0x00000005): "Access is denied. ". The create file
    operation will fail with error -1032 (0xfffffbf8).

    Error - 26/05/2011 14:05:48 | Computer Name = YOUR-0VKGCMIGMI | Source = ESENT | ID = 217
    Description = wlcomm (2760) Error (-1032) during backup of a database (file C:\Documents
    and Settings\DAVID & IRENE\Local Settings\Application Data\Microsoft\Windows Live
    Contacts\{0e6afb7e-9522-420f-a325-aa534c047682}\DBStore\contacts.edb). The database
    will be unable to restore.

    Error - 26/05/2011 14:05:48 | Computer Name = YOUR-0VKGCMIGMI | Source = ESENT | ID = 215
    Description = wlcomm (2760) C:\Documents and Settings\DAVID & IRENE\Local Settings\Application
    Data\Microsoft\Windows Live Contacts\{0e6afb7e-9522-420f-a325-aa534c047682}\: The
    backup has been stopped because it was halted by the client or the connection with
    the client failed.

    Error - 27/05/2011 02:54:06 | Computer Name = YOUR-0VKGCMIGMI | Source = ESENT | ID = 488
    Description = wlmail (908) An attempt to create the file "C:\Documents and Settings\DAVID
    & IRENE\Local Settings\Application Data\Microsoft\Windows Live Mail\Calendars\davidsmyth8@msn.com\DBStore\WLCalendarStore.pat"
    failed with system error 5 (0x00000005): "Access is denied. ". The create file
    operation will fail with error -1032 (0xfffffbf8).

    Error - 27/05/2011 02:54:06 | Computer Name = YOUR-0VKGCMIGMI | Source = ESENT | ID = 217
    Description = wlmail (908) Error (-1032) during backup of a database (file C:\Documents
    and Settings\DAVID & IRENE\Local Settings\Application Data\Microsoft\Windows Live
    Mail\Calendars\davidsmyth8@msn.com\DBStore\WLCalendarStore.edb). The database will
    be unable to restore.

    Error - 27/05/2011 02:54:06 | Computer Name = YOUR-0VKGCMIGMI | Source = ESENT | ID = 215
    Description = wlmail (908) C:\Documents and Settings\DAVID & IRENE\Local Settings\Application
    Data\Microsoft\Windows Live Mail\Calendars\davidsmyth8@msn.com\: The backup has
    been stopped because it was halted by the client or the connection with the client
    failed.

    [ System Events ]
    Error - 27/05/2011 15:34:22 | Computer Name = YOUR-0VKGCMIGMI | Source = Service Control Manager | ID = 7001
    Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
    Environment service which failed to start because of the following error: %%31

    Error - 27/05/2011 15:34:22 | Computer Name = YOUR-0VKGCMIGMI | Source = Service Control Manager | ID = 7001
    Description = The TrueVector Internet Monitor service depends on the vsdatant service
    which failed to start because of the following error: %%31

    Error - 27/05/2011 15:34:22 | Computer Name = YOUR-0VKGCMIGMI | Source = Service Control Manager | ID = 7001
    Description = The IPSEC Services service depends on the IPSEC driver service which
    failed to start because of the following error: %%31

    Error - 27/05/2011 15:34:22 | Computer Name = YOUR-0VKGCMIGMI | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss
    Tcpip
    vsdatant

    Error - 27/05/2011 15:34:31 | Computer Name = YOUR-0VKGCMIGMI | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

    Error - 27/05/2011 15:35:44 | Computer Name = YOUR-0VKGCMIGMI | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

    Error - 27/05/2011 15:35:45 | Computer Name = YOUR-0VKGCMIGMI | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 28/05/2011 03:18:23 | Computer Name = YOUR-0VKGCMIGMI | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.2 for the Network Card with network
    address 0040CA869550 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 28/05/2011 08:20:08 | Computer Name = YOUR-0VKGCMIGMI | Source = Service Control Manager | ID = 7034
    Description = The NVIDIA Display Driver Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 29/05/2011 01:51:54 | Computer Name = YOUR-0VKGCMIGMI | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.2 for the Network Card with network
    address 0040CA869550 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).


    < End of report >